A lot of businesses are using Microsoft 365 for their email and different Microsoft 365 applications for their productivity and collaboration of their staff. these organisations will rely on basic anti-virus/malware for their security solutions, which will not be triggered if Microsoft 365 was compromised in any way.
At Control IT Solutions we use Bluedog Microsoft 365 secure monitoring, Bluedog can track the way an attacker moves or navigates through your network, it will pick up on the location of login and any lateral movements within a network. By correlating this data, the patterns of the attackers are easily spotted and as soon as an incident has been identified action will be taken by the Bluedog first responders to eliminate the threat from your business or organisation, by either blocking the user or isolating the device or closing off a network segment, consequently the incident is resolved quickly efficiently and accurately.
In the month of March 2020 there was an increase of phishing emails by 660% compared to the previous month. A lot of businesses employees are working from home now and with Microsoft 365 it has huge collaboration working practices, but for the untrained user, they are at risk of a phishing email, making many businesses more vulnerable than ever before. With Bluedog monitoring Microsoft 365 this give business owner’s peace of mind and allowing you to act before any damage is done. Bluedog can monitor Office 365 for any behaviour that is strange such as:
• unusual sign-in locations
• failed and successful login attempts from unusual locations
• data extractions from SharePoint or OneDrive
• logins to mailboxes on Exchange
• behaviour inside Exchange
• emails with suspected phishing etc
• device updates
• user account changes such as user password changes, user updates, new users, deleted users.
All anomalies are detected and any strange behaviour which could be malicious is scrutinised and acted upon.
Can we trace if someone extracted information from the network when they for example put in their resignation, to validate they did not breach any of the non-competition clauses in a contract?
Yes, this capability is certainly present inside the Bluedog Microsoft 365 monitoring solution. It is possible to have a full overview of what actors have been doing. The ability to review files, folders and emails that have been accessed, downloaded, deleted, etc, gives this overview in time and place. This is a great benefit to identify any data that may have been stolen or leaked, drilling down to the user and IP address.
*Important note* The contents of files or emails themselves are not visible to Bluedog, only the filenames and locations of files inside SharePoint/ OneDrive and the subject of email or filename of the attachment.
Can we find out if someone is in a different location than where they claim they are?
Yes, this is possible as the IP address of user activity is stored with the location at the time of the activity. This allows the Bluedog team to determine where actors are located while performing their activities
Can we see if a certain office location is working more proactive than other locations are?
Yes, the capability of grouping data sets based on geolocation, country and city are present in the Bluedog Office365 monitoring solution. This gives the ability to check on performance or make other geographical correlations from the data
Would this offering be able to provide a report to show the number of external (only) emails sent by each user over a period, i.e. seven days?
Yes, this is possible. The Exchange dashboard provides insights into email behaviour from within the company. It also shows how email is treated, showing the types of email a user sends and receives. This provides great insights on any targeted attacks on the company. Identifying which users are receiving most phishing attacks and looking at the kind of malware. With this information, Bluedog can provide recommendations on what action to take that will improve security measures for the business.