It seems like organizations of all types and sizes are under digital attack these days. Using email to transmit malware and then compromise an organization is a common way in which these kinds of attacks strike. Today Office365Mon is launching a new service to help keep you in the know of when and where these attacks are directed at your organization. In conjunction with the Threat Intelligence features of Office 365, we have a new feature we call Threat Intelligence Monitoring.
The Threat Intelligence features in Office 365 are included for those users that have an E5 license. The Office 365 E5 license includes numerous additional features beyond the basic email and SharePoint, and Threat Intelligence is one of them. The Threat Intelligence feature in Office 365 is a collection of insights used in analyzing your tenant to help you find and eliminate threats, proactively. The Threat Intelligence Monitoring feature in Office365Mon builds on that in some important ways. For example, you can:
- Get notified the first time a new malware is sent to your organization. Know when a new type of malware has been targeted at your company so you can make sure you have the tools and plans in place to defend yourself.
- Get notified when you get more than a certain number of malware within a given time period. Set thresholds for malware volume so you know if you are being targeted for broader malware attacks.
- Get notified when any user gets more than a certain number of malware in any given day. Be in the know and in control if any of your users are being singled out and specifically targeted with malware attacks so you quarantine and limit the potential damage.
Configuring these options, like all features in Office365Mon, is super simple. A few mouse clicks and you are ready to go:
Once configured, you’ll have all of the standard Office365Mon notification options to keep you in the know when there’s a problem: email messages, text messages, and our webhook feature. In addition to the notifications, there are a number of interesting reports that we provide with Threat Intelligence Monitoring to help you analyze the nature of these attacks against your organization.
For example, here you can get the trend of malwares entering your organization during the current month:
In addition to the trend for the current month, there’s a similar chart that shows you a rolling two-month period so you can see what’s being targeted at you over a longer period of time.
You can also get an overview of the top 10 targeted users within your organization, so you can ensure that they are following security best practices:
There’s other reports that show you both for the current month as well as historically, data for different ways in which malware has been targeted at your organization. For example, here’s one that shows the different malware file names that were sent into your organization:
In addition to this, you can view this kind of summary data based on who sent malware infected messages, summaries of the Senders’ IP address, summaries based on the email Subject so you can look for patterns there, summaries on file type and file name as shown above, and also information on when the malware was detected.
We’re also taking this information and have added it into our Microsoft Cloud Command Center. For those of you who aren’t familiar with it, the Cloud Command Center brings together information that previously existed as islands of data and loaded up all of the key metrics that you need about everything that’s going on with your Microsoft cloud services. We’ve plugged in the malware trend report and user targeting report into the Cloud Command Center for a really great overview of the health of your organization and its cloud services:
We think features like Threat Intelligence Monitoring really expand and strengthen the base of important information you need to be in the know and in control of your organization and its cloud software services. It all starts in Office 365, so you can help yourself get connected with this information by incorporating the E5 license in your organization.
The Threat Intelligence Monitoring service in Office365Mon is available in Preview today for everyone. As with all new Office365Mon features, all existing customers have had this feature turned on for the next 90 days to try it out. All new Office365Mon customers will also have this feature enabled for 90 days so they can see it working in their environment. As always, we would still love to get feedback on how we can improve it and make it more useful to you, so please feel free to send it our way. Licensing and pricing is not yet available for the Threat Intelligence Monitoring service; that will be set in Q1 of 2018.
We really have a wide and expansive set of tools to help you with your Microsoft cloud services now. For monitoring Office 365 performance and availability, go to https://office365mon.com. For monitoring Azure performance and availability, go to https://azureservicemon.com. To monitor malware attacks using Threat Intelligence, go Office365Mon.Com and create your Office365Mon subscription, then you can configure Threat Intelligence monitoring at https://www.office365mon.com/Configure/Threats.
Thanks, and I hope everyone has a great holiday season!
From Sunny Phoenix,