Office/Microsoft 365 is one of the most attacked platforms in the world because of its massive popularity. Unfortunately, many people assume that their tenant is secure by default, right up until they are compromised.
J2 Software’s advanced security monitoring service provides a centrally monitored security service dedicated to the security of your 365 tenant.
There has been a significant increase in Microsoft 365 Business Email Compromise (BEC) in recent months. During the last year there were reports that the average number of BEC attacks rose by 15% per week. This attack method leads to change of bank details fraud, credential theft and payment fraud. Financially focused attacks increased by 155%, making it the most pervasive type of BEC tactic.
Your 365 tenant also exposes a successful attacker to various parts of the extended infrastructure, even more than usual due to the growing numbers of services being moved to the cloud.
The monthly J2 Software Advanced 365 Monitoring Service goes beyond the standard service and works to identify problems as they begin, not when you are front page news.
The service monitors activity in your 365 tenant to identify dangerous and malicious activity in order to respond to any attacks.
Monitoring Office 365 logs offers a variety of benefits for organisations by helping improve security maturity, provides enhanced detection capabilities and can aid compliance to policies and legislation.
By monitoring and analysing Office 365 security logs in a structured way, your organisation can achieve greater security maturity and fulfil certain important critical security controls, such as:
Controlled Use of Administrative Privileges
Maintenance, Monitoring and Analysis of Audit Logs
Data Protection
This is a monthly service that provides immediate alerts on the key attack points. Providing increased visibility and the capability to respond. This includes, but is not limited to, the key methods of attack:
M365 or Exchange API access - Detailed examination of usage of Microsoft management API to identify abuse or attack.
Granular Admin Audit - Detailed examination of admin privilege usage which includes sending mail as other users and delegation of rights.
Granular User History - Detailed Examination of authorisation details by geographic location, and by application and browser agent type.
User Email Forwarding - Detailed examination of forwarders.
User Hidden Rule Analysis - Detailed examination of hidden inbox rules.
User Inbox Rule Analysis - Detailed examination of inbox rules.
Delegation Status - Detailed examination of delegation changes where a user might have control of another mailbox.
Transport Rules - Detailed examination of high level transport rules which may allow blind carbon copy or redirects at a high level.
Auto-Reply - Detailed examination of auto-reply abuse or misconfiguration.
E-discovery Abuse - Detailed examination of eDiscovery usage or abuse.
