Security Monitoring Now Offered with Thrive’s Managed Microsoft 365 Services
Microsoft 365’s line of cloud-based apps offers the most customisable, user-friendly suite of collaboration and productivity tools on the market today. With the ability to connect anyone, from anywhere, on any device, the question of security inevitably comes into play. An increasingly remote and global workforce means that it can be more difficult to identify suspicious logins, and end-user devices are more at risk for attack since they are not within a controlled office setting.
Microsoft 365 Security Monitoring
Security monitoring and alerts are not inherently a part of Microsoft’s cloud-based collaboration suite. Things like suspicious logins or multiple login attempts, permissions changes, or changes to user settings are logged, but not analysed. Thrive’s intelligent security software monitors these logs and flags suspicious activity for further review. Depending on the type of event and level of severity, Thrive either quickly blocks the hacking attempt or reaches out to your internal team for further action.
Thrive monitors approximately twenty crucial logs for suspicious activity. Here are some of the top areas of concern.
Suspicious Remote Logins
With a global workforce working remotely, it can be more difficult than ever to identify when a login looks suspicious. While a large number of hacking attempts originate in countries like Bulgaria, Pakistan, and Russia, true workers living in those areas still need daily access. Using geofencing and IP identification, Thrive’s intelligent monitoring software can better pinpoint and block true fraudulent login attempts.
Any user with administrative rights can grant or restrict the administrative rights of others, as well as make changes to security settings protecting your organisation’s data. When any user is granted administrative permission rights, Thrive’s team is automatically notified. Unless previously notified of the change, our team of cybersecurity experts reaches out to your identified point of contact to confirm whether the change was genuine or malicious.
Changes to User Security Settings
Similar to administrative rights changes, individual user settings are monitored for changes.
A hacker who has already successfully infiltrated your system can add or remove MFA to further block the real user from regaining access and establish themselves as the true account holder. Once the real user is locked out of their account, the attacker is then free to steal as much data and cause as much damage as they can. With Thrive’s security monitoring, actions like these are automatically flagged for more serious review so the account can be quickly shut down.
Multiple Password Resets or Multiple Login Attempts
Brute force attacks are among the most common forms of infiltration, as they are extremely simple and reliable. Relying on users having weak passwords, a program goes to work guessing a user’s password until it eventually cracks it, if the password is simple enough. Oftentimes this software is ‘smart’ enough to fly under the radar and avoid flag-raising account lockouts. Guessing just the right number of times every day, however, typically goes undetected. Thrive monitors for suspiciously high numbers of unsuccessful login attempts to block hackers from ever gaining access.
Targeted Event Monitoring
If you subscribe to Microsoft’s collaboration tools, contact us to talk about expanding your security coverage and improving your cybersecurity posture today.