Cobweb_Identity-driven

Identity-driven Security - Microsoft Advanced Threat Analytics and Cloud App Security

Microsoft Advanced Threat Analytics and Cloud App Security detect attacks before they can cause damage

Employees today use a number of devices across different locations to access corporate data. While undoubtedly making workers more productive, it can create a blind-spot which leaves organisations’ networks vulnerable to malicious attack.


The statistics regarding attacks on organisations are shocking:


More than 60 percent of all network intrusions stem from compromised user credentials

Attackers stay in a network before detection for more than 140 days, on average

The average cost of a data breach to a company is $3.5 million

The estimated cost of cybercrime to the global economy is $500 billion


It is vital that organisations are able to identify threats and act quickly to protect themselves from the potentially crippling financial losses and untold reputational damage that these attacks cause.


As part of its Enterprise Mobility + Security (EMS) suite of products, Microsoft now offers businesses a way to identify attackers within the organisation, with Microsoft Advanced Threat Analytics, and Cloud App Security.


Advanced Threat Analytics (ATA)


Microsoft Advanced Threat Analytics (ATA) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity with built-in intelligence and providing clear and relevant threat information on a simple attack timeline.


Using deep packet inspection technology, ATA analyses all Active Directory traffic, collecting relevant events from SIEM and other sources. It then automatically starts learning and profiling behaviour, looking for any anomalies that raise a red flag.


Set-up is simple; there’s no need to create rules, baselines or thresholds. Once suspicious activity is detected, an attack timeline lets you see exactly what happened and when.

 

Cloud App Security


More and more organisations are recognising the cost and productivity benefits of moving to cloud-based applications.


However, the use of unapproved applications in the workplace is commonplace, and goes by the label of ‘Shadow IT’. A 2015 study claims a typical firm has 15 to 22 more cloud applications running in the workplace than have been authorised by the IT department! Elsewhere, data suggests an estimated 80 percent of employees using non-approved SaaS apps in their jobs (see graphic below).


As a result, employees are unwittingly putting company data at risk and could be sharing files and putting sensitive company data outside of company control.


EMS 4 blog internal image

Source: Microsoft

Microsoft Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premise to your cloud applications.


Cloud App Security tackles the problem by identifying a potential 13,000 cloud applications that could be running on your network, providing risk scoring and ongoing assessment and analytics. It is a simple process; no agents are required as information is collected from your firewalls and proxies, enabling you to see cloud and application use on the network.


With special focus on sanctioned apps, you can set granular controls and policies for data sharing and data loss prevention (DLP), to ensure employees can’t send sensitive or critical information outside of the corporate network.


In addition, Cloud App Security integrates deeply with Office and provides new advanced security management and transparency capabilities for Office 365.


“Enterprise mobility and the use of cloud apps have become ingrained in our working lives, and are key to employee productivity,” said Michael Frisby, managing director, Cobweb. “However, this has left organisations at risk from new types of malicious attacks. Microsoft Advanced Threat Analytics and Cloud App Security lets organisations get ahead of the threat and secure their environment – whether on-premise or in the cloud.”