By Yash Mudaliar, Cloud Security Engineer at Atech.cloud
If anyone asks you about the two most sensitive things that you would like to protect from attackers, I am sure most of us will choose ‘Information’ and ‘Identity’. That is because these components have proven to be the most targeted by attackers worldwide. Hence it has become one of the most challenging tasks for security analysts to secure organisation’s data and accounts from cyber attacks.
In this article, we look at Microsoft security solutions designed to protect these two crucial components and how we at Atech.cloud assist in implementing those solutions for your organisation’s security.
Information – Microsoft 365 DLP
To comply with business standards and industry regulations, it is critical that your organisation protects sensitive information to prevent inadvertent disclosure of financial data, health records, credit card numbers, social security numbers, and employee evaluations. The methods used for protecting business-critical information are complex and shaped by compliance and regulatory requirements as well as by business needs. Rules are what enforce your business requirements on your organisation’s content. Data Loss Prevention or DLP is a set of rules and policies that help to regulate and protect the way these data are being used by the employees. Using DLP policies to identify, monitor, and automatically protect sensitive information across Microsoft 365 helps in preventing users from accidentally, rather than intentionally sharing sensitive content.
How Microsoft DLP works
A DLP policy contains one or more rules, and each rule consists of conditions and actions. You can use a rule to meet a specific protection requirement, and then use the policy to group all such rules that are needed to comply with a specific regulation. For each rule, when the conditions are met, the actions are taken automatically.
DLP detects sensitive information by using deep content analysis which uses keyword matches, dictionary matches, the evaluation of regular expressions, internal functions, and other methods to detect content that matches your DLP policies. Potentially only a small percentage of your data is considered sensitive. A DLP policy can protect just that data, without impeding or affecting people who work with the rest of your content.
How Atech.cloud delivers DLP services
We at Atech.cloud are vigilant about data security and loss prevention, and so we make sure to configure policies as accurate to the requirements as possible to lower the ‘False Positives’ and so increase the rate of detecting an insider threat quickly and efficiently. We design ‘Trainable Classifiers’ to meet the data type requirements specific to your organisation.
Our customised DLP reports provide a quick overview of all DLP events and will keep you informed about your organisation’s data trends. Not only that, with every report our security experts will also provide a list of crucial recommendations to prevent data loss. This ensures a truly proactive approach while you maintain full control.
Identity – Azure AD Identity Protection
It is important to protect your organisational identity, but not always easy to determine the best way to do that. Bigger identity thefts are hitting victims with increasing regularity and hence identity protection is only going to become more essential. With employees working remotely and in the era of BYOD, it is the need of the hour to evaluate and address identity-based risks.
Credential theft, credential stuffing, password spray (attempting common passwords against many accounts), and breach replay (attempting username/passwords from a previous breach) are prolific elements of current attacks, necessitating innovative approaches to validate user identities and protect them from theft/tampering on the devices where they are used. To mitigate these risks effectively, various identity protection tools are provided through various vendors including such tools as Azure AD Identity Protection by Microsoft.
How Azure Identity Protection works
Identity Protection uses learnings that Microsoft has acquired from their position in organisations with Azure AD and the consumer space with Microsoft Accounts to identify and protect them from threats.
Identity Protection provides organisations access to powerful resources to see and respond quickly to these suspicious actions. Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. We can configure two main categories of policies in Identity Protection:
- User Risk Policy: A user risk represents the probability that a given identity or account is compromised.
- Sign-In Risk Policy: A sign-in risk represents the probability that a given authentication request is not authorized by the identity owner.
Identity protection policies help not only in detecting and evaluating identity-based risks but also provide a way of automating the actions to take as the first line of defence.
How Atech.cloud delivers protection
The security team at Atech.cloud emphasises identity protection at a strict scale for all our clients. We monitor and deliver weekly digests and monthly reports on the risky and malicious sign-ins detected throughout the organisation to keep our customers aware and educated about the latest identity vulnerabilities. To make things super secure and adaptive, our security consultants keep creating and updating custom identity protection policies in addition to the default ones. Additionally, our security administrators work continuously on suppressing the ‘False Positives’ to ensure a smooth and seamless sign-in experience for the users.