Get Complete Security Visibility of Your Microsoft Office 365 Suite
Microsoft Office 365 is the most widely used cloud application suite today, and for many organizations, it marks an entry point into public cloud computing. Yet, security challenges mount as your users migrate business-critical data and operations to Office 365 cloud apps, including SharePoint Online, OneDrive for Business, and Exchange Online. Security concerns include data loss or leakage, data privacy, unauthorized access, and more.
You need insight into the activities of your admins and users in Office 365 and the assurance that the proper controls are in place to keep your data and your organization secure and in compliance.
AlienVault® USM Anywhere™ delivers the Office 365 security and compliance monitoring you need to protect your users and your data hosted in the Office 365 environment.
The built-in AlienApp for Office 365 in USM Anywhere collects your Office 365 events and gives you visual reporting dashboards and user-centric views that make Office 365 security monitoring fast and simple. USM Anywhere correlates your Office 365 events with the latest threat intelligence from the AlienVault Labs Security Research Team as well as with other security-related events happening in your cloud and on-premises environments. This gives you the complete context you need to accurately and fully detect threats, even if you have limited time and resources to do so.
USM Anywhere combines multiple essential security capabilities in one unified platform, so you can achieve a unified view of your assets, vulnerabilities, and threats—all on one affordable and easy to use solution. Plus, its ecosystem of AlienApps extend your security orchestration capabilities to connected third-party security and cloud technologies, like Cisco Umbrella and Office 365. In doing so, USM Anywhere can serve as the central hub for all your security and compliance efforts.
USM Anywhere delivers advanced threat detection and incident response capabilities to help you meet your Office 365 security and compliance needs.
Audit Azure Active Directory
- Be alerted to admin actions such as account creation or deletion, escalation of privilege, and changes to password or policies
- Track user login activities to Office 365 and applications that use Azure AD for single sign on
- Identify suspicious login attempts by location
- Detect brute force login attempts to Office 365
Monitor Exchange Online Security
- Audit administrator actions, including mailbox creation and deletion
- Know when users access mailbox folders, purge deleted items, access other mailbox accounts, and more
- Be alerted to changes to Exchange policies that could let in spam and malware
Protect Your Data in OneDrive for Business & SharePoint Online
- Monitor the integrity of your data; know when users download, edit, delete, or restore files
- Identify ransomware in your SharePoint and OneDrive for Business services
- Be alerted when files or SharePoint sites are shared with entities outside the organization or known malicious hosts
Unified Security Essentials for Complete Office 365 Security and Compliance
- Achieve a unified view of all your assets, vulnerabilities, and threats on one affordable, easy-to-use platform
- Centralize security monitoring for all your critical IT infrastructure, in the cloud and on-premises
- Receive continuous threat intelligence updates from the AlienVault Labs Security Research Team
Audit Activities on Azure Active Directory
Did your CFO just log in to Outlook 365 from China at 4:00AM? Did your entire dev team just repeatedly type in wrong passwords at the same time?
When anomalous or suspicious user login activities occur in your Office 365 applications, you need to know immediately, so you can investigate and stop a potential data breach in its tracks.
Azure Active Directory gives you a centralized way to manage your users’ account credentials and access to Office 365 applications from the cloud. You can also use Azure AD for single sign-on (SSO) to thousands of cloud apps, including DropBox and Salesforce.com.
With Azure AD at the center of all your identity and access management activities, you need full visibility of all admin and user activities: user creation, deletion, login attempts, passwords changes, admin delegation, and more.
USM Anywhere delivers deep visibility into activities within Azure AD by tracking and analyzing all Azure AD events.
USM Anywhere includes a pre-built dashboard for Azure AD that shows real-time Azure AD activity trends, from where users are logging in, and login failure reasons. This contextualized data helps you to quickly detect threats such as brute force login attempts, compromised accounts, and more. You can also drill down and pivot on any data point, making incident investigation fast and simple.
Protect Users & Data in Exchange Online
91% of all cyberattacks start with a phishing email 1. In the age of socially engineered attacks, with organizations sending all types of data through email, protecting your data and the integrity of Office 365 users’ mailboxes is more challenging than ever.
USM Anywhere provides Exchange Online security monitoring with out-of-the-box correlation rules that alert you to changes in Exchange policies, such as content, malware, filtering, and DLP policies that could expose your organization to security risks. With USM Anywhere, you can audit admin actions, like mailbox management and changes to roles or groups, helping you to meet your Office 365 security and compliance goals.
It’s not uncommon for Office 365 users to delegate access to their mailboxes, such as an executive assistant having access to the CEO’s Exchange account, or a manager on vacation delegating email messages to another employee.
However, if a sensitive email message gets leaked to an unintended recipient (say the media or a competitor), it’s important to have forensics records of who accessed or sent what email messages and when. With its built-in Elasticsearch capabilities, USM Anywhere makes such forensics investigations fast and efficient.
Keep Your Data Secure with SharePoint & OneDrive for Business Security
Data security and integrity in the cloud is the biggest cloud security concern for IT security professionals today. And, it’s easy to understand why.
As your users migrate and share business-critical data in SharePoint Online and OneDrive for Business, you need to know who has access to it, who is making changes to it, and who is sharing it outside the organization. However, this activity generates a lot of events, in fact, too many for you to track manually.
USM Anywhere automates file integrity monitoring for Office 365. It monitors and analyzes file actions that occur in SharePoint Online and OneDrive for Business so that you can identify anomalous or suspicious activities on your critical files.
To help you monitor for data leakage risks, USM Anywhere alerts you when your Office 365 users enable external sharing permissions in SharePoint and OneDrive for Business. What’s more, USM Anywhere detects if your users are communicating or sharing files with known malicious hosts, so you can act swiftly to disrupt a potential attack.
USM Anywhere also works to detect ransomware in your SharePoint Online and OneDrive for Business services. The sooner you know your files are under attack, the faster you can act to isolate those environments and mitigate further damage.
Discover the Benefits of Unified Security Management for Office 365
USM Anywhere is the only solution that delivers unified essential security capabilities to give you actionable security visibility into your Office 365 environment. It delivers onto a single solution:
- Asset Discovery and Inventory
- Vulnerability Assessment
- Intrusion Detection
- Behavioral Monitoring
- SIEM Event Correlation
- Log Management & long-term storage
With USM Anywhere, you get complete, continuous visibility of your Office 365 security and compliance posture. And, with integrated and continuously updated threat intelligence from the AlienVault Labs Security Research Team, you can be assured that you’re protected as the threat landscape evolves.
USM Anywhere centralizes security monitoring for all your IT environments: public cloud, private cloud, and on-premises physical or virtual infrastructure. So, you can have continuous security monitoring as you migrate services and workloads across environments through one affordable solution.
Because USM Anywhere is delivered as a SaaS solution, you can deploy rapidly and get security insight within minutes, save significant costs on hardware, and readily scale as your infrastructure expands. It delivers high reliability and performance without the overhead of maintenance.