05 Jul Proactive Office 365 monitoring, active alerting and response
Office 365 is the most widely used mainstream business email platform due to its affordability, ease of use, office and storage packages and built in redundancy for availability and up-time.
However, Office 365 has also become one of the primary targets for hackers, spammers and malware distribution due to its global reach into businesses.
91% of all cyber attacks originate from a phishing email and since 2016 there have been 4000 ransomware attacks per day. 80% of hacking-related breaches happened as a result of stolen and/or weak passwords. Therefore without adequate layers of security your business is at risk from a cyber threat.
Office 365 provides an array of monitoring for security related issues but lacks administrative guidance on what matters most and how best to use and respond with the right tools provided. To combat the ever prevalent and increasing cyber threats to the Office 365 platform and to protect our clients further, we needed to find a solution to actively monitor and alert to any suspicious and/or compromised Office 365 activities for transparent response and resolution.
We have invested in an Office 365 Monitoring cloud product that can bolt directly into Office 365 for visibility and cyber security prevention. We have partnered with a solution that has been developed and integrates pro-active monitoring of risk events to Office 365 and Azure Active Directory accounts. Together with integrating these risk events into our security operations centre platform and with an associated workflow for response and resolution.
The Office 365 Monitoring solution actively monitors configuration and changes within Office 365 and Azure Active Directory (AD). It also slots directly into our standard assessment technology for device monitoring and remediation, to protect your business as as whole from a cyber threat and from any Office 365 system compromise.
The Office 365 risk events we will be able to monitor, alert and respond to are:
- User with leaked credentials
- Sign-ins from suspicious IP addresses
- Sign-ins from malware-infected devices
- Impossible travel to atypical locations
- Sign-ins from unfamiliar locations
- Sign-ins from anonymous IP addresses