You asked. We delivered. You can now view Microsoft 365 detections and investigate threats directly in the Reveal(x) 360 console.
Security tool sprawl introduces friction into your investigations, slows down your threat response time, and wears out your analysts. By bringing Microsoft 365 security events into Reveal(x) 360, you can reduce this friction and help your security team detect advanced threats faster so you can respond quickly and effectively.
This integration enables your security team to detect and respond to Microsoft 365 risky user activities and advanced threats across your hybrid enterprise with:
- One-click investigation workflows
- 90 days of transaction records
- Rich network context and comprehensive visibility in a single, streamlined interface
Risks and Challenges in SaaS Security Monitoring
Using SaaS offerings such as Microsoft 365 to conduct important business carries risk. User identities can be compromised through phishing, brute force, or simple abuse by malicious insiders. Once an identity or set of credentials is compromised, any data they have access to is at risk and the identity can be used as part of a social engineering or spear-phishing attack to access more privileged credentials. Early detection of identity compromise can prevent a small-scale compromise from becoming a large-scale data breach.
Monitoring the security of SaaS services is more challenging than monitoring self-hosted applications and services. SaaS services, including Microsoft 365, are hosted and operated on infrastructure that an enterprise security team cannot access or monitor. Teams are often forced to use default security tools with unfamiliar interfaces to monitor this one small slice of their environment. On top of that, you can't count on a SaaS service provider to secure your environment. The shared responsibility model indicates that your service provider is responsible for securing the infrastructure and software of the SaaS service, but how you use that software and what your users do with it is your own responsibility to monitor and secure.
Finally, in a dynamic, hybrid enterprise environment, detecting threats within an individual SaaS solution such as Microsoft 365 is only part of the picture. Successful security operations teams need to correlate risky behaviors across all of the applications and assets in their environment. It is challenging and frustrating to visit multiple consoles or user interfaces to analyze threats, then manually correlate detections and evidence to cobble together a view of an advanced adversary's behavior.
Simplicity and Visibility: Using Reveal(x) 360 to Monitor Microsoft 365
With Microsoft 365 integration, Reveal(x) 360 adds the ability to view Microsoft 365 detections in context with other network insights and forensic details. This helps accelerate and simplify the investigation of known threats and increase the chances of detecting new, subtle threat behaviors and more attacker techniques from the MITRE ATT&CK framework. Detections and contextual data available to analysts includes:
- Risky user behaviors identified by Microsoft Azure machine learning
- Indications of compromised or leaked credentials discovered by Azure AD Identity Protection
- Password spraying attacks
- Risky logins sorted by service, user agent, or user
- Many other potential threat signals extracted from network traffic by ExtraHop machine learning
Beyond Microsoft 365: Monitor and Decrypt Microsoft Protocols For Greater Security
Additionally, Reveal(x) 360 already monitors Active Directory traffic to detect privilege escalation attacks and catch adversaries abusing legitimate credentials. Reveal(x) 360 is the only NDR solution that can decrypt authentication protocols such as Kerberos, as well as other Microsoft protocols, such as SMBv3, where attackers attempt to hide the signals of their malicious behavior. By leveraging NDR against Microsoft 365 and common enterprise Microsoft protocols, security analysts gain more comprehensive visibility into threat behaviors in their environment.