Personal SIEM for Microsoft Office 365

Some companies are born with O365, some achieve the migration, and others have Office 365 thrust upon them. Whichever category you’re in, the Office 365 juggernaut cannot be ignored. The breadth of functionality, ease-of-access and integrated components make it a very convenient environment for companies to rely on.

But convenience has ever been the flipside of security – whether that’s locking your front door, or deploying multi-factor authentication. As Office 365 is deployed, it brings with it a wealth of new, and existing, security challenges.  Recent research found that 44% of organizations were victims of targeted email attacks launched via a compromised account1. There have been increasing reports of the ability to bypass single sign-on or MFA to brute force methods to steal corporate Microsoft Office 365 login credentials and log into enterprise systems1.   

Companies need efficient and cost-effective methods to detect such attacks. Unfortunately, many Office 365 migrations are undertaken without sufficient upfront analysis of the security implications.  And once the migration is complete, there is relatively little willingness to invest further in something that has already cost a lot of time and money.   

The normal model of detection – using SIEM or IDS technology supported by a sophisticated security team – cannot scale to Office 365 environment. Simply delivering the relevant logs for email into a SIEM can cost more than £1 million in licence fees alone.  And the most galling point is that in 95% of breaches, it is the user who knows whether or not the anomalous behaviour is legitimate. 

The answer is the Personal SIEM. Technology which can detect unauthorised access to Office 365 in real-time, along with malicious configuration changes, and engage directly with the user to minimise time to detection and time to resolution. The Personal SIEM has three key characteristics. 

• Application awareness. By treating logs as meaningful messages which can be analysed, the system can be much more efficient than searching for patterns in logs which are treated as unstructured data.   
• User understanding. The only way to accurately identify breaches in a platform as broad as Office 365 is to analyse behaviour for every single user or library individually, and have a unique profile for every user, library or other protected resource. No other approach can yield the necessary accuracy. 
• User engagement.  In the vast majority of cases, the user knows the answer – there is no need to engage a complex and expensive communication flow through technology and the security team only to say to the user “was this you?”. By providing accurate information, in user-centric language, with absolutely straightforward response options, users can easily, and cheaply, support breach detection and resolution. 

By using the Personal SIEM approach, a company can massively expand its corporate defences, especially around Office 365, without increasing the size of the security team. 

Learn more about IDECSI offering on Office 365 or contact our cyber security experts for a live demo.

Read a new white paper exploring the three primary challenges of securing Office 365 and if users can be the solution. IDECSI can empower your users to secure your enterprise.  

1. https://info.digitalshadows.com/BECResearchReport_Reg-Homepage.html