Many companies have security products deployed that help them defend against potential attacks and forensically identify the source and type of attacks—but these solutions focus on the network and endpoints.
Knowing that a particular account or machine was compromised, what IP address the compromise came from and so on is necessary for security teams to respond… but it’s not enough on its own.
Users who have legitimate access to Microsoft 365 represent a unique attack surface because -wherever an attacker gains entry – their account can be used to access any resource the user has access to. Most conventional Office 365 security tools aren’t paying attention to what happens in that domain.
Given the high volume of user activity in every Microsoft Office 365 tenant, when an incident occurs, and you’re tasked with finding out what happened, it can feel like looking for the proverbial needle in a haystack as there is no single consistent picture of user activity.
This leaves you to sift through silos of data on configuration, security, and user activity – and Microsoft only gives you a view from the last 90 days.
Determining who was responsible, what data was accessed, when and where, and what remedial actions need to be taken all require you to have quick, complete access to the right data. You also need to share this data with your security team, your compliance or legal teams, and other stakeholders, but it may be difficult to grant them access.
Nova helps solve these challenges with a practical set of tools to help you protect against, identify, and respond to security threats that affect your tenants and users:
Unlike the native Office 365 Audit Log – which provides access in one, large, unwieldy view, Nova enables you to segment and visualize activity so that you can isolate events or threats quickly.
This includes the ability to combine Security and Audit data with static data such as current permissions, current access levels, Teams membership, user licenses, and group memberships. For those organizations with multiple tenants, Nova provides a view of user activity across all tenants.
Nova provides a rich and customizable environment to support an investigation. Rather than trawling through many reports, each showing part of the story, related, multiple reports are combined into one rich report with various sections.
The condensed reports provide an exceptional level of detail, giving you a complete picture of exactly what happened.
If you’d like to learn more about Nova’s Office 365 security audit capabilities and to see a demo of our Office 365 management software, please contact our expert team.