Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion

Page created by Calvin Freeman
 
CONTINUE READING
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
www.paladion.net

OFFICE 365 SECURITY

Defend Against Next-Generation
Threats, Without a Next-
Generation Budget

 Author:
 Rohit Kumar
 EVP & HEAD CLOUD SECURITY
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
02                                          DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

Executive Summary

 Office 365 offers small and medium
 businesses (SMBs) a suite of beneficial
 tools.

 But Office 365’s benefits also make it a
 major target for cyber criminals. A
 single compromise can result in cyber
 criminals gaining access to the majority
 of an organization’s critical data.

 Knowing this, cyber criminals have
 launched many high-profile attacks in
 an attempt to compromise the Office
 365 platform.

 Office 365’s considerable power, and
 considerable security concerns, have
 created a paradox. Office 365 is
 currently utilized—in whole or in
 part—by     91.4%     of   enterprises.
 However, only 22.3% of users have been
 migrated to the platform. Security
 concerns consistently rank as the first
 or second factor holding back a fuller
 Office 365 migration.

 In this whitepaper, we will explore the
 primary security concerns holding back
 Office 365 adoption, and how SMBs can
 solve them within resource limited
 environments.
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
03                                          DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

The Primary Challenges of
O365 Security
Microsoft deploys a multi-layered
security model designed to protect Office
365 data:

  • A Physical Layer, that protects
their network’s hardware.

  • A Logical Layer, that reduces
opportunities for human error.

  • A Data Layer, that encrypts Office
365 data.

Microsoft has also created a compliant
platform that provides comprehensive                      All of our valuable information
user dashboards.                                          goes to the cloud through Office
                                                          365,       and—if      I’m    being
But there is only so much Microsoft can                   honest—our employees can be a
do. Microsoft cannot solve the following                  little too comfortable and careless
inherent problems. Office 365 users must                  when they use it. By partnering
find a way to solve them on their own.                    with Paladion’s Office 365
                                                          advanced security management,
                                                          we can take our Office 365
                                                          security out of our employee’s
                                                          hands, and into the hands of true
                                                          professionals.
                                                          - Chief Technology Officer
                                                            Financial Services Firm
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
04                                             DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

 Inherent Security Problems
 with Office 365
Office 365 is one of the most-deployed
platforms in the world. This makes it a big
target for cyber criminals. And because
Office 365 is so easy and inexpensive to
acquire, cyber criminals have an easy time
downloading a copy, diving into its inner
workings, and identifying exploits.

Office 365’s popularity also creates
problems of scale. According to Microsoft,
approximately 1.2 billion individuals utilize
Office products and services. Even with
Microsoft’s substantial resources, it is
impossible to provide fast, high-touch
service to every account, and every user. in
need at any given moment.

The level of security and support offered by
Microsoft also varies by a user’s Office 365
subscription level. Office 365 security
controls are not all available to every
subscription plan, and can vary between
different Office 365 services, and different
versions of each application.

Finally, Microsoft cannot secure their
platform against most organization’s
biggest security threat: their own
employees, including both malicious insider
threats    and      employees      making
sub-optimal security decisions.
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
05                                           DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

Inherent Compliance Problems                       Inherent Control Problems
        with Office 365                                 with Office 365

User errors also create compliance               Office 365’s administrative dashboards
problems     that    Microsoft     cannot        work effectively. But they assume a
effectively control. Users mistakenly            perfect level of deployment that few
believe that migrating their data—and            organizations can establish in today’s
working within—a compliant platform is           distributed work environment.
enough to achieve, and maintain, their
                                                 Office 365 is utilized across many
compliance. But user behavior, usage,
                                                 devices—on-premise,              mobile,
and access are also critical elements that
                                                 BYOD—and the number off access
go beyond Microsoft’s responsibilities.
                                                 points grows every year. Few
To add to the challenge, compliance              organizations have total visibility into
operates at uneven levels between                how many devices are accessing their
different Office 365 applications. Certain       Cloud, who is using those devices, and
Office 365 applications offer robust             what those devices are up to.
compliance, others have gaps, some are
                                                 Even with a proper deployment—that
not covered by compliance features at all.
                                                 provides visibility into all devices and
Ultimately, compliance is a continuous           deployments—the volume of users and
process, filled with significant ambiguity
 Is MDR Right for                                data flowing through Office 365 for even
for most users, and Microsoft does not           a mid-sized organization can overwhelm
 Your Organization?
comprehensively guide their users                most internal security teams’ ability to
through this challenge.                          monitor, control, and respond to it.
Defend Against Next-Generation Threats, Without a Next-Generation Budget - OFFICE 365 SECURITY - Paladion
06                                               DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

 The Top-Level Solution to Office 365’s Security
 Compliance, and Control Deficiencies
Microsoft cannot solve these problems. The          and process all incoming organizational
organizations who deploy Office 365 are             data, from a near-unlimited number of
responsible to resolve them. For many               devices, within a single centralized Big Data
organizations, the only way to solve these          platform.
security problems is to work with a
third-party security provider who can “fill the     Most important, effective third-party security
gaps” in the security, compliance, and              providers understand security incidents are
control capabilities that Microsoft offers.         inevitable within Office 365. They will thus
                                                    focus on detecting and responding to
The correct third-party service provider            breaches within an Office 365 deployment.
will help:
                                                    Gartner predicts the share of organizations
   • Security: They will offer a blanket            protecting their Office 365 deployments via
level of security across your entire Office         third-party security services is set to grow
365 deployment, that does not vary in               substantially. According to Gartner, in 2016
coverage      or     effectiveness     from         only 15% of Office 365 deployments utilized
application-to-application. Will include:           third-party security services to fill gaps in
dedicated,     24x7x365-ready       security        their cyber defense. By the end of this year,
personnel to respond in near-real-time to           2018, that number will rise to 40%. And by
security incidents, and monitoring of user          2020, Gartner predicts 50% of Office 365
behavior to protect against both intentional        deployments will work with managed
and unintentional user threats.                     security providers to maintain security,
                                                    compliance, and control.
  • Compliance:        They     will   work
hand-in-hand with organizations to                  Relying on third-party managed security
evaluate their current compliance levels, to        services are of particular importance to small
help them achieve and maintain compliance,          and medium businesses who cannot afford to
and to return to compliance in the event of a       “fill the gaps” in their Office 365 security via
security incident.                                  internal SOC development.

   • Control: They will utilize proprietary AI
platforms and Machine Learning to capture
07                                          DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

Finding the Right 3rd Party Security Provider
to Secure Your Office 365 Deployment

 Small and medium businesses must
 begin seek external partnerships who
 can provide:

 Managed Detection beyond traditional
 signature-based detection that includes
 advanced analytics on a repeatable,
 scheduled basis.

 Managed Response that includes
 automated response actions based on
 predefined escalation workflows to
 accelerate threat investigation and
 remediation.

 Proprietary AI Platform that analyzes
 massive volumes of threat data and to
 automate and orchestrate a near
 real-time response.

 An AI-driven Managed Detection and
 Response (MDR) service must also
 provide protection at every step of a
 threat’s lifecycle to proactively defend
 against incoming attacks. Consider how
 Paladion’s MDR service offers full
 left-of-hack-to-right-of-hack defense,
 augmented by the custom-built AI
 platform AI.saac:
08                                               DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

 Detection Phase

Threat Anticipation                                 Security Monitoring
Protects     against    emerging    threats.        Goes beyond basic compliance-mandated
Continuously monitors global feeds,                 monitoring. Gain a deeper awareness of your
identifies your likely new threats, and             business risks. Paladion’s 1,000+ global
proactively raises your defenses against            cyber security experts give you 24/7
them. You gain both Tactical and Strategic          monitoring,          real-time         alerts,
Threat Intel to learn which emerging threats        log-management,             compliance-ready
you can ignore, and which you must defend           reporting, and monitoring of all cloud
against immediately.                                infrastructures and popular platforms (Azure,
                                                    AWS, O365)
AI.saac Advantage: Mines over 100 TB of
global threat data daily. Identifies emerging       AI.saac Advantage: Constantly monitors the
global threats, correlates each threat’s impact     risk level of your assets, users, and external IPs.
against your assets, and determines your most       Reviews historical alerts via probabilistic models
likely threats.                                     to ID assets and uncover deeper links between
                                                    alerts.
Threat Hunting
Finds threats lurking in your network.
Deploys four forms of analytics to find
attacks traditional cybersecurity misses:
Endpoint Threat Analytics, User Behavior
Analytics, Network Threat Analytics,
Application Threat Analytics.

AI.saac Advantage: Analyzes terabytes of
data in seconds. Deploys 550+ AI models and
use cases. Detects threats traditional security
misses within your endpoint, user, network, and
application data.
09                                                     DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

 Response Phase

Incident Analysis                                         Response Orchestration
Fully investigates your threats and define                Orchestrates a rapid, coordinated, and
immediate incident mitigation steps.                      effective response to any incident you suffer.
Provides a birds-eye view of any unfolding                Our unified, expert response will combine
incidents, traces your alerts from validation             machine speed with human insight to
to investigation, and extends visibility                  produce a comprehensive, collaborative, and
beyond basic indicators of compromise to                  fully bespoke response plan tailored to your
quickly separate your false positives from                unique      organization     and     specific
your real incidents.                                      compromise.

AI.saac Advantage: Removes irrelevant noise               AI.saac         Advantage:  Centralizes     and
and only flags likely incidents. Scores relevant data     orchestrates incident response to reduce
to prioritize alerts, and automates attribution,          attacker dwell time from weeks to under one
attack chain creation, and patient zero                   day. Incident responders make sure attackers
identification.                                           don’t exploit the same vulnerability, and adapt
                                                          defenses so attackers cannot use the same TTP
Auto Containment                                          again.
Respond to threats rapidly with our proprietary
AI platform, AI.saac’s, agile auto threat
containment. AI.saac can autonomously execute
playbooks to contain network and endpoint
threats while raising a ticket immediately, so
Incident Responders can analyze, evict the
attacker, and keep them out.

AI.saac    Advantage:    Deploys hundreds of
playbooks to automatically contain a threat. AI.saac
continuously learns (machine learning) to add new
playbooks and effectively contain a threat in
minutes.
10                                                                  DEFEND AGAINST NEXT-GENERATION THREATS, WITHOUT A NEXT-GENERATION BUDGET

 Learn How AI-Driven MDR Can Protect
 Your Office 365 Deployment
   To learn how you can avoid suffering
   the next costly, headline-creating
   breach, contact Paladion today and
   inquire about bringing AI-driven MDR
   to your Office 365 deployment.

                                                                                       As we saw these attacks increase, we
                                                                                       realized it was just a matter of time until
                                                                                       one of these attacks caused real
                                                                                       damage.      Thankfully,     we     found
                                                                                       Paladion’s MDR for Office 365 security
                                                                                       service in time. We’ve seriously
                                                                                       upgraded our defense against email
                                                                                       attacks, at a fraction of the cost of
                                                                                       scaling up our internal defenses and
                                                                                       protecting our cloud services in-house.
                                                                                       - Chief Information Security Officer
                                                                                         Global Manufacturing Leader

ABOUT PALADION
Paladion is a global cyber defense company that provides Managed Detection and Response Services, DevOps Security, Cyber
Forensics, Incident Response, and more by tightly bundling its AI platform - AI.saac and advanced managed security services.
Paladion is consistently rated and recognized by leading independent analyst firms, and awarded by CRN, Asian Banker, Red
Herring, amongst others. For 17 years, Paladion has been actively managing cyber risk for over 700 customers from its five
AI-Driven SOCs placed across the globe.

WW Headquarters: 11480 Commerce Park Drive, Suite 210, Reston, VA 20191 USA. Ph: +1-703-956-9468
Bangalore: +91-80-42543444, Mumbai: +91-2233655151, Delhi: +91-9910301180, London: +44(0)2071487475, Dubai: +971-4-2595526,
Sharjah: +971-50-8344863, Doha: +974 33777866, Riyadh: +966(0)114725163, Muscat: +968 99383575, Kuala Lumpur: +60-3-7660-4988,
Bangkok: +66 23093650-51, Jalan Kedoya Raya: +62-8111664399.

sales@paladion.net   | www.paladion.net
You can also read