Microsoft Office 365 Incident Response
24x7 security monitoring, investigation and response
24x7 monitoring of your O365 environment
(It’s a leap year. Maybe it should be O366? 😀)
We’ll monitor your environment 24x7 and detect when accounts are compromised or user activity doesn’t seem quite right. Then, we investigate. We’ll tell you what happened, how it went down and what you need to do to fix it.
What you get
Our Microsoft O365 detection strategy uses built-in APIs to provide:
- 24x7 monitoring of your O365 instance
- Thorough analysis of suspicious activity with a detailed findings report
- Direct access to Expel security analysts and your engagement manager via Slack
What we do
24x7 O365 monitoring
We use a combination of O365-specific detections and our analysts’ judgment to flag anything that seems unusual.
Next, we’ll connect the dots from suspicious O365 alerts to find their root cause and provide a detailed findings report (in plain English!).
Fixes written for O365
Finally, we’ll give you detailed guidance on how to fix the problem … and (when possible) how you can prevent it from happening again.
What we look for
(You’ve got our Word, we Excel at this)
Business email compromises (BECs) are by far the most common O365 attacks we see. When an attacker compromises an O365 account they can use it to steal money, data or wreak havoc. But we also see lots of risky behavior that — while it may not be a “threat” — it’s probably not something you want your users doing.
How we connect to O365
( … or rather how you connect to Expel 😉 )
Expel uses an Office 365 app that guides you through the process of connecting your O365 environment to Expel. Simply log into your O365 admin account, accept the permissions requests and turn on audit logging. That’s it!
in Expel Workbench
As attackers behind BEC attacks find even more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.
If you’re feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.
Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.