Managed Detection and Response for Microsoft 365
Business Email Compromises (BEC) attacks are not going away. Threat actors are taking advantage of the wider attack surface the cloud offers and becoming cleverer at bypassing standard cloud security practices. Many Microsoft 365-reliant businesses are now adopting Managed Detection and Response (MDR) to protect all users, applications, and environments. In this blog post, we’ll breakdown some of the key features and types of threats detected.
What is MDR for Microsoft 365?
MDR is a security software solution that is backed by real people, a Security Operations Center (SOC) team that is solely dedicated to protecting a businesses’ Microsoft 365 environment. It integrates seamlessly with businesses’ Microsoft cloud environment to collect and analyze user, tenant and application data to more precisely review anything deemed suspicious and remediate threats quickly.
Key Features
- Microsoft 365 monitoring and detection, powered by a 24/7 Security Operations Center (SOC)
- Instant lockdown capabilities
- Location awareness
- Endpoint correlation
- Accurate analysis: Reduces false-positive security alerts
- Identifies user behaviors, highlighting high risk users
- Reporting: Summary of incident and remediation steps outlined
Types of Threats Detected
- Suspicious login identification
- Suspicious mail forward configuration
- Privilege escalation: A technique used by hackers to gain unauthorized access of elevated rights, permissions, entitlement or privileges beyond what is assigned for an identity, account or user
- Account isolation
- Rule removal