Back to Blog

Cloud Identity Detections with Azure AD

By
Sam Martin
|
February 11, 2021

We’re excited to announce enhanced cloud identity detection capabilities with Azure AD within Cognito Detect for Office 365. By integrating Vectra at the identity layer, we offer complete cloud-to-ground security coverage, including an organization’s entire software-as-a-service (SaaS) ecosystem. This single configuration integration effectively puts an end to lateral movement between ground and cloud using accounts.

Surging Azure AD usage hasn’t come out of the blue

The pivot to remote work has changed the way we work and has resulted in an increased reliance on the cloud—a survey found that the average company regularly uses at least 137 unique SaaS apps. As data is stored and distributed across various cloud applications, it has become imperative to offer easy single sign-on access while keeping information secure.  

To meet the needs of a distributed workforce, organizations have commonly turned to Identity Providers (IdPs) such as Microsoft. The adoption of Azure AD reached 425 million active users by the end of 2020, and last month Microsoft reported a 50% increase in Azure sales in its second fiscal quarter of 2021. Azure AD and Office 365 are two sides of the same coin, with Azure AD managing account setup for all of Office 365 in addition to non-Microsoft SaaS apps.

Despite its almost ubiquitous presence in organizations, Azure AD is not as secure as you may think. Many SaaS applications federate with Azure AD because it consolidates and manages all corporate accounts and access rules. This means that compromising a single Azure AD account can give an attacker access to a vast trove of data housed across multiple SaaS applications.

Rest Azure-d with Vectra

With the Vectra extended support for Azure AD, Cognito Detect for Office 365 protects all its federated SaaS applications, and drastically reduces the consequences of supply chain breaches while offering a simple and comprehensive way to secure users’ cloud identities.

We are the first network detection and response (NDR) solution to offer universal control over data and identities to meet growing privacy and compliance concerns. Other security solutions require configuration on a per-app basis for security coverage, which is inconvenient and time-consuming. Vectra integrates directly at the identity provider (IdP) layer, protecting both cloud and on-premises applications and accounts.

Vectra provides deep behavioral coverage with over ten unique Azure AD detections and over 20 Office 365-specific detection models. Events are never viewed in isolation; instead, they are contextually correlated to ensure efficient and effective prioritization of attacker actions. It allows us to spot attacks executed through Azure AD—the entry point—and means that organizations can halt attacks at the very beginning of the kill chain.

Learn more on securing Microsoft Azure AD with Cognito Detect for Office 365, or schedule a demo.