The 2020 Spotlight Report
on Office 365

Discover how cybercriminals use legitimate Office 365 services to launch attacks.

Download Report

See for Yourself

Start your own free trial to see Cognito Detect for Office 365 in your environment.

Start Trial

NEW! Securing Microsoft Office 365 in the New Normal

Uncover the results from a global survey of security professionals and key takeaways on how you can protect your organization.

Download Report

Why Now

Account takeover in Office 365 has become the largest security threat vector in the cloud

Rise in compromised credentials to accounts

Cloud security failures in the customer’s portion of the responsibility model

Breaches taking months or longer to discover


Multifactor authentication (MFA), Cloud Access Security Brokers (CASB) and email security all fail – here's how:​


Account takeover


Attackers focus on compromising accounts, even those protected by MFA​


Attacker movement


After compromise, attackers move across cloud applications and service providers into your hybrid environment with ease​


Unknown threats


Preventative security solutions struggle with account-based attacks, as they look like legitimate user actions

Why Vectra

  • 30% of organizations suffer account takeovers every month, even after adopting multifactor authentication. Vectra puts an end to Office 365 and Azure AD account takeovers by understanding attacker behaviors and account privilege.
  • Attackers don’t operate in silos — your security solution shouldn’t either. Vectra tracks and maps account and attacker activity between enterprise, hybrid, data center, IaaS and SaaS. All from a single place.
  • Vectra AI-driven security for Office 365 sees and stops active attackers operating in your environment.

Vectra Detections Cover the Entire Office 365 Ecosystem — Not Just Email

Cognito NDR Sees Threats Emerging from the Cloud

APT33 attack progression

Cognito Detect for Office 365

Identify and stop data breaches

Widespread threat coverage – Stop data breaches by detecting threats in Office 365 and Azure AD federated applications by
leveraging AI to identify malicious behaviors and hijacked accounts.

Deploy in minutes with a cloud-native approach that quickly starts to monitor, detect and stop attacks.

Regain comprehensive security coverage between Office 365, Azure AD, and your local enterprise infrastructure.

Stop unknown and known attacks and account takeovers in real time before they lead to data breaches.

Did You Know?

Power Automate is the new PowerShell

Attackers user Power Automate to:

  • Connect to C2 every minute
  • Copy every file modification to Google Drive
  • Post emails with specific keywords to Twitter

Bypasses DLP and other security controls