Working with Microsoft
24x7 detection and response for Microsoft Defender for Endpoint, Azure and Office 365
24x7 detection and response for …
When it comes to monitoring your Microsoft environment, the sky’s the limit (maybe that’s why they call it Azure). With so many tools out there it can be tough to know where to start and what to look for. We apply our detection strategy for each of Microsoft’s top services so the value from your investments is as clear as the sky is blue (okay, enough with the Azure puns).
||Examples of how we use them||Detect||Investigate|
|Defender for Endpoint||Endpoint protection, FTW|
|Active Directory||Monitors who’s accessing your environment|
|Azure Platform Logs||Provides insight into events in the Azure infrastructure||
written by Expel
|Azure Log Analytics||Adds insight into your data|
|AD Identity Protection||Flags risky sign-ons|
|Microsoft Defender for Cloud Apps (formerly MCAS)||Gives us comprehensive alerting based on activity in your Azure environment|
|Defender for Cloud (formerly Security Center)||Sends us alerts which we analyze and run to ground|
|Azure Sentinel||Azure’s cloud-native SIEM looking for things that go bump in the night|
|O365 Audit Log||Another avenue to detect suspicious activity||
written by Expel
|O365 Security and Compliance||On the lookout for user activity that matches an alert policy|
What does Expel for Microsoft include?
Expel automates security operations across your Microsoft stack by ingesting signals from Defender for Endpoint, Azure, Sentinel, Office 365 and Microsoft Defender for Cloud Apps (formerly MCAS). We apply our detection strategy to these signals to identify activity that doesn’t look right like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. We even add our own detections in the cloud (where they’re needed most) to ensure we detect suspicious activity before the damage is done.
When something’s suspicious, we investigate and tell you what happened and what you need to do about it (in plain English).
Expel recently integrated Microsoft Defender for Endpoint into our platform and we gotta say, we’re impressed! Our SOC analysts share why they love it and show us how they use it to triage alerts.
As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.
Find out how Expel’s internal teams built an integration on top of Azure signal – creating a new detection strategy for ASC that provides more context around alerts and improves customer visibility.