Office 365 Security Monitoring with USM Anywhere

April 18, 2017  |  Ryan Leatherbury

For many organizations, the journey to the cloud begins with Office 365. Yet, as organizations migrate business-critical data and operations to Office 365 cloud applications, security concerns arise around data integrity and privacy, user access, and more.

To help our customers address their Office 365 security monitoring concerns, we recently launched an AlienApp for Office 365 that enables threat detection and incident investigation directly from USM Anywhere. It allows you to monitor and analyze user and admin activities in the Microsoft Office 365 suite of cloud applications, including Exchange Online, SharePoint, OneDrive for Business, and Azure Active Directory (AD).

With the AlienApp for Office 365, USM Anywhere users can track user activities, monitor changes to files and policies, and be alerted to suspicious or anomalous activities within Office 365. The app further extends the security orchestration capabilities of USM Anywhere, helping small to mid-sized security teams to monitor their Office 365 environments alongside the rest of their critical infrastructure: physical or virtual on-premises, AWS or Azure clouds, or any hybrid of.

Let’s take a closer look at some key features of the AlienApp for Office 365.

Anomaly Detection with Office 365 Dashboards

Do you know where your Office 365 users are? With USM Anywhere, you can readily answer that question and more using pre-built dashboards that show trends and summaries of OneDrive, SharePoint, and Azure Active Directory (AD) activities. For example, the Azure AD dashboard summarizes login attempts and failures based on user, country, and source IP address. You can drill down on any data point to investigate further, faster.

AlienApp for Office 365 Security and Compliance Monitoring

Alarms & Pre-Built Correlation Rules for Office 365

With out-of-the-box correlation rules written specifically for Office 365, USM Anywhere generates alarms by keying off the events collected by the AlienApp for Office 365. Alarms notify you of suspicious activity, such as when a user or admin:

  • Enables data sharing with entities outside of the organization, possibly resulting in a breach of confidential data
  • Restores files in OneDrive for Business, indicating a possible attempt to retrieve historical data
  • Changes the Microsoft Exchange content policy that could enable spammers to send phishing emails
  • Updates to password policies that could leave user accounts vulnerable to basic password attacks

These are just a few examples of the out-of-the-box correlation rules we include with the AlienApp for Office 365, not to mention the ability to create custom orchestration rules and alerts based on your unique environment and security monitoring needs.

Advanced Search & Analytics Capabilities that Accelerate Threat Investigation

The AlienApp for Office 365 shows you a wealth of events from your Office 365 environment, and uses Elasticsearch capabilities to make searching, filtering, and analysis fast and efficient. As you explore the Activity Events page or drill down from a dashboard or an alarm, you’ll notice that you can quickly filter and identify activities related to specific users, helping you to detect insider threats sooner. The Event view allows you to filter by app, (SharePoint, Exchange, Azure AD) and many other criteria.

Events related to SharePoint and OneDrive for Business include file access, changes, uploads, and downloads. You can also view inbox and distribution list modifications in Exchange Online. Audit events from the Office 365 Security and Compliance Center provide additional visibility into user login and searches. Azure Active Directory events include user logins, password changes and user updates.

Events related to SharePoint and OneDrive for Business include file access, changes, uploads, and downloads

Summary

USM Anywhere’s AlienApp for Office 365 provides you with several key benefits including:

  • Deepens security visibility of Office 365 – the top cloud application suite

  • Enables faster, more efficient Office 365 threat detection and investigation
  • Out-of-the-box correlation rules and dashboards so you can start monitoring your Office 365 environment on Day One.
  • Unified view of your Office 365 vulnerabilities, threats, and users in a single, affordable solution.

Start your Free 14-Day Trial of USM Anywhere today to Discover All the Office 365 Security Monitoring Capabilities!

Share this with others

Get price Free trial