Question: Do you lock your doors because you expect a robber, or because you sleep better knowing you have made unauthorized entry a bit difficult?
If you forget to set the alarm are you more, or less protected? The answer is neither. The alarm is an alert to inform you that a critical abnormality has occurred (based on your definition of acceptable activity). You must identify the compromised area and repair it. You probably will also take measures to reduce the potential of a re-occurrence. Whether the threat was real or not; there is a cost to investigate the event and remediate the real threat or ‘false alarm’.
In the world of IT security, if your alerts and alarms are not activated, everything is OK–right?
‘The average time attackers stay in a network BEFORE detection is 200+ days’
This reality suggests that a need to change the way we think about protecting our networks, and the information that flows through them. Alerts and alarms are not enough, we need to understand abnormal behavior that can potentially result in a breach. How can we do this without becoming ‘paranoid’ and ‘chasing IT ghosts’?
In the August issue, I introduced the Microsoft Enterprise Mobility Suite and summarized why you should consider it as a BYOD solution, and as a way to better secure the information accessed by Office 365. In this issue I will focus on managing ‘access behavior’ around your information.
Enterprise Mobility Suite includes Advanced Threat Analytics
Microsoft Enterprise Management Suite (EMS) is a cloud enabled solution that enables you to control who is accessing your data and where it is sent. It extends both the device and data protection available in Office 365, and improves Identity Management with AD Premium.
Advanced Threat Analytics (included in EMS) provides a simple and fast way to understand what is happening within your network by identifying suspicious user and device activity. Based on the internal self-learning technology, it builds an Organizational Security Map that learns normal interactions between users, devices, and resources. It uses ‘behavior anomalies’ and known security issues to raise red flags (alerts), and provide attack timelines and remediation recommendations.
Your time and resources are valuable
Enterprise Mobility Suite with ATA allows you to focus more time on business issues and less time on monitoring reports and ‘false positive alerts’. The solution ‘learns’ to recognize normal behavior. It uses machine learning to adapt as your organization changes; it only alerts after suspicious activities are aggregated and looked at in the changing context of what is normal.
Office 365 + EMS is the Modern Secure Office
Enterprise Mobility Suite added to Office 365 helps you to:
- Increase data and device security
- Protect your organization against the changing nature of security breach threats
- Protect your information from the data source to the device and wherever the information is sent
We want to connect with you!
Whether you are looking for an Identity and Access Management solution or how to enable BYOD with Office 365, we have experienced business consultants and systems engineers that can design specific solutions mapped to your requirements.
Ready to get started? Call us at 425-285-9359 for a 30 minute cloud assessment to help you determine how EMS and Office 365 can benefit your organization.