With over 155 million active users of Microsoft Office 365 (O365) and over 1 billion users of Microsoft Office, O365 usage will become increasingly common as organizations migrate toward cloud-based solutions across the board. Yet few organizations using O365 are prepared to detect and respond to threats targeting their environment or their users, leaving them vulnerable to a growing number of attacks specifically designed to exploit cloud productivity suites. This problem is particularly acute with a highly distributed user base working around the clock.
LogicHub’s 24x7 MDR analysts analyze audit logs either collected directly from O365 via API, or from any SIEM/log management platform, depending on the individual organization. Using a combination of built-in machine learning and expert-defined feedback in our playbooks, analysts can establish an automated baseline of multiple vectors, like authentication and login behavior, geolocation and activity volume. Deviations like suspicious login activity from multiple sites in an unlikely timeframe or abnormal activity during non working hours can be investigated and triaged for either immediate one-click or fully automated response, or for additional investigation by the LogicHub SOC.