top of page
  • Writer's pictureChaz Vossburg

Using Cloud App Security to Detect and Protect

Moving resources to the cloud increases flexibility for employees and IT alike.  Users can increase mobility and productivity in an increasingly decentralized and perimeter-less environment while not sacrificing access to traditional on-premise services.  However, this also introduces new challenges and complexities for keeping your organization secure.


Every minute of every day, companies around the world are subject to brute force attacks, email hacks, and are compromised by seemingly never-ending phishing and social engineering attempts.  To get the full benefit of cloud apps and services while protecting critical data, administrators must work diligently to find the right balance of supporting access, fostering productivity and maintaining control and protections.  In the event of an attack, they need to continue to maintain balance, while figuring out how the breach was made, what the hacker did, and what data was compromised or stolen.  Checking Office 365 audit logs is a time-consuming and costly process, particularly when you don’t know where to look or how to remediate the incident, making it insufficient for a productive, modern environment.

Microsoft Cloud App Security is a Cloud Access Security Broker.  It provides rich visibility into suspicious activity within your Office 365 platform, to detect and investigate, and act against security issues that arise either manually or by automation.  Available with an E5 subscription or as an add-on, Cloud App Security is one of the most useful and advanced protection tools available for administrators.

Cloud App Security can perform the following functions:

  1. Discover and control the use of shadow IT – Identify unauthorized cloud applications and services and investigate usage patterns to assess risk levels

  2. Protect sensitive information anywhere in the cloud – Understand, classify, and protect the exposure of sensitive information at rest

  3. Protect against cyberthreats and anomalies – Unusual activities across cloud applications can be identified to monitor for ransomware, compromised users or rogue apps, and remediate automatically to limit risk

  4. Assess the compliance of your cloud apps – Allows you to prevent data leaks to non-compliant apps and limit access to regulated data

Image courtesy of Microsoft https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security

To enable the alerts and monitoring capabilities, log onto the Office 365 Security and Compliance portal or the Microsoft Cloud App Security website. Browse to “Alerts” and click on “Manage advanced alerts” to review the options you have and what Cloud App Security monitors.  For even more granular control, policies can be configured for the entire organization or certain users or groups.

Once Cloud App Security and monitoring of Office 365 and Azure are enabled, detecting and investigating events becomes much easier with alerts including:

  1. Unusual file download by user

  2. Multiple failed login attempts

  3. Malware detection

  4. Leaked credentials

  5. Unusual file deletion activity

  6. Activity from anonymous IP addresses

  7. Ransomware signatures and activity

  8. Risky sign-in

  9. Impossible travel

For example, “Impossible travel” reviews your setup and triggers alerts when activities are detected from a user in different locations within a time period that is shorter than the expected travel time between the two locations. Detecting this anomalous behavior necessitates an initial learning period of seven days, during which the app learns a new user’s activity pattern.

Obviously, the ability to detect unusual behavior and actions are of paramount importance to an organization trying to protect themselves, as is detecting issues and mitigating before they become major problems that can grind operations to a halt.

Microsoft Cloud Apps natively integrates with Microsoft solutions, providing simple deployment, centralized management, and automation capabilities.  In the ever-evolving IT world, organizations need these modern tools to proactively defend their users and data.

To see how to enable and customize Cloud App Security, watch our video below.  Click here to contact us to learn more about Cloud App Security from one of our security experts and request a comprehensive security audit.

Comments


Recent Posts
Categories
bottom of page