New analyst response actions for Microsoft 365

Companies of all sizes are more and more reliant on productiveness instruments like Microsoft 365 — and attackers are utilizing this to their benefit.

Enterprise e-mail compromise and account takeover assaults are prevalent, with adversaries accessing M365 environments utilizing strategies which will evade detection by expertise alone.

Organizations want 24/7 visibility and a totally staffed safety operations heart (SOC) to successfully defend towards such assaults — which is a significant problem for a lot of resource-constrained companies.

Sophos MDR offers the individuals, processes, and expertise to detect, examine, and successfully reply to threats concentrating on Microsoft 365.

Our turnkey integrations and proprietary detection guidelines recognized and thwarted nearly 5,000 assaults on our prospects’ Microsoft 365 environments final quarter alone.

We frequently innovate and improve Sophos MDR to increase and fortify your defenses. And now, the service is getting even stronger with the introduction of latest response capabilities.

New analyst response actions for Microsoft 365

The flexibility to reply rapidly to a cyber incident is essential — the sooner the assault may be detected, contained, and neutralized, the much less injury the attacker can inflict.

This consists of minimizing monetary losses, reputational injury, and disruptions to enterprise operations. A swift response will help stop additional knowledge breaches and restrict the publicity of delicate info.

When an assault is detected in your Microsoft 365 surroundings, Sophos MDR analysts can now execute a spread of response actions in your behalf — quickly containing the menace and liberating up your workforce to give attention to what you are promoting.

Microsoft 365 response actions now accessible

Block/allow consumer sign-in
Sophos MDR analysts can lock down a consumer’s account to forestall an adversary from accessing Microsoft 365 companies and Azure sources utilizing stolen credentials. Following clean-up, entry to the consumer’s account may be restored in seconds.

Terminate present consumer classes
By instantly revoking all presently energetic classes for a particular consumer, Sophos MDR analysts can rapidly eject an attacker who has already gained entry to an account and take away their potential to reuse any stolen session tokens.

Disable suspicious inbox guidelines
Attackers routinely arrange inbox guidelines in Microsoft 365 for enterprise e-mail compromise assaults in an effort to transfer, obfuscate, or delete emails that would in any other case alert the consumer. Sophos MDR analysts can disable particular inbox guidelines to regain management.

Straightforward setup and versatile response modes

The Sophos MDR service is customizable to satisfy your wants, with completely different service tiers and menace response modes. We are able to execute full-scale incident response in your behalf or collaborate with you to handle safety incidents with detailed menace notifications and steerage.

The brand new response capabilities for Microsoft 365 are included with all Sophos MDR service tiers at no extra price and enabled by a easy setup wizard within the Sophos Central cloud administration console.

Selection of menace response modes

Sophos MDR helps you to management how our workforce will work together with you when a cyber incident requires a response. Merely choose your most popular menace response mode based mostly in your group’s wants and wishes:

“Authorize” mode: Our consultants carry out menace response in your behalf with out your energetic involvement — and notify you of the actions taken. As soon as the brand new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will instantly execute these actions when wanted to supply probably the most environment friendly response.
“Collaborate” mode: Our consultants conduct investigations, however don’t carry out response actions with out your prior consent or energetic involvement. As soon as the brand new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will execute these actions in your behalf — as soon as consent has been obtained. It’s also possible to select to permit Sophos MDR to function in “Authorize” mode if we’re unable to succeed in you for consent.

Probably the most strong MDR service for Microsoft environments

Sophos MDR companies shield over 30,000 organizations worldwide – greater than every other MDR service supplier. In Gartner’s 2024 Voice of the Buyer Report for Managed Detection and Response Companies, Sophos as soon as once more had the best variety of critiques amongst all distributors and scored a 4.9/5.0 ranking based mostly on buyer critiques.

Many of those companies have additionally invested in Microsoft instruments, leveraging Sophos MDR to defend towards subtle assaults that expertise alone can’t cease.

Get higher ROI out of your Microsoft funding at present with Sophos MDR:

Microsoft Licensed consultants
Prolong your workforce with Microsoft Licensed Safety Operations Analysts specializing in detecting and responding to cyberattacks utilizing customized Microsoft response playbooks.

Microsoft-specific menace detections
Sophos makes use of proprietary menace detection guidelines and world-class intelligence to establish and cease threats that would bypass Microsoft safety options. We are able to precisely establish suspicious inbox guidelines, unauthorized consumer entry patterns, and extra.

NEW Analyst response actions for Microsoft 365
Sophos MDR analysts can now execute a spread of extra response actions in your behalf, enabling speedy containment of threats with no motion required by you. Disable consumer sign-in, terminate energetic consumer classes, and extra.

Complete help for Microsoft options
Included at no extra price, our turnkey integrations help a broad vary of Microsoft options. Information from Microsoft 365, Defender for Endpoint, Defender for Id, Defender for Cloud Apps, and extra, is collected, analyzed, correlated, and prioritized.