Breaches Happen – How to Detect and Respond Fast

A breach is inevitable. How can we help you detect it and respond fast

Breaches, compromised data, and cyber-attacks can put vulnerable beneficiaries at risk, disrupt nonprofit operations and services, expose your organisation to liability, and tarnish the reputation you have so painstakingly built. Contact us today and we can figure out your nonprofit’s specific needs.

With a sinking feeling, you discover your network has been hacked. Questions race through your mind: How did this happen? What have they done inside our network? What information have we lost?

With the right tools, there is no need to panic. With Microsoft 365 tools we can help you visualise an attacker’s movement through your system, recommend where to focus your investigation, and help recover files in OneDrive.

Security breaches are never fun, but they don’t have to be devastating. Contact us to learn more about how to better protect your business, even from the worst-case scenario.

Scenario

Our HR coordinator came to the helpdesk with a ransomware message on their computer. We tried to get rid of it, but ultimately paid the ransom to get our files back. Our investigation uncovered that someone had been in the network for 52 days. We need to figure out what was compromised, how to fix the problems, and ensure this doesn’t happen again.

Example Attack Timeline

1. Identity compromised:

Link in phishing email clicked.

2. Device compromised:

Back door installed.

3. Admin ID & hash compromised:

User privileges escalated by tricking the Helpdesk to grant access.

4

Intelligence programs installed: Key logger, network scanner, remote.exe

5. Sensitive data compromised:

Recon complete.

6.

Data exfiltrated via cloudstorage app.

7. User credentials for sale:

Information sold on dark web.

8.

Ransomware launched.

Microsoft 365 helps protect

  • Filter spam, phishing attacks, and malware across emails and files
  • Detect ransomware across endpoints and cloud apps
  • Block ransomware and automatically detonate attacks
  • Detect anomalies and suspicious user / endpoint behaviour without the need to create and fine-tune rules
  • Automatically block endpoint threats
  • Alert on: privileged identity usage, new program installs, or sensitive information downloads
  • Automatically block or alert on unusual data downloads frommanaged apps
  • Establish impossible geographic logins
  • Automatically enforce risk-based policies
  • Scan the dark web for stolen credentials.

Microsoft 365 helps recover

  • Automatically investigate and remediate endpoint threats
  • Drill into alert details through a visual attack timeline
  • Visualise a hacker’s lateral movement
  • Pivot from device analysis to user profiles or affected emails without losing context
  • Recommend what to investigate and remediate
  • Investigate across company-wide email to help remediate threats
  • Run advanced hunting queries against endpoint data for forensic investigation
  • Remove ransomware and recover files from OneDrive
  • Teach users to guard against email phishing by simulating an attack
  • Automatically require Multi-Factor Authentication and password changes based on risk-based policies.
Microsoft 365 provides holistic security across Identity and Access Management, Information Protection, Threat Detection, and Security Management

Microsoft 365 Enterprise E5 includes powerful security tools that work together in different combinations to protect your organisation in a variety of ways. These products come together to secure your organisation against advanced threats and compromised identities:

Office 365 Advanced Threat Protection

Azure Advanced
Threat Protection

Windows Defender Advanced Threat Protection

Microsoft Cloud
App Security

Azure Active
Directory

Azure Information
Protection

Office 365
Threat Intelligence

illuminance Solutions is a Microsoft Gold Partner and a 2019 Microsoft Global Partner of the Year: Partner for Social Impact.

Send this to a friend