Almost every organisation around the world has found themselves with a sudden need to adapt to very different working practices. And while traditional IT security is used to combat computer viruses, the impact made by measures necessary to combat the global pandemic of COVID-19 has introduced many challenges and new risks that increase the need for adequate threat protection.
Many organisations have taken steps to allow their user productivity to continue; this includes enabling users to access services from personal devices, allowing sign-in to all services for all staff, removing previous restrictions on service access and enabling remote working through home routers.
The security landscape continues to change. Attacks are always evolving both in scale, nature and complexity. Attack perpetrators don’t respect moments of national or global crisis; instead, they capitalise on them.
Changing nature of the threats requires joined up response
There’s no question that threats have changed over recent years. From being single domain or hacking at the level of the individual, now threats are entering by one route, morphing and crossing into another domain.
A multi-domain threat can breach an organisation through phishing, which subsequently attacks an individual’s email, stealing the person’s identity and creating an auto-forward based on particular rules. Such a scenario seriously compromises the organisation, creating financial pain in addition to extended downtime.
Multi-domain threats require new approaches. In the past, security was seen to be best managed by using multiple tools for different domains. Today, such an approach is not only complicated and labour intensive, there is a strong likelihood that issues will fall through the gaps.
It’s no wonder that 54% of respondents in Core’s recent IT Professionals survey cite security as the number 1 cause of stress in their role. As our research tells us, security analysts are not getting enough sleep because they do not feel assured that their networks are protected across multiple domains, and they do not have the tools to allow them to react, manage and focus on incidents.
And now the good news…
Microsoft Threat Protection can fix these security threats before they even happen. And from 1 June 2020, Microsoft will automatically enable Microsoft Threat Protection features for eligible customers.
Microsoft Threat Protection suite protects:
- Endpoints with Microsoft Defender ATP - Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
- Email and collaboration with Office 365 ATP - Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
- Identities with Azure ATP and Azure AD Identity Protection - Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Applications with Microsoft Cloud App security - Microsoft Cloud App security is a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
The Forrester Wave: Enterprise Detection and Response, Q1 2020[1] positions Microsoft as a Leader for its endpoint detection and response capabilities, awarding its current offering the highest score among Leaders. Microsoft also achieved the highest score of all participants for the extended capabilities it provides. Furthermore, Microsoft Defender Advanced Threat Protection received the highest score possible (5/5) across six areas including endpoint telemetry, security analytics, threat hunting, and response capabilities, as well as in performance and planned enhancements.
This demonstrates that effective security is integral to the entire Microsoft offering. Operating on a zero-trust basis, Microsoft’s extended detection response doesn’t just cover the various product domains, it covers the gaps between them and provides intelligence and incident management so operators can analyse what’s important and not get lost in the noise.
Click the image to read Eamon's guest blog for UC Today to find out more about Microsoft's recent recognition as a leader in security, in the recent Forrester Wave Enterprise Detection and Response Q1 2020 survey.
How it works
Microsoft Threat Protection is a new solution from Microsoft that enables out-of-the-box, coordinated defences across the Microsoft 365 security stack for email, endpoints, identities, and apps. It orchestrates cross-product defences to detect, block, and prevent sophisticated attacks and automatically heal assets affected by these attacks.
The three areas to be switched on from 1 June are:
- Incident Dashboard to support and mange cross domain threats as incidents in one central location.
- Hunting Dashboard to help Security Centre Analysts understand the proactive threat hunting capabilities and behaviour based custom detection rules across the various threat domains
- Action Centre to review the response and auto-heal activity across the environment
Who’s eligible:
Customers with corresponding licenses for one of the following Microsoft 365 security products:
- Microsoft Defender Advanced Threat Protection
- Office 365 Advanced Threat Protection
- Microsoft Cloud App Security
- Azure Advanced Threat Protection
This also applies to customers with one of the following licenses by June 1, 2020:
- Microsoft 365 E5
- Microsoft 365 E5 Security
- Windows 10 Enterprise E5
- Enterprise Mobility + Security (EMS) E5
- Office 365 E5
- Microsoft Defender Advanced Threat Protection
- Azure Advanced Threat Protection
- Microsoft Cloud App Security
- Office 365 Advanced Threat Protection (Plan 2)
Sleep tight, with security all wrapped up:
We help you control, manage and monitor all your IT environment. We put the protection of your entire Office 365 environment first and use Microsoft 365 security solutions and our best practices approaches to secure your world against data leaks and the latest online threats.
And in a world where remote working is the new normal, IT now has the challenge of monitoring remote workers and improving the current infrastructure, as well as pressure from the business to find ways to improve staff productivity and their use of Office 365. Core can help you deploy remote work scenarios to empower employees to stay connected, while maintaining security & control.
Book a free, no obligation discovery call with me to determine which deployment steps we can help with.
[1] https://www.forrester.com/report/The+Forrester+Wave+Enterprise+Detection+And+Response+Q1+2020/-/E-RES146957
