Enterprises stand now at the dawn of the era of cloud collaboration. Employees and administrators alike can share their work and their expertise across the globe in an instant. Through collaborative cloud applications, your enterprise can foster the best products, services, and messages faster than ever before. Brainstorming and development become a snap.
For many enterprises, Microsoft Office 365 embodies their cloud collaboration activities. 100 million active users around the world as of 2017 use Office 365 to store, process, and refine their proprietary and customer data.
But with all good things, cloud collaboration and Office 365 face a serious downside: cloud security. Cloud security continues to vex enterprise IT security teams as one of the most essential challenges in modern cybersecurity. User access issues, perimeter security problems, data loss, and threats to data privacy threaten to mitigate the benefits of the collaborative cloud.
However, your enterprise doesn’t need to risk its cloud security to enjoy the cloud’s collaboration prowess. The editors at Solutions Review read through the “Best Practices for Office 365 Security Monitoring” white paper by SIEM solution provider AlienVault, available here for free. In this white paper, AlienVault outlines the major problems facing enterprises using Office 365 and the SIEM best practices to solve these issues.
Here’s what AlienVault suggests for your enterprise:
What to Monitor in Office 365
Your enterprise’s use of Office 365 will differ from its usage by another enterprise; your activities on the collaborative cloud depends on and corresponds with your unique business objectives and processes. Obviously, these objectives and processes determine in part what your enterprise needs to monitor in its cloud security
However, AlienVault notes the general activities you should monitor in your collaborative cloud security. These include, but are certainly not limited, to:
- User Access: Which users, either regular or privileged, have access to what data? When did they access this data—during normal work hours or at an odd time? From where did they access the data—from their regular work locations, or from a country or region which would make no sense?
- Administrator Actions: As we’ve said in our discussions of privileged access management, hackers love stealing your enterprise’s most powerful credentials and weaponizing them. Keep an eye on your privileged users’ activities on Office 365 to make sure their behavior matches their job descriptions.
- Changes to Office 365 Policies: This relates to the above privileges and behavioral analyses. The Office 365 policies define what your enterprise considers normal behaviors and user parameters, including malware parameters. You must regard any changes to these as worthy of investigation to ensure their proper and legitimate implementation.
How to Monitor User Access in Office 365
AlienVault provides a deep dive in their white paper into the monitoring requirements and best practices for your enterprise’s collaborative cloud. We don’t want to give it all away in this article—the white paper is available for free here. However, we instead share a sneak peek into some of their suggestions on monitoring user access to your Office 365 application. Above all…
Take Advantage of the Azure Active Directory
With Microsoft’s cloud-based Azure Active Directory (Azure AD), your enterprise can centrally manage your users’ access credentials and digital identities to your Office 365. Your IT security team can synchronize and integrate Azure AD with your enterprises’ own active directory and your SIEM solution. This facilitates your identity and behavioral threat indicator monitoring across your entire cloud environment and collaborative applications.
As an authority, AlienVault suggests your enterprise monitors your users’ sign-in activities; you can employ a SIEM solution’s user and entity behavior analysis (UEBA) capabilities to establish a baseline of normal activity for each user and thus watch for anomalies or suspicious activity.
You can also use the Azure AD, accessible from the Office 365 Admin Center, to set up strong password policies. These can include policies for mandatory password expiry dates and multifactor authentication. AlienVault notes however that without strong threat detection as provided by a SIEM solution, it won’t be enough.
Certainly, this only scratches the surface of AlienVault’s expert advice. You can download the full “Best Practices for Office 365 Security Monitoring” white paper for free here.
Latest posts by Ben Canner (see all)
- Key Findings: 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM) - July 10, 2020
- 2020 Vendors to Know: SOAR - July 8, 2020
- Should We Move to a New Definition of SIEM? - July 6, 2020