As more state and local government organizations transition their IT communications and collaboration technologies to the Microsoft cloud a common challenge continues to surface. How to monitor, manage and audit security compliance has become a focus for IT administrators. This topic was the #2 priority listed on a recent government CIO survey from NASCIO (National Association of State Chief Information Officers). For a complete report on how government CIOs are prioritizing their strategies for security and risk management, please download this overview white paper that includes the details from the recent NASCIO survey results.
Security Compliance Monitoring
One ongoing discussion is how state and local government security professionals lack the necessary tools and processes needed to provide visibility into the cloud, and to converge user activity tracking with account access methods to better identify, investigate and remediate security compliance threats running in the cloud. An important aspect of monitoring and evaluating security requirements involves establishing a baseline of a healthy IT environment. What is the standard, best practice configurations for Office 365 accounts and what are NORMAL user activities within documented security policies? Then if any anomalous user activities or non-compliance account configurations are identified the IT administrators can be notified immediately. That’s where our CoreView security compliance solution comes into play.
CoreView provides an integrated toolset for administrators to perform security monitoring, configure automated alerts for non-compliance issues, and run security audits with detailed forensic analysis for Office 365 events. In addition, CoreView provides robust security reporting features with a configurable dashboard view for known security risks.
(EXAMPLE: Security Compliance Dashboard — Configurable security report for simplified monitoring)
Monitoring Suspicious Sign-in Activity
Another common request from our customers are effective methods to track and report on suspicious sign-in activity. Monitoring suspicious sign-in activities for user accounts has quickly become a critical security task for IT administrators responsible for managing Office 365. The customizable reports from CoreView enable IT admins to easily monitor these suspicious activities, identify who performed the sign-in, when it happened, and from what geographic location (which IP address). This is extremely helpful for distributed organizations with multiple sites and geographic locations. The anomalous AD activity reports combine suspicious sign-in details from the following categories:
- Sign-ins from unknown sources
- Sign-ins after multiple failures
- Sign-ins from multiple geographies in the same days/weeks
- Sign-ins from IP addresses with suspicious activity
- Sign-ins from possibly infected devices
- Irregular sign-in activity
(Example: Security auditing report for sign-in failure activity)
**Note: CoreView also enables the configuration of automated alerts for a specific suspicious sign-in activity. Using this model an IT admin will be notified immediately when any of these security issues occur.
There you have it. If you are looking for an Office 365 security sentinel to monitor and alert you when security issues occur, then CoreView is the solution you need. If you are interested in finding out more about our CoreView solution and how it can help with security compliance auditing, perform security alerts, and cut your administration time in half, please visit our overview page online, or sign-up for a complimentary trial at https://www.coreview.com/coresuite-trial/.