A key issue often underestimated: Office 365 and SaaS application security
Jérôme Derouvroy, Expert sécurité
In the contest of collaborative solutions, Microsoft Office 365 is well ahead of its competitor Google, according to the various market studies on the progress of the digital workplace in organisations. The security of collaborative solution offerings is becoming an important risk factor to consider.
Certainly, with nearly 300 million licenses and over 50 million subscribers, Office 365 is also one of the most targeted applications for cyber attacks. All of the messaging, storage, office automation and collaboration functions that it integrates are indeed a royal access route to sensitive company data and offer a wide range of possible attack opportunities to cyber attackers. We all remember the Cerber ransomware that slipped under the radar of O365's anti-malware protection and spread widely to its users.
Office 365 security, a major attack vector
Every month, 30% of companies fall victim to account takeovers and the majority of preventive securitý tools are unable to detect them. While Office 365 does offer built-in threat and data leakage protection features, these remain limited. These limitations are particularly in the detection of sophisticated malicious activity, which also targets users. In addition, although Microsoft takes responsibility for the protection of its cloud platform, the responsibility for security must be shared by the organisation given the wide range of risks that can threaten its sensitive data.
Vectra is the global leader in real-time detection and response to advanced cyber attacks. Its platform (formerly known as Cognito), a true sentinel in cyber security, complements the Secure Web Gateway, DLP, antivirus, SIEM and other CASBs (Cloud Access Security Brokers) used to ensure cloud security. In the customer's ecosystem, it in fact multiplies their capabilities. Based on AI and machine learning, it automatically detects and correlates suspicious behaviour from accounts on Azure AD and O365. It is also able to combine it with behavioural data from those same accounts on the network, speeding up teams' investigation times and providing broader coverage of the attack surface.
The Vectra quadrant: a 4-level scoring of real risk
Detect Office 365 collects, stores and enriches Azure Active Directory, SharePoint and OneDrive event logs with relevant contextual data in a single interface. The agentless solution is easily installed natively in the customer's environment, where it provides real-time detection and analysis of known and unknown threats while assigning a risk level. Its dashboard, organised into four criticality typologies (low, medium, high and critical), displays a real-time evolution of its scores. It can increase, decrease or even disappear if the incident has been resolved.
Among the analysed elements are often unusual connection events, changes in mailbox routing configuration, creation and manipulation of files, granting of new privileges to groups, installation of applications, a large volume of downloads, etc. Easily interpreted, the telemetry data collected allows security teams, often understaffed, to quickly identify real risks in the daily avalanche of false positives and then initiate ad hoc remediation actions.
The result: faster, more reliable investigations with less human error and proactive tracking of hidden threats. Not least, the detection environment uses a serverless approach to ensure that the latest patches are always available.