Following Our Customers To The Cloud With Affordable Threat Visibility

15th September 2021


As the pandemic continues to endanger lives, millions of workers remain at home working remotely. Organizations of all sizes have accelerated their adoption of cloud services, particularly cloud-based collaboration and office productivity SaaS tools. In our customer base, Office 365 is leading the way with over 60% adopting Azure and O365 SaaS and collaboration tools, based on a recent customer survey.

Among other questions, we asked customers about their top risks related to O365 and Azure. The results: 40% said credential abuse; 26% reported complexity in implementing Microsoft security; 22% stated vulnerabilities; and 10% said guest user access to sensitive data.

N=50, Midmarket IT and Security Leads Top O365 & Azure Risks

 

The rapid move to adopt Microsoft Office SaaS is the primary reason we are officially introducing coverage of Azure and O365 in our NDaaS platform. CyGlass is now the only cybersecurity vendor that offers a 100% cloud-native, affordable, single platform solution that is easy to operate and covers both on-premise network and cloud environments.

Collecting activity and user logs directly from the Microsoft Cloud and with new AI models in place, CyGlass NDaaS now has the ability to detect threats including: anomalous numbers of failed logins, including brute force password attacks, Azure account takeovers, threats to admin accounts, unauthorized and impossible access to cloud apps and folders, risky access and risky user activity, anomalous access usage of files and folders, and file exfiltration.

Brute Force Attack Report View

 

NDaaS is the only platform that correlates threats across and protects both cloud and on-premise networks. As is widely known, a major goal of attackers is to compromise credentials, then a user machine, and move from the cloud down to mission-critical networks. This is where ransomware and data theft can really do damage.

Defending against ransomware and other cyberattacks requires the ability to watch for and correlate attacks that start in the cloud and move to the network – or start as an attack on the network and move to the cloud. With the latest NDaaS release we have this covered.

Brute force attack detail view including Network IP, User Account Correlation

 

Equally important, NDaaS can show a risk-based view of O365 authentication, access, and shared folder level risk. A common complaint from customers moving to O365 is the high number of alerts (300+ per day) occurring with E3 and E5 level security tools. Many of these alerts are related to misconfigurations in authentication, access, and folder-level sharing. Microsoft delivered a seriously comprehensive set of security tools with O365 and Azure, that are also seriously difficult to set up, operate and manage. Accordingly, Gartner has predicted that, by 2023, 99% of all Azure/O365 successful attacks will have exploited misconfiguration.

NDaaS beta testing customers have been using our risk-based, prioritized view of their O365 environments as a type of triage tool to sort out where to focus and what to fix first. All report high levels of satisfaction using this approach, which relies on the NDaaS AI systems to sort items needing attention by risk score.

Report view connecting cloud threat with internal threat actors

 

Threat actors have turned their focus to cloud platforms and the levels of unmanaged risk around O364 can seem daunting. John Vander Velde, CIO at Superior National Bank, has the bank covered with NDaaS:

“Many tools provide Office 365 controls, but they don’t have the AI or machine learning to actually find threats, just rules and templates. CyGlass gave us the visibility we needed, and we can just turn it on.”

For a detailed view on how Superior National Bank has employed Network Defense as a Service to gain network visibility across branches, service providers and more, read the new case study and check out our Hybrid Cloud Protection datasheet.

  1. https://www.computerweekly.com/news/252504909/Cloud-misconfiguration-a-growing-cause-of-security-incidents
  2. https://us-cert.cisa.gov/ncas/alerts/aa21-008a