Vectra Researchers Identify Top 10 Threat Detections Across Microsoft Azure AD and Office 365

May 21, 2021 Off By David

Vectra AI released its 2021 Q2 Spotlight Report, Vision and Visibility: Top 10 Threat Detections for Microsoft Azure AD and Office 365. This new research details the top 10 threat detections that customers receive by relative frequency when Vectra detects abnormal behavior in a customer environment, which are then used by customers to help ratify attacks in cloud environments.

Highlights include:

  • The Top 10 Threat Detections seen across Microsoft Azure AD and Office 365 allow security teams to detect infrequent behavior that is abnormal or unsafe across their environments.
  • Regardless of company size, Office 365 Risky Exchange Operation detection was at or near the top of the list of detections seen by Vectra customers.
  • Common actions by actors in the Azure AD environment during a recent supply chain attack would map back to Vectra-defined detections and alert the security team about the threat.

“Deploying meaningful artificial intelligence (AI) as a core pillar when extracting informative data from your network, both on-premise and off, is critical in obtaining an advantage against malicious adversaries,” said Matt Pieklik, Senior Consulting Analyst at Vectra. “Security teams must be armed with full visibility to detect potentially dangerous activity across applications, in real-time, from the endpoint to the network and cloud.”

As a leader in the productivity space with over 250 million active users, Microsoft Office 365 has also piqued the interest of looming cybercriminals due to the platform’s large audience. In fact, during a recent global survey of 1,112 security professionals, Vectra uncovered how criminals are regularly bypassing security controls including multi-factor authentication (MFA), proving that determined attackers are still able to gain access. 

Solving for the challenges organizations continue to see from cybercriminals involves understanding the behaviors adversaries are motivated to take. This means having the ability to collect and aggregate the data that uncovers these behaviors in a way that can be operationalized by security staff.

Vectra has answered this industry need through the creation of Cognito Detect for Office 365 and Azure AD, which automatically detects and responds to hidden cyberattacker behaviors, accelerates incident investigations, and enables proactive threat hunting. The application offers visibility into Power Automate, Teams, eDiscovery, Compliance Search, Azure AD backend, Exchange, SharePoint, third party Software-as-a-service (SaaS) providers, and more.

To learn more about the threats facing today’s organizations, download the Vectra 2021 Q2 Spotlight Report.