Microsoft Threat Trackers Monitor, Manage Office 365 Threat Investigations
Microsoft figures that staying ahead of security threats has never been more important for organizations. With that in mind, the vendor has officially opened to general availability four Threat Trackers for the Office 365 Threat Intelligence service.
Research bears out Microsoft’s security concerns. Its recent Security Intelligence Report showed a 300 percent increase in user account attacks. And, a new Kaspersky study showed that enterprise companies worldwide lose roughly $1.2 million from every data breach, while small and midsize businesses suffer a $120,000 loss per incident.
Microsoft initially unwrapped the investigative Threat Trackers tool along with Threat Explorer and Attack Simulator in an update to the Office 365 Threat Intelligence platform introduced at last year’s Ignite conference. (At the time, Microsoft also upgraded the service’s remediation capabilities.) The Threat Intelligence service has been generally available since April, 2017.
The Threat Trackers service is designed to provide a trend summary of four different categories of threat campaigns — noteworthy campaigns, trending campaigns, saved queries of selected campaigns, and tracked queries. It additionally provides a detailed view on evolving and trending threats, including attacks targeting specific users in an organization. It’s accessible through the Office 365 Security and Compliance Center web portal.
“We launched Office 365 Threat Intelligence to help organizations become more secure by enhancing admin capabilities which offer greater visibility, deeper insights, and powerful executable actions,” Debraj Ghosh, Microsoft senior product marketing manager, wrote in a blog posted last week. “With this added feature, Office 365 Threat Intelligence [enables] admins to more efficiently and easily secure their organization,” he said.
Here’s a drill down on the threat views:
Noteworthy campaigns: Well-known and important global threats such as Petya and WannaCry. Office 365 Threat Intelligence pre-builds campaign monitors, enabling admins to assess their volume and frequency.
Trending campaigns: New and targeted email threats impacting an organization’s Office 365 environment. Shows tenant level malware trends, identifying malware families on the rise, flat, or declining. If an organization’s targeting percentage is greater than 10 percent, it indicates that it is being specifically targeted by the attack.
Saved and tracked queries: Investigative views to monitor malware and phishing events within a pre-set scope. Saved trackers are for attacks admins find in their own investigations. Tracked queries are custom trackers to simplify monitoring and for creating attacker profiles. Tracked Queries provide regular assessments of selected threats such as malware, phishing and other events with the scope defined.