Monitor Suspicious Sign-in Activity in your Tenant
Preventing data breaches for your organization will utilize many different methods and tactics. Staying one step ahead of the hackers is the common goal of Security Operations teams at enterprise organizations these days. But you need to know what to look out for and then leverage powerful tools to keep a watchful eye on those pathways and back doors that hackers might take. Remember the “Knock-Knock” attack from last year that targeted Office 365 admin and system accounts. The same accounts that are rarely monitored, usually automated and ignored, not protected by two-factor authentication and secured with poor passwords. Yes, those accounts. But they can still be used to gain access to corporate Office 365 email accounts for phishing, data-theft, and more. That security attack against the Microsoft cloud went on throughout the summer of 2017.
Similar attacks continue to challenge IT groups around the world. A recent article on Symantec’s website warns of another type of attack model.
Recent blog from Symantec: Horizontal Password Guessing Attacks
These attacks are often performed by hackers using malicious BotNets that leverage infected machines in China, India and other locations that can be uncommon login origins for your Office 365 tenant. To help organizations guard against these types of attacks, we have implemented a new reporting model in CoreView that groups these types of suspicious sign-ins by category. Leveraging the new Custom Pivot Table reports in CoreView will help you quickly identify common locations for Failed Sign-ins for your tenant, so you can create policies on your Azure AD to block online access from suspicious areas or IP addresses.
New Pivot Table Reporting in CoreView
Grouping and categorizing large amounts of data has long been a common practice of IT groups so they can better understand the information coming out of their infrastructure monitoring reports. In today’s marketplace, successful decision-making has everything to do with turning data insights into action. And because the goal of data visualization is impact, not numbers, it’s no surprise the Pivot Tables have become one of the most popular data modeling features in use around the world.
To help customers improve their business decision making based on the huge amounts of data available in our CoreView reports, we have added a built-in Pivot Table toolset within our UI. These new Pivot Table reports enable IT Admins and Managers to perform data modeling quickly and easily through the CoreView interface. These reports make it very helpful to identify possible issues around security compliance, so the appropriate actions can be taken. For example, the pivot table report below shows the number of sign-in failures from different countries. The secondary category showcases the access method attempted and what action was reported in the log files.
EXAMPLE: Azure AD Sign-ins (Failed Attempts data view)
The interface to customize the Pivot Table is extremely easy. You can add new data columns, manipulate the categorization fields, and even show the report in colorful charts and graphs. Anyone that is familiar with using Pivot Tables inside MS Excel will find it simple to build these reports. And they can be saved and shared in multiple ways. You can export them as a spreadsheet, graphic, or PDF. Plus, you can save them inside of CoreView under a specific name and make them available for other IT admins or managers to view online.
EXAMPLE: Azure AD Sign-ins (customizable Pivot Table reporting interface)
If you are already a customer running CoreView you can find this report by logging into the portal. Otherwise, take advantage of our complimentary trial to check out the most advanced Office 365 management suite on the market.
Check out this video recording of how to configure one of these Pivot Table reports. New articles about other new CoreView reports are coming soon. Stay tuned!