Microsoft Advanced Threat Analytics and Cloud App Security detect attacks before they can cause damage
In today’s workplace, a company’s data can be accessed across location via a range of devices. While clearly enhancing potential for productivity, this enhanced accessibility can, however, also have a downside in that It can leave a business’s networks exposed to possible malicious attack.
Figures for such attacks may be surprising:
- More than 60 percent of network intrusions originate from compromised user credentials
- On average, attackers remain in a network undetected for more than 140 days
- The average cost of a data breach to a business is $3.5 million
- Cybercrime costs the global economy an estimated $500 billion
Businesses need to be able to identify threats and act swiftly to protect against financial loss and damage to reputation.
Microsoft Advanced Threat Analytics and Cloud App Security, part of the Enterprise Mobility + Security (EM+S) suite, provides a means through which to identify attackers within an organisation.
Advanced Threat Analytics (ATA)
Microsoft Advanced Threat Analytics (ATA) enables a business to interpret network activities through identification of suspicious user and device activity via built-in intelligence and through provision of clear and pertinent threat information on a simple attack timeline.
Using deep packet inspection technology, ATA analyses all Active Directory traffic, to compile incidents of relevant events from SIEM and other sources. ATA then automatically starts learning and profiling behaviour, looking for anomalies that raise a red flag.
Set-up is simple, without requirement for creation of rules, baselines or thresholds. Once suspicious activity is detected, an attack timeline discloses exactly what happened, when.
Cloud App Security
The number of businesses recognising the cost and productivity benefits of moving to the cloud continues to grow.
But, the use of unapproved applications – ‘shadow IT’ – is commonplace. CIOs vastly underestimate extent of shadow ITreports the findings of a 2015 study and claims that a typical firm has 15 to 22 more cloud applications running in the workplace than authorised by the IT department. A further source puts an estimated 80 percent of employees using non-approved SaaS apps in their jobs (see the graphic below).
As a result, a business’s data could be at risk, with employees sharing files and putting sensitive company data outside company control.
Microsoft Cloud App Security is designed to help an organisation extend the visibility and auditing of and control over on-premise applications to cloud applications.
Cloud App Security address the issue through the identification of a potential 13,000 cloud applications that could be running on a network, delivering risk scoring and ongoing assessment and analytics. In a simple process, requiring no agents as information is collected directly from firewalls and proxies, a business can see cloud and application use on its network.
With special focus on sanctioned apps, granular controls and policies for data sharing and data loss prevention (DLP) can be defined, to ensure employees are unable to send sensitive or critical information outside their corporate network.
Cloud App Security also integrates with Office and provides new advanced security management and transparency capabilities for Office 365.
“Enterprise mobility and the use of cloud apps have become ingrained in our working lives, and are key to employee productivity,” says Michael Frisby, Vuzion managing director. “However, this has left organisations at risk from new types of malicious attacks. Microsoft Advanced Threat Analytics and Cloud App Security lets organisations get ahead of the threat and secure their environment – whether on-premise or in the cloud.”