B2B Tech Blog
Malicious Actvity Detector
Advanced Security Flows with Microsoft Office 365
Breaches That Happened
Attack took 75 days to detect.
Estimated cost: $600 million
Attackers breach accounts and start collecting information
Equifax is informed of breached account by a Breached User
Exploit is remediated
CITY OF ATLANTA
Attack took 20 days before malware was launched
Estimated cost: over $17 million
Iranian SamSam group uses brute force technique to breach account.
Ransomware (malware) is propagated to many servers silently encrypting HDDs.
Ransomware screen launched.
Exploit is “mostly” remediated
MAD365 is a defense-in-depth strategy designed by Microsoft that utilizes AADP, O365 ATP, CAS, Power BI, and Azure Automation. Get proactive by letting Microsoft tools automatically hunt for compromised accounts instead of relying on compromised users to alert you or attackers to make a mistake. Phish Hunter is a cutting-edge approach that correlates both user sign-in and user behavior to discover compromised accounts that otherwise might remain hidden. Use these cloud-powered real-time attack forensics to increase protection from sophisticated and targeted phishing attacks.
Azure Active Directory P1 conditional access policies and MFA block attackers from signing in to Office 365.
Microsoft Cloud App Security provides forensic behavioral data and multiple pivots for attack investigation, maintains known attack signature policies, and tracks indications of compromise for discovering unknown attacks.
Office 365 Advanced Threat Protection protects users from phishing URLs at time-of-click and allows revocation/blocking of the attack URLs.
MAD365 dramatically reduces response times by enforcing account protection, account remediation, and modification
of access policies automatically or via workflow/delegation based on the threat assessment.
An effective defense-in-depth strategy involves multiple layers of protection based on email content, user identity, user behavior, and threat insights.
Exchange Online Protection
Block Known Bad Mail
Office 365 Advanced Threat Protection
Protect Unknown Bad Mail
Block Risky Sign In
Azure Identity Protection
Detect Risky Sign In
Microsoft Cloud App Security
Remediate Known Attack
Microsoft Cloud App Security
Challenge Unknown Attack
Correlate Attack Vectors
Trusted User Phishing Attack
A Trusted User Phishing Attack (a.k.a. TU Phish) is an attack initiated by a compromised account from inside of the organization or from another trusted organization. This type of attack is different from spoofing and is particularly difficult to detect and defeat with traditional and even advanced threat protection when it emerges as a highly targeted attack. The best protection is provided by a defense-in-depth strategy that includes policies for known attack signatures and correlates multiple indications of compromise to discover new attack signatures. Risk-based automated remediation also helps to stop attacks that are in progress while minimizing false positives.
- Bad actor sends email
- Recipient clicks the link and compromises her credentials
- Office 365 CAS detects the Known Attack Signature based on the attacker’s behaviors
- Flow begins a Threat Assessment and Automatic Remediation based on Risk
- Power BI and Threat Intelligence can provide additional profile analysis to find the source of the attack
- Once the source has been determined the admin can block the common attack vector (URL or IP
- Additional Phishing attempts are then blocked prior to the user being compromised
Add local insights to cloud intelligence and enforcement
Automatically prevent and remediate
Receive actionable threat intelligence
Identify attack profile
Deploy policy signature and protection