Vectra is excited to announce the release of our 2020 Spotlight Report on Microsoft Office 365. With the growing distributed workforce and rapid adoption of cloud-based applications to accommodate remote workers, Microsoft Office 365 is one of the most widely used suites of productivity applications in the world, with over 258 million Office 365 and 75 million Teams users.
The new report draws on data observed in over 4 million participating accounts from June-August 2020. During this time, Vectra discovered extensive amounts of lateral movement within Office 365 environments, and we have quantified exponential growth in the threat surface that the cloud presents. Check out the executive summary to learn about high-level takeaways and read the full report for an in-depth analysis.
Email and user accounts are frequently used cyberattackers to gain entry into a network. Vectra research highlights that attackers who gain access use tools that are built into an organization’s cloud environments, such as Microsoft Power Automate and eDiscovery, for lateral movement.
With remote work projected to remain high, we expect this trend to continue in the months to come, as attackers continue to exploit human behavior and use the legitimate tools provided by the cloud to establish a foothold and remain undetected within a target organization.
This report contains analysis findings from Cognito Detect for Office 365 deployments and highlights how attackers use native Office 365 services to enable attacks.
Highlights from the report include:
In addition, the report assesses the top ten most common suspicious behaviors in Office 365 over the designated three-month period. An analysis of these findings emphasizes the need to swiftly identify user data misuse and recognize the value of understanding how entities utilize privileges within SaaS applications like Office 365 and beyond.
The Vectra 2020 Spotlight Report on Office 365 demonstrates the value of NDR when it comes to discovering attacks and enabling security teams to halt any damaging principles that have been installed because of lateral movement.
Deployed in minutes without agents, Cognito Detect for Office 365 automatically identifies and prioritizes attacker behaviors, streamlines investigations, and enables proactive threat hunting. In its first 90 days of availability, Cognito Detect for Office 365 was adopted, deployed and proceeded to protect over 4 million accounts.
Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.