Reveal(x) 360 monitors Microsoft 365 activity for suspicious or risky behavior, and correlates Microsoft 365 detections with powerful machine learning-driven network threat detection. Credit: iStock You asked. We delivered. You can now view Microsoft 365 detections and investigate threats directly in the Reveal(x) 360 console.Security tool sprawl introduces friction into your investigations, slows down your threat response time, and wears out your analysts. By bringing Microsoft 365 security events into Reveal(x) 360, you can reduce this friction and help your security team detect advanced threats faster so you can respond quickly and effectively.This integration enables your security team to detect and respond to Microsoft 365 risky user activities and advanced threats across your hybrid enterprise with:One-click investigation workflows90 days of transaction recordsRich network context and comprehensive visibility in a single, streamlined interfaceRisks and challenges in SaaS security monitoringUsing SaaS offerings such as Microsoft 365 to conduct important business carries risk. User identities can be compromised through phishing, brute force, or simple abuse by malicious insiders. Once an identity or set of credentials is compromised, any data they have access to is at risk and the identity can be used as part of a social engineering or spear-phishing attack to access more privileged credentials. Early detection of identity compromise can prevent a small-scale compromise from becoming a large-scale data breach.Monitoring the security of SaaS services is more challenging than monitoring self-hosted applications and services. SaaS services, including Microsoft 365, are hosted and operated on infrastructure that an enterprise security team cannot access or monitor. Teams are often forced to use default security tools with unfamiliar interfaces to monitor this one small slice of their environment. On top of that, you can’t count on a SaaS service provider to secure your environment. The shared responsibility model indicates that your service provider is responsible for securing the infrastructure and software of the SaaS service, but how you use that software and what your users do with it is your own responsibility to monitor and secure.Finally, in a dynamic, hybrid enterprise environment, detecting threats within an individual SaaS solution such as Microsoft 365 is only part of the picture. Successful security operations teams need to correlate risky behaviors across all of the applications and assets in their environment. It is challenging and frustrating to visit multiple consoles or user interfaces to analyze threats, then manually correlate detections and evidence to cobble together a view of an advanced adversary’s behavior.Simplicity and visibility: Using Reveal(x) 360 to monitor Microsoft 365With Microsoft 365 integration, Reveal(x) 360 adds the ability to view Microsoft 365 detections in context with other network insights and forensic details. This helps accelerate and simplify the investigation of known threats and increase the chances of detecting new, subtle threat behaviors and more attacker techniques from the MITRE ATT&CK framework.Detections and contextual data available to analysts includes:Risky user behaviors identified by Microsoft Azure machine learningIndications of compromised or leaked credentials discovered by Azure AD Identity ProtectionPassword spraying attacksRisky logins sorted by service, user agent, or userMany other potential threat signals extracted from network traffic by ExtraHop machine learningBeyond Microsoft 365: Monitor and decrypt Microsoft protocols for greater securityAdditionally, Reveal(x) 360 already monitors Active Directory traffic to detect privilege escalation attacks and catch adversaries abusing legitimate credentials. Reveal(x) 360 is the only NDR solution that can decrypt authentication protocols such as Kerberos, as well as other Microsoft protocols, such as SMBv3, where attackers attempt to hide the signals of their malicious behavior. By leveraging NDR against Microsoft 365 and common enterprise Microsoft protocols, security analysts gain more comprehensive visibility into threat behaviors in their environment.To learn more, watch the video, read our Microsoft 365 monitoring web page or solution brief, or visit your Reveal(x) 360 console admin panel to activate the integration and get started today. Related content brandpost Sponsored by ExtraHop Five Blind Spots That Leave You Open to Supply Chain Vulnerabilities It’s estimated by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chain. Is your organization prepared? By Chase Snyder Jun 13, 2022 14 mins Data and Information Security IT Leadership brandpost Sponsored by ExtraHop Assessing Network Analysis and Visibility Solutions for Zero Trust Gaining a better understanding of NAV product capabilities can jumpstart workflows and add value on the essential path to Zero Trust. By Kelsey Milligan Jun 13, 2022 5 mins Data and Information Security IT Leadership brandpost Sponsored by ExtraHop Beating Ransomware in the Midgame: Detection Best Practices in 2022 Ransomware varies in the type of encryption used, the scale of data encrypted, and their capacity to spread between computers. It has become increasingly sophisticated, with more advanced encryption, new vectors for infection, and the ability to leve By Jesse Munos Apr 14, 2022 7 mins Ransomware IT Leadership brandpost Sponsored by ExtraHop Detect and Stop Spring4Shell Exploitation On March 29, 2022, ExtraHop's Threat Research team noticed social media chatter regarding a new remote code execution (RCE) vulnerability in the Spring Core Framework and began tracking the issue. Read on to uncover their findings, and safeguard By Jeff Costlow Apr 14, 2022 4 mins Threat and Vulnerability Management IT Leadership PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe