As more organizations transition their IT communications and collaboration technologies to the Microsoft cloud a common challenge continues to surface. How to monitor, manage and audit security compliance. One ongoing discussion is how security professionals lack the necessary tools and processes needed to provide visibility into the cloud, and to converge user activity tracking with account configuration standards to better identify, investigate and remediate security compliance threats running in the cloud.
An important aspect of monitoring and evaluating security requirements involves establishing a baseline of a healthy IT environment. What are the standard, best practice configurations for Office 365 accounts and what are NORMAL user activities within documented security policies? Then if any anomalous user activities or non-compliance account configurations are identified the IT administrators can be notified. That’s where our CoreView security compliance solution comes into play.
This blog entry will describe some of the new capabilities provided within the CoreView toolset for administrators to perform security monitoring, auditing and forensic analysis for Office 365 events, plus the security reporting features to provide a configurable dashboard view and automated alerts for known security risks.
The fully customizable security compliance dashboard in CoreView lets IT admins see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboard aggregates and correlates all of the Office 365 security and compliance data in a single pane of glass view that showcases information from all workloads (see example graphic below).
CoreView helps ensure your Microsoft cloud workloads are compliant with internal IT policies and regulations. The solution automates the assessment of security and compliance controls in order to demonstrate a repeatable and trackable process to auditors and stakeholders.
(EXAMPLE: Security Compliance Dashboard — Configurable securitydashboard for simplified monitoring)
CoreView also enables the configuration of automated alerts for any event activity reported inside the Office 365 log files. The simplified wizard UI for configuring these alerts makes it easy to choose the available log categories and associated events from available picklists and activities to identify the exact security risks to monitor. The wizard UI walks the administrator through a six-step process to identify the log event and select the recipients to alert. These alert notifications are generated in real-time from the audit activities performed by CoreView. When a preconfigured security monitor setting matches a known compliance breach, an alert message is sent via e-mail to a specified distribution list. Administrators can then take immediate action to rectify the situation and close the security concern.
(EXAMPLE: Setup Alert Notifications — Configurable security alerts for Exchange e-mail events)
#1 – ALERTS FOR MAILBOX PERMISSION CHANGES
The first of these automated alerts that I’d like to discuss are the security permission changes to user mailboxes. Since e-mail has become the standard form of business communications, the access rights to executive mailboxes have been closely guarded. Every organization wants to keep tabs on who has access to their executive teams’ communications, so this security alert should come as no surprise. As you can see from the Mailbox Security report below it is simple for CoreView to identify who has access to different mailboxes. By simply configuring an alert notification for each executive mailbox the IT administrators will be immediately notified when permission changes are made for those end users.
(Example of security reports for User Mailbox Security Access Changes)
#2 – MAILBOXES WITH AUTO FORWARDS POINTING OUTSIDE THE ORGANIZATION
The next example is also an obvious one that organizations have documented as a security compliance standard. No mailboxes should be allowed to auto-forward messages outside the organization. In the event that a user configures this type of auto-forward setting, an automated alert from CoreView will notify the IT administrators responsible for tracking this compliance issue so they can quickly remediate the problem.
#3 – IDENTIFYING LIKELY MALWARE INFECTED MAILBOXES
A simple alert configuration can be made using CoreView to identify mailboxes that are possibly infected with malware. If an account is sending thousands of messages a day to both internal and external addresses, then it is definitely an investigation that needs to be made by IT administrators. Being quickly notified for these type of malware infected accounts can help administrators remediate the issue before it becomes critical.
#4 – ALERTS FOR PASSWORD POLICY COMPLIANCE ISSUES
Finally, most organizations want to track password settings on accounts and flag those with incorrect provisions allowed (i.e. Password Never Expires, Strong Passwords NOT Required, etc.). These automated alerts from CoreView will provide the administrators with enough information so they can perform follow-up investigations with those end-user accounts and fix the password policies as needed. An example of this type of Password Setting report is shown below. Since CoreView monitors all these activities and configuration settings, it is simple for IT administrators to configure alert notifications for specific security concerns.
(Example of Security Reports or User Password Settings)
There you have it. If you are looking for an Office 365 security sentinel to monitor and alert you when known security issues occur, then CoreView is the solution you need. If you are interested in finding out more about our CoreView solution and how it can help with security compliance auditing, perform security alerts, and cut your administration time in half, please visit our overview page online, or sign-up for a complimentary trial at https://www.coreview.com/request-a-demo.