Vectra AI, a pioneer in threat detection and response released its 2021 Q2 Spotlight Report, Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365. This new research details the top 10 threat detections that customers receive by relative frequency when Vectra detects abnormal behaviour in a customer environment, which are then used by customers to help ratify attacks in cloud environments.
Highlights include:
- The Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behaviour that is abnormal or unsafe across their environments.
- Regardless of company size, Office 365 Risky Exchange Operation detection was at or near the top of the list of detections seen by Vectra customers.
- Common actions by actors in the Azure AD environment during a recent supply chain attack would map back to Vectra-defined detections and alert the security team about the threat.
Artificial intelligence
Security teams must be armed with full visibility to detect potentially dangerous activity across applications"
“Deploying meaningful artificial intelligence (AI) as a core pillar when extracting informative data from your network, both on-premise and off, is critical in obtaining an advantage against malicious adversaries,” said Matt Pieklik, Senior Consulting Analyst at Vectra.
“Security teams must be armed with full visibility to detect potentially dangerous activity across applications, in real-time, from the endpoint to the network and cloud.”
Bypassing security controls
As a pioneer in the productivity space with over 250 million active users, Microsoft Office 365 has also piqued the interest of looming cybercriminals due to the platform’s large audience.
In fact, during a recent global survey of 1,112 security professionals, Vectra uncovered how criminals are regularly bypassing security controls including multi-factor authentication (MFA), proving that determined attackers are still able to gain access.
Detecting cyberattacker behaviours
Solving for the challenges organisations continue to see from cybercriminals involves understanding the behaviours adversaries are motivated to take. This means having the ability to collect and aggregate the data that uncovers these behaviours in a way that can be operationalised by security staff.
Vectra has answered this industry need through the creation of Cognito Detect for Office 365 and Azure AD™, which automatically detects and responds to hidden cyberattacker behaviours, accelerates incident investigations, and enables proactive threat hunting. The application offers visibility into Power Automate, Teams, eDiscovery, Compliance Search, Azure AD backend, Exchange, SharePoint, third-party Software-as-a-service (SaaS) providers, and more.