Office 365, one of largest SaaS platforms used by organizations, is constantly on the radar of malicious hackers. Companies store volumes of mission critical and sensitive data on the platform, which they assume is protected and secure.
A recent report found that 25% of phishing attacks are able to circumvent Microsoft 365 security. The more common ways that hackers may gain access to Office 365 (Share Point, One Drive, Exchange, Teams, Skype etc.) environments are through phishing, stealing credentials from users, installing malware, auto-forwarding phishing emails to others, and leaking sensitive data.
Some specific examples of Office 365 related phishing that our clients have seen include:
How to Defend against These Office 365 Attacks?
Security analysts must make sure that all settings are configured correctly and must proactively review Office 365 login history to conduct proactive detection as well as rely on employees to report a suspected account compromise or phishing email.
A few typical detections could be
DTonomy Guided Investigation and Response
Not every alert is a true positive, therefore, careful investigation is needed. Take phishing as an example:
Investigation
You may want to conduct further investigation to:
Decision
Based on the information, you will need to make decisions as to how to proceed:
Response On false positives,
Response On true positives,
The unique part of DTonomy is that we take your system setting and knowledge into consideration to make personalized recommendations for your environment. Automation can then be achieved through built in playbooks. Typically, these tools below are utilized in addition to DTonomy:
Based on recommendation, the automated playbook for this scenario could be like:
Only DTonomy uniquely learns a wide variety of security response workflows and recommends the best suitable decision and actions to guide you in your response and automates them to help you further secure your data on Office 365.
Want to learn more about DTonomy? Schedule a demo
We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!