The increasing awareness of companies about the current perspective of cyber threats has also led to the development of the creativity of attackers and even the most foresighted and astute user can be a victim of them.

In background … did you know what?

• 286 days it takes to detect an intrusion.
• More than 63% of network intrusions are due to compromised credentials.
• $ 3.8M is the average cost of a data security breach for a company.

Although we have protected the identity of our users and data hosted in the cloud, possible vulnerabilities in VPNs and server infrastructure (especially domain controllers – with their local active directory), along with users making mistakes (for example falling into phishing attack or reuse passwords on insecure websites), provide alternative avenues for cybercriminals to enter the “kitchen.”

The attackers, in those cases, move fast … and once they obtain the credentials of any user, they manage to assign themselves administrator privileges (with the help of log files, memory-resident data, non-encrypted files and other mechanisms), and … we already have them inside, without being able to do anything (for a time greater than 140 days on average until they are discovered). What’s more, because many companies still have data on their local infrastructure, unfortunately, when it comes to on-premises attacks, the “network barrier” that companies typically have to theoretically keep themselves safe actually prevents intelligence from based on the cloud of other Microsoft products (such as AAD Identity Protection, Azure AD Conditional Access and Cloud App Security) can help you keep the data physically hosted in your organization safe.

The solution: Microsoft Defender for Identity

Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) is designed to help companies detect and analyze advanced attacks on local or hybrid infrastructure.

This technology allows you to quickly and easily understand what is happening on your network, quickly identifying suspicious activity and providing clear information about threats.

In general, with Defender for Identity you can:

• Detect suspicious user and device activity through analysis based on machine learning and Microsoft threat intelligence.
• Protect your Active Directory (and therefore your users), through continuous analysis of authentication protocols.
• Get clear, real-time information on the attack timeline to respond quickly.
• Monitor multiple entry points through integration with Microsoft Defender for Endpoint.

How does it work?

Defender for Identity works in 4 steps:

1-Analysis
Analyzes information collected from various data sources , such as logs, network events, Active Directory authentication protocol, and domain controller traffic.

2-Learning
Once the network is analyzed, Defender for Identity begins to learn and profile user, device, and resource behaviors using Microsoft’s machine learning technology .

                            Generated user profile card

3-Detection
Thanks to the self – learning technology and threat intelligence of the Microsoft Intelligent Security Graph ( technology that analyzes billions of data from global centers of the company to access up-to-date information on attack trends) Defender for Identity is capable of detecting 3 groups of attacks or threats:

1- Malicious attacks
Detects malicious techniques known as:

• Pass-the-Ticket
• Pass-the-Hash
• Overpass-the-Hash
• And many more aimed at credential theft.          

2- Abnormal behavior
Machine learning reveals suspicious activities and irregular behaviors such as:

• Abnormal logins
• Unknown threats
• Password sharing

3- Problems and risks related to security
Thanks to Microsoft’s integrated threat intelligence, it is able to identify known security problems:

• Weak protocols
• Known protocol vulnerabilities
• Side-scrolling path to confidential accounts (Occurs when a non-confidential user account is compromised to gain access to more privileged accounts, for example, the administrator account)

                            Microsoft Defender for Identity portal view showing lateral movement paths

Through this view, Microsoft Defender for Identity displays confidential accounts on the network that are vulnerable due to their connection to non-confidential accounts or resources.

4-Alert
After detection, alerts and presents information on the Defender for Identity workspace portal, including a clear view of who , what , when, and how, as well as recommending actions for remediation.

Traditional IT security tools are often unprepared to monitor ever-increasing amounts of data and issue unnecessary alerts that distract from real threats. With Defender for Identity, alerts occur once suspicious activity is matched against in-context behavior profiles, thus reducing false positives.

This image shows the alert that notifies the suspicion that an attempt was made to access from a server not recognized or supported by the company network.

This image shows the Microsoft Defender for Identity warning panel reporting the suspicion that an attempt was made to carry out an attack called “Pass-the-ticket” on client computers 1 and 2 of the net.

Integration with Microsoft Defender for Endpoint
Defender for Identity integrates with Microsoft Defender for Endpoint for a much more comprehensive threat solution. While Defender for Identity monitors traffic on domain controllers, Defender for Endpoint monitors endpoints (the actual devices that are used) by collecting information about behavioral signals from the operating system.

Microsoft Advanced Threat and Attack SecurityMicrosoft has a host of services and products that protect businesses. However, in this case we want to highlight two of the products that protect organizations from the most advanced threats and attacks and are part of the Defender family:

• Microsoft Defender for Office 365: Works to protect your Office 365 email, files, and applications from potential attacks. It works by securing your inbox against advanced threats, protecting against unsafe attachments, and protecting your environment when a user clicks on a malicious link. More information…
• Microsoft Defender for Endpoint: Generally combined with Microsoft Defender for Identity to detect and prevent all malicious activity. However, their focus is on detecting and protecting the endpoints – the actual devices used in business. More information…

You can purchase Microsoft Defender for Identity within the Enterprise Mobility + Security 5 (EMS E5) suite, with Microsoft 365 E5 or as a standalone product.

You want to know more? Contact us to find out how to protect your company!

Yes i want to know more

E-mail and messaging applications are one of the preferred avenues for cybercriminals to introduce malware onto computers through attachments or links to malicious websites. These threats are masked in emails of false job offers, notifications of fines, alerts of payments due and even come from affected senders that we trust. In short, falling into the trap of these attacks is very simple .

Advanced protection with Microsoft Defender for Office 365

Office 365 already provides businesses with basic security measures that protect email from known spam, malware, and viruses. However, as hackers launch increasingly sophisticated and damaging attacks, companies need new tools capable of neutralizing them. For this, Microsoft offers us Microsoft Defender for Office 365 , formerly Office 365 ATP, a tool that enriches the security of the platform by providing protection against advanced threats.

What is Microsoft Defender for Office 365?

Defender for Office 365 is Microsoft’s cloud-based service that protects against phishing, spoofing, and other sophisticated malware attacks through malicious links delivered through email and Office collaboration tools. 365, including SharePoint Online, OneDrive for Business, and Microsoft Teams. It offers comprehensive protection by offering surveillance throughout the entire life cycle of an attack:

• Prevention , filtering targeted attacks against corporate email, credential spoofing, ransomware, and advanced malware.
• Detection of malicious and suspicious content through artificial intelligence, correlating attack patterns to identify danger.
• Threat analysis through a control panel, to track attacks on the environment.
• Response and correction , allowing to automate responses to incidents that occur.

In this article, we are going to discuss each of the capabilities included in this powerful Office 365 security solution.

Protection against insecure attachments
Microsoft Defender for Office 365 includes two protection capabilities, Safe Attachments and Dynamic Delivery. With Safe Attachments , attachments are subjected to real-time malware behavior analysis that uses machine learning techniques to evaluate them for suspicious activity. If no suspicious activity is detected, the file is released for delivery with minimal delay time.

Dynamic Delivery , allows the user to read and respond to the mail while its attachment is being scanned, thus avoiding the penalty in user productivity. The service delivers the mail to the recipient with a message indicating that the attached file is being scanned and its progress.

Additionally, Dynamic Delivery displays a preview of the file it is scanning, further minimizing work interruptions for the user.

Protection against malicious links
Office 365 security tools scan messages in transit, blocking any malicious hyperlinks before the user can click. However, in the most advanced attacks these malicious urls are hidden in seemingly safe links that reach the recipient and in which even the most discerning user can fall victim to them.

Generic mail that includes various malicious links hidden in apparently safe links.

To deal with these malicious techniques, Defender for Office 365 has two functionalities, Safe Links and Url detonation , which act when the user clicks on the link, performing a reputation check and analysis of the link in real time, blocking the link in case it’s malicious.

When the user clicks on a malicious URL, Microsoft Defender for Office 365 automatically begins the scan, showing the user screens reporting the situation. The protection of that link remains, blocking it every time the user clicks.

Microsoft has taken a big step in the protection coverage of Microsoft Defender for Office 365 by adding the Internal Safe Links functionality. This ability protects users from malicious links sent between people in the same organization.

Internal Safe Link acts the same as Safe Link ; When a user clicks on a link, the tool analyzes it in real time and blocks it if it is malicious. This functionality deals with the scenarios in which someone impersonates the identity of a person in our organization, also preventing emails from leaving it.

Protection against identity theft (Anti-Phishing)
This functionality that protects us from phishing attacks that come from people we know a priori but in reality they are not the ones who have sent us the mail (this is what is called an attack based on impersonation). These types of phishing attacks are extremely dangerous because the recipient, when the mail “theoretically” comes from someone who seems to be a member of your organization, tends to trust and easily fall into deception. If our domains are correctly configured, an impersonation using exactly our domain should not be possible, but Microsoft Defender for Office 365 intercepts as impersonation attempts also those senders that, being incorrect, confuse because they are very similar (For example, we received an email from a sender “zperez@softegn.es”, when in reality, if this user existed, it would be “zperez@softeng.es”.

Once this new advanced functionality is activated (the policy is not activated by default ), automatically the system gradually learns how each user communicates with others inside and outside the organization, applying predictive artificial intelligence and finally protecting all users. Microsoft Defender for Office 365 licensed users.

Protection against spoofed emails from external domains (Anti-Spoofing)
This ability helps detect and block spoofed emails from external domains . Spoofing is a malicious spoofing technique that occurs when an email message originates from someone who is not who they claim to be.

To combat this type of attack, Defender for Office 365 includes a system capable of detecting spoofed emails through:

• Detection of the security settings of the source domain: By activating this functionality, Office 365 will only accept emails that come from domains that are not vulnerable to being spoofed. Specifically, for each new email that arrives at our company, check that the sender’s domain has the correct security settings *, guaranteeing that it has been sent from an account that really belongs to that domain. Otherwise, if we receive emails that come from domains without these well-configured protocols, Microsoft Defender for Office 365 blocks these emails, preventing them from reaching our users.

  * SPF, DMARC, and DKIM are the standard email authentication protocols that help protect against spam and phishing

• Reputation filters: Check the safe sender lists and the history of previous submissions from that domain.
• Anomaly Patterns: Checks for pattern anomalies by comparing with previous submissions from that domain.

  Get advanced reports and track links in messages
Microsoft Defender for Office 365 offers extensive reporting and tracking capabilities that provide administrators with insight into the type of attacks that are occurring in the organization with information from who is the target in your company, malware and spam sent or received in the company and the category of attacks you face.

Advanced reports allow you to investigate messages that were blocked due to an unknown virus or malware:

The URL tracking function allows an analysis of the links that users have clicked, also showing the blocked ones:

Collaborates safer

The ability of advanced protection for files that are shared from SharePoint Online, OneDrive for the company and Microsoft Teams offers companies a safer way to work, I m asking users to open or download malicious files.

How to acquire Microsoft Defender for Office 365?

Defender for Office 365 offers us two plans:

Microsoft Defender for Office 365 Plan 1: It is included in the Office 365 Enterprise E5 version and can be added in the following Office 365 plans that have a mail license, specifically:

• Exchange Online Plan 1 and Plan 2
• Exchange Online Kiosk
• Exchange Online Protection
• Microsoft 365 Business Basic
• Microsoft 365 Business Standard

• Office 365 Enterprise F3

• Office 365 Enterprise E1 and E3

Microsoft Defender for Office 365 Plan 2: This plan combines all the capabilities of Plan 1 plus the Office 365 Threat Intelligence threat intelligence solution, it is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 .

From Softeng we offer you our experience and our services to help you draw up and agree on the most appropriate strategy to implement security solutions in the cloud that ensure the continuity of your business .

You want to know more? Contact us to find out how to protect your company!

Yes, I want to know more!

In recent months, we have seen in the media how important companies and institutions have suffered computer attacks that have exposed millions of sensitive data and collapsed their corporate networks. According to data from the INCIBE (National Cybersecurity Institute), last year more than 120,000 incidents were registered in Spain, this figure being 40% higher than the previous year.

Indeed, security is one of the great challenges that companies face. However, the sophistication of attacks is evolving by leaps and bounds, reaching such a high level that it can take many months to discover the intrusion in the network and therefore causing a great impact on the company.

To deal with these types of advanced threats, Microsoft offers us Microsoft Defender for Endpoint (previously called Microsoft Defender Advanced Threat Protection). It is a powerful solution that combines Windows 10 technology and Azure’s intelligent cloud service to provide businesses with proactive protection , post-breach detection , automated investigation , and advanced threat response on their networks.

Much more than an antivirus
Microsoft’s antivirus is Windows Defender and is included in all Windows operating systems. Instead, Microsoft Defender for Endpoint is a set of advanced security solutions in the cloud that, among other sources, draws on antivirus (Windows Defender or not).

How exactly does it help you protect yourself?

In general, it helps you:

• Detect advanced and zero-day attacks ( Attack that exploits an unknown vulnerability ), from the analysis of the environment, the behavior and the use of machine learning, showing you detailed information on the extent of the security breach through the central console and offering you solutions to mitigate it.
• Get a real-time analysis of your entire equipment infrastructure through a central console that displays information on the status and activity of protected equipment.
• It gives you instant access to the analysis of 6 months of information regarding the behavior of the company to carry out a forensic analysis, giving you an inventory of files, URLs and connections throughout the network.
• Save time for your IT department thanks to automatic alert investigation.
• Offers a single platform approach
• Protection against next-generation attacks: Polymorphic or mutant viruses that are difficult to detect because they constantly change their malicious code.
• Reduction of attack surfaces, through different functionalities such as web protection, controlled access to folders or application control, protects equipment by minimizing attack surfaces.

How does it work?

The tool continuously monitors the network for malicious activity or abnormal behavior through:

• Behavior sensors: Integrated into equipment and devices, they collect and process behavioral signals from the operating system (for example, network communications, file and process modifications). This information is then sent to the Cloud Security console for analysis and exchange of signals with the Microsoft Intelligent Security Graph.
• Threat Intelligence: Microsoft has a team of global security specialists and a community of hunters who are dedicated exclusively to searching for and finding new malicious techniques, continually training Microsoft Defender for Endpoint to help you be more and more effective.
• Cloud security analysis: Thanks to BigData and machine learning, it analyzes the information received from the sensors and compares it with historical and anonymous information from millions of devices spread around the world as well as by the Artificial Intelligence of threats included in the Windows Defender for Endpoint itself, to detect anomalous behavior, hacker techniques, and similarity to known attacks.

Automatic threat investigation and resolution

With the power of the cloud, machine learning, and behavioral analytics, Microsoft Defender for Endpoint provides intelligent protection capable of tackling the most sophisticated and advanced threats. In numbers, it processes 970 million malicious events per day through Microsoft’s business and consumer ecosystem, making its intelligence more powerful day by day. However, detecting threats is only half the battle, 80% of companies receive a large volume of alerts on their systems, causing the IT department to spend a large part of its resources on investigation and remediation tasks.

To solve this problem, Microsoft Defender for Endpoint includes a feature that we want to highlight called ” automatic investigation “: This feature automatically investigates alerts and applies artificial intelligence to determine if it is really a threat in order to decide what actions to take, too , automatically. This functionality saves time and effort for IT departments, allowing them to focus on more strategic tasks for the company.

Protection not only for Windows

One of the most recent features that Microsoft has added to Microsoft Defender for Endpoint is the ability to protect not only Windows computers, but also extend it to devices with other operating systems, both desktop and mobile. Thus, Microsoft Defender for Endpoint is now compatible with iOS, Android and MacOS , and is capable of protecting us from phishing attacks and malicious links on different devices. Keep in mind that mobile devices represent an increasing threat in vulnerability to phishing attacks for two main reasons. First, because email links usually come not only from email, but also from messaging applications, SMS and other applications. And second, because on these devices it is more difficult to see the URL you are going to click (due to the simple fact of having less screen) and because of the ease of clicking even by mistake.

Specifically, Windows Defender for Endpoints protects against malicious links using these three techniques:

• Anti-phishing . Unsafe links to mobile applications are blocked instantly, and then security teams are notified through the Microsoft Defender Security Center portal.
• Blocking insecure connections . It blocks certain insecure connections made by applications without the user’s knowledge. Subsequently, notify through the security portal.
• Custom indicators . It allows security teams to create personalized accesses and locks based on their needs.

Features of the Microsoft Defender Security Center portal

Microsoft Defender for Endpoint helps the IT department to effectively manage the company’s network, offering it a centralized administration and management portal for all alerts and security measures of the equipment, with functionalities that allow you to:

• Move through the different navigation panels to access: Security Operations, Security Score or the Threat Analysis Panel.
• Manage security alerts for the entire network.
• Control and manage the automatic investigations that have been carried out.
• Through a powerful advanced query- based search tool, you will be able to proactively “hunt” and research through your company data.
• In the list of machines section you can control the computers incorporated into Windows Defender ATP obtaining detailed information on risks and alerts.
• Get a quick overview of the application’s service status .
• Update your configuration options, allowing you to customize retention policies, enable advanced features, and create Power BI reports that allow you to interactively analyze machines, alerts, and investigation status.

Navigation panels

Security Operations Panel

This panel provides a snapshot of the network showing a detailed view on the various security alerts on computers and users. Through this dashboard, you can quickly explore, investigate, and determine where and when suspicious activity has occurred and easily understand the context in which it arose.

The dashboard has interactive windows that provide indications on the general health status of the organization, such as active alerts, machines and users at risk, active automatic investigations, and a suspicious activity dashboard that displays audit events based on detections of various safety components.

The tool also offers the possibility of simulating attacks so that you can check their level of effectiveness before continuing to incorporate teams.

Threat Analysis Dashboard

Threats emerge with increasing frequency and through this dashboard, you can quickly assess your security position, including the impact and resilience of your company in the context of specific threats. You will also be able to continuously assess and monitor your risk exposure to Specter and Meltdown , two of the main vulnerabilities in the processor chips through which attackers can access your computer.

The dashboard offers a set of interactive reports published by the Microsoft Defender for Endpoint research team at the time a new threat and attack is identified. From the mitigation recommendations section, you can execute specific actions to improve the visibility of the threat and increase the resistance of your company.

In addition to the functionalities that we have discussed in the article, we want to highlight the following:

Isolation

Speed of response and isolation are the key to successful security attack prevention. Therefore, when the tool detects that a computer is compromised, it automatically suspends the user’s account and isolates the infected device to prevent access to the network, drastically reducing the attack surface. Also, even if the machine is isolated, the IT department has total control over that equipment at risk, to be able to analyze it and mitigate the security breach.

Detonation

You can submit suspicious files for deep inspection and full analysis in minutes, in an isolated network environment, and lock the files if they are malicious.

Conditional access based on team risk

Microsoft Defender for Endpoint can control access to sensitive information based on the risk level of the computer itself. In this way, it guarantees that only authenticated users who use a device registered with the company will be able to access company data in Office 365 and also that it can only be accessed if the equipment is in good condition (without viruses, Trojans, etc). Therefore, if a threat is detected on a device, the affected device’s ability to access sensitive information is instantly blocked as long as the threat remains active.

Threat and vulnerability management

This capability uses a risk-based approach to identify, prioritize, and repair machine vulnerabilities and misconfigurations. It includes:

• Real-time discovery through device inventories, which offer automatic information on security configuration data and computer vulnerabilities.
• Inventory of the company’s software, as well as changes related to new installations, uninstallations and patches.
• Constant visibility of application usage patterns for better prioritization and decision making in the event of suspicious behavior.
• Control and visibility over the security configurations of the company, showing information and alerts in real time on emerging problems such as disabled antivirus or erroneous configurations. Issues are reported on the dashboard with actionable recommendations.
• Threat intelligence that helps prioritize and focus on those vulnerabilities or threats that pose the most critical risk to the business.
• One-click remediation requests, through integration with Microsoft Intune. It also provides real-time monitoring of the status and progress of remediation activities across the enterprise.
• Provides information on additional alternative mitigations, such as configuration changes that can reduce the risk associated with software vulnerabilities.

Integration with Microsoft 365 tools
You can provide Microsoft Defender for Endpoint with more information and intelligence when assessing the risk level of each machine with the integration of:

• Microsoft Defender for Identity: Detects if the machine suffers anomalous behavior (lateral attacks, for example) and, if this is the case, the risk of the machine increases in order to prioritize the revision of it.
• Azure Information Protection (AIP): Comparing two machines with the same vulnerabilities, the one that has documents labeled with AIP will have a higher level of risk (having sensitive information) and, therefore, will be prioritized.
• Microsoft Cloud App Security (MCAS): Allows those applications that MCAS has marked as unauthorized, to be locked on the computer without being able to use, regardless of the network to which it is connected.

Microsoft Defender for Endpoint licensing?

There are different licensing modalities depending on the type of endpoint that we want to protect. Licensed users can use Microsoft Defender for Endpoint on a maximum of five simultaneous devices.

• Microsoft Defender for Endpoint can be purchased individually
• Included in Windows 10 E5 ( includes all security capabilities of version E3 + Microsoft Defender for Endpoint)
• Included in Microsoft 365 E5 (includes Windows 10 Enterprise E5, Office 365 E5, and EMS E5)
• Included in the Microsoft 365 E5 Security Add-on

For servers:

• Connecting servers to Azure Security Center
• Microsoft Defender for Endpoint License for Servers

As a conclusion, we can affirm that Microsoft Defender for Endpoint covers the life cycle of threats from beginning to end, from detection to investigation and response automatically, taking your company to a maximum level of protection.

At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.

Do you want to know more about Windows 10 Enterprise E5 or Microsoft 365? Contact us!

Yes, I want to know more!

Several weeks after the celebration of the event organized by IDG Research in which Softeng participated and in which the main cybersecurity trends during the crisis caused by COVID19 were explored and analyzed, the implications of teleworking and the preparation for the new normal. The company has prepared a report that includes the main topics that were discussed both in the proposals of the technology providers that participated and in the practical cases of companies that shared their experience and learning.

Strategy gains priority over operations

IDG points out that the health crisis has had a short-term impact on the operations of the security departments, which have needed to quickly implement new solutions while attending to the different incidents. However, once this stage has passed, companies have begun to wonder what the new normal will be like and consider how to redefine their security strategy.

In all cases, the return to normality has generated changes in the organizational model, even transforming the business model. Organizations have realized that the change is irreversible: the work environment is going to be a hybrid between face-to-face and remote activity . On the other hand, digital channels are going to be consolidated in all businesses. All this changes the risk map of organizations and with it the security strategy.

During the event, the areas of greatest impact were discussed, focusing on three main points:

Employee protection

Employees are the starting point since they have been accessing the company remotely from their homes. In this sense, companies have faced several challenges:

• Employee in a different environment than usual: In many cases, employees have had to work with personal devices and in an environment very different from the one they have in the office, reconciling work and family activity at the same time. All of this has led to a drop in security practices that were routinely followed, making them vulnerable to human error, phishing or social engineering attacks.
• Undefined work profile: Many companies did not have telework defined within the user profiles and although mobility was defined, it was not defined to have access to all the applications used in the company.
• Disruption on the perimeter: As a rule, the perimeter approach was based on the fact that employees worked within the corporate environment, except for those who worked in mobility as an exception.
• Loss of control over data: The risks of teleworking not only affect the device but also the data that the user manages, downloads and stores.

To overcome these challenges, these solutions were discussed during the conference:

• Employee awareness: Through training sessions and knowledge of company protocols and policies.
• Review accesses and privileges: To have visibility at all times to detect inappropriate or suspicious access and maintain control of compliance.
• Review the traditional concept of perimeter: To consider alternatives that incorporate Zero Trust principles.
• Protect data: Adding encryption and maintaining a more robust governance of data.

Protection of hybrid environments
During the crisis, many companies have accelerated the adoption of the Cloud, having to deal with hybrid environments in an unplanned way. The challenges that companies have faced in this regard are:

• Manage access: At this point the challenge is twofold, on the one hand, it is necessary to protect the user’s access to multiple services without impacting their experience. On the other hand, if there is no robust privilege policy, there may be improperly defined permissions (eg problem in the configurations) and open security breaches. This is compounded in the case of external collaborators.
• Control the Shadow IT: Remote work has increased the propensity to use resources without the supervision of the security area that escape from corporate security policies.
• Change in traffic patterns: There has been a change in the pattern of information traffic between the user and the different environments they access. In particular, the upload has multiplied, generating vulnerabilities.

To overcome these challenges, the solution offered during the conference was:

• Reinforce access and identities: Through double authentication systems or biometric measures.
• Integrate management: Lean on tools that allow an integrated perspective of all environments to carry out centralized management.
• Analyze traffic: Detect anomalous and subtle behaviors and connections, which go unnoticed by standard security tools, and which are related to complex, uncategorized attacks (eg new attack typologies).
• Compliance control: Implement the necessary security tools to ensure regulatory compliance.

Income protection
Companies have had to quickly migrate to digital channels to stay active. This has led to the following challenges:

• Urgency in the implementation of digital tools. Companies have been quick to search for solutions in the market. If you do not have the security area, a Shadow IT can be introduced that opens multiple vulnerabilities.
• Tensioning of applications. The pattern of use of applications has changed multiplying their use remotely and from new devices. However, many applications were not ready for these new patterns, impacting their security, performance or user experience.
• Increased risk: Companies have inevitably assumed greater risk to ensure the continuity of their activity. However, if they do not have visibility into this risk, they will not be able to manage it properly.

To overcome these challenges, the solutions offered during the conference were:

• Test and validate new tools. To equip employees with the necessary tools to be able to telecommute and prevent employees from looking for their own alternatives (Shadow IT)
• Strengthen applications: Applications that have not been designed to be used over the Internet or in a massive way need a revision so that they can accommodate new usage patterns.
• Measure risk and safety position. Through tools that allow knowing the security position.

Softeng’s participation in the conference

Our CEO, Carlos Colell, participated with a presentation called “How to protect our companies in the new era of teleworking” in which he began by explaining the current scenario in which companies find themselves and how the rush towards teleworking has shown that companies were not prepared to adopt the necessary security measures.

Carlos then explained about the most common security mistakes in companies, among which is having a security strategy based on passwords; emphasizing that companies must understand that the passwords of some user will be exposed for sure, sooner or later and therefore new measures must be taken such as, for example, the double authentication factor. Likewise, another of the common mistakes is having several security solutions from different manufacturers that results in a lack of communication between products, requires more dedication and causes a longer reaction time.

Finally, he spoke about the strategy to improve security and concrete recommendations to overcome the most common challenges and protect companies in this new normal.

As a conclusion to everything that was exposed in this conference, we can highlight that teleworking has come to stay and for that reason, the concept of cybersecurity has completely changed to adapt to a new paradigm of massive teleworking and an exponential growth of cyber attacks that They try to take advantage of this new situation.

There are many companies that are daily affected by security breaches that cause the theft, kidnapping and destruction of confidential information. All these gaps tend to have a common origin: compromised user passwords.

In many cases (more than 52%), these gaps are the result of human error (users using the same passwords they use when registering on certain websites, opening emails requesting to log in to a fraudulent form, using passwords simple, etc ..).

Indeed, password theft is becoming very common and highlights the importance of protecting the user’s identity beyond their password, as it will eventually end up compromised. Clearly, an account protected only by a password is an easy target for attackers.

Not all victims remain anonymous

Recently a news item has been published in the media about the identity theft attack (phishing) that the municipal urban transport company of Valencia (EMT) has suffered. In this case, the “hackers” sent emails on behalf of a company manager to the head of administration in which they ordered the payment of various financial operations worth 4 million euros and unfortunately the employee trusted by making these payments. These types of scams are becoming more and more relevant among companies that do not protect themselves adequately but do not come to light for obvious reasons (shame). In this case, the company is public and for that reason it has appeared in the media, although in effect, from Softeng we are seeing clients who have not yet committed to protecting themselves, suffering similar cases.

How can you prevent something similar from happening in your company?

The solution

You can help prevent some of the identity attacks by adopting a strategy of training your employees to protect against phishing, but what will really help you is that it is practically irrelevant if your password is stolen, adding an additional step to authenticate.

Two-step authentication (called MFA ) provides an additional layer of security to your company, being an access control method that allows you to confirm the identity of a user to prove that they are who they say they are. It works by requesting two, or more, of the following methods of authentication:

• An item you know (usually a password or pin).
• An item you have (a trusted device, such as a mobile phone or digital key).
• A biometric characteristic that identifies you (a fingerprint or your face).
• An App on your device, protected, that allows the user to authorize access.

With the use of various factors to verify the identity of a user, the vast majority of password theft attacks are neutralized since their work is multiplied exponentially as they need to “hack” more than one system at the same time to gain access.

Two-step authentication is very easy to use and includes the ability to configure trusted locations (branches, headquarters, …) for greater security and user convenience.

Recommendation

The usual advice about changing your passwords often or making your passwords difficult, really does not help against the millions of attacks that are suffered daily (more than 300 million fraudulent login attempts directed at cloud services from Microsoft). The idea is, if your password hasn’t been stolen from you, why change it? Or … if a hacker already has your password and you don’t know it, why wait 2 months to change it?

According to studies, multi-factor authentication solutions block 99.9% of these unauthorized login attempts .

Don’t you think the time has come to incorporate it into your company?

How can you have two-step authentication?
This feature is included in the Azure Active Directory Premium subscription and in the packages that it contains: A solution that, in addition to helping to guarantee access to applications and data only to people who really are who they say they are, includes the ability to apply smarter restrictions through three key features:

• Conditional access : To limit access to applications from outside the company (based on group membership, geographic location and device status).
• Identity protection: Risk-based conditional access. For this, strange behaviors are analyzed (for example, you have logged in from very far locations in an impossible time, you try to access from a computer not managed by the organization and others).
• Management of privileged identities: Administration and protection of administrator accounts, allowing to assign the administrator role to a user temporarily, alerting the change and supervising their access to resources.

If you wish, see all the details of Azure Active Directory Premium

Ultimately, hackers have more and more methods at their disposal to obtain user credentials and, in most cases, they will end up obtaining it.

Do you want to know more about how to protect the identity of your users? Contact us!

Yes i want to know more

The new digital era coupled with the current reality motivated by COVID-19 is transforming companies in an accelerated way, entailing considerable security risks that must be addressed. In effect, security borders are blurring and the investment required to ensure the security of our digital identities, devices and data leakage increases. Therefore, it is necessary to articulate security mechanisms to detect, analyze and eliminate threats to our companies, as well as action plans that clearly establish what to do in the event of a security breach.

IDC Spain, the leading global provider of market intelligence, has produced a report that we present to you today that deals with the impact of digital transformation on security. This transformation requires a new level of security in which Artificial Intelligence and the cloud play a fundamental role in enabling “digital trust”, seen as perceived by our clients, suppliers and employees regarding the protection of their data and privacy. .

In addition, IDC analyzes at the end of the report the strategic advantages of Microsoft’s cybersecurity platform, why Softeng should be considered as an intelligent cybersecurity partner and how exactly it simplifies it to make it available to all companies .

Download the report here!

As companies strive to stay current in a world where cloud and mobility are prioritized , security and compliance take on a critical position.

Thus, as mobile work becomes an integral part of the business, employee devices and applications become the first line of defense against a host of increasingly advanced threats. In fact, these malicious attacks are an unaffordable risk for companies due to both security and legality issues , since, in addition to the serious problems associated with the leakage of confidential data, after the arrival of the GDPR, companies face significant economic sanctions and to the inherent penalty on the part of its clients and the market .

To address these security challenges, Microsoft offers us Enterprise Mobility + Security (hereafter EMS), an identity-based security platform designed to help companies manage and protect their corporate devices, applications, and data.

Specifically, EMS offers companies security capabilities through different lines of defense (the so-called ” defense in depth ” principle), so that all lines complement each other (and if for any reason one is overcome by a threat , the next line may be the one that prevents us from disaster).

EMS is made up of 4 protection areas that will help you to continue with the digital transformation of your organization, safely:

Identity and access management

With the increasing popularity of cloud applications, social networks and web portals, which we use in our day to day accessing with different credentials (user) but often, reusing the same password (avoiding having to remember so many). This way of acting of the users in their Personal life carries enormous risk. Why? Initially, the number of (known) leaks of data from users of large social networks and consumer services in the last 12 months is extremely high (“Google Plus”, “Facebook”, “Movistar”, “IESE”, “Adidas” , “Job Talent”, “Ticketmaster”, “myHeritage”, among many others), so thesecurity threatFor companies, it is enormous since cyber criminals, once they have a personal username and password, easily find out where that person works and then try the same password to access the sensitive information of the companies where they work, being right in many cases. At the same time, cybercriminals also use massive campaigns to send false emails, asking our users (to their corporate or personal email) to enter any site in order to steal a password. And they do it better every time.

To avoid the risk that all this entails, it is necessary to protect the identity of our corporate users and for this EMS includes Azure Active Directory Premium (AAD Premium) , which helps guarantee access to applications and data only to the people who really are who they say they are .

Additionally, it offers us the ability to enforce smarter constraints through three key features:

” Conditional access “: Before, companies could only ask for things like: “That users can only access from within the company!”, But now … they can ask us: “That users can access from outside the company company, but establishing conditions as needed “(only from authorized corporate or personal devices, only from known locations, forcing the use of multi-factor and / or preventing the extraction of information, among other requirements). Making a simile, you can think of Azure AD conditional access as the security doorman of a building , as it welcomes good neighbors while challenging others to confirm their identity and deny entry to completely unfamiliar, or .. perhaps he will let them pass, letting us know he is going up and accompanying him.

” Identity Protection “: Criminals attempt nearly 100 million fraudulent login per day and we should know if any of them impact us. To do this, the “Identity Protection” reports provide us with intelligence to detect and inform IT of suspicious logins such as those that would imply making a trip to a strange place to date or impossible due to the time between a login and other (detecting the intrusion by the probability that they may actually be different people) or locating passwords of users for sale online. In addition, along with ” Conditional Access “, it offers us the power to allow users to connect as long as there is no risk in their session (for example, if they did it from a computer with viruses or malware) or only by letting them connect if your password is changed when the system knows it has been stolen. Making a simile, this benefit would be like a lookout that observes and provides relevant information about what is happening in the environment, so that you can act accordingly.

” Privileged Identity Management “: Having an account compromised is always a possibility and the best way to reduce risk is to assume that there has been or will be a gap. But, if a compromised user account is a problem, if the user has administrative privileges, the situation becomes catastrophic , so it is critical to minimize the possibility that a compromised account ends up having uncontrolled administrative permissions. This tool precisely offers us to ensure that we have the minimum number of administrator users, being able to offer administrative permissions on time, when required, only temporarily and even automatically (under certain circumstances). Making a simile, it would be like when a smart card is given to enter the hotel Spa, but once our stay is over, the card stops working.

Features summary:

• Two-step authentication.

• Conditional access: real-time, risk-based control

• Validation without password (using the mobile).

• Identity protection (alerts of anomalous behavior, compromised credentials and vulnerabilities).

• Single sign-on for all applications (including non-Microsoft aps).

• Management of privileged identities (Enable temporary administrator permissions on demand for specific tasks).

If you want, see all the details of Azure Active Directory Premium

Information protection

Although we are able to ensure that the person who accesses our data is who they say they are and also that they do it from a secure device, the risk continues because the user can share a document with an external person who may not be as well protected (or potentially may make inappropriate use of the information provided).

For this, EMS includes Azure Information Protection , a Microsoft cloud service that allows companies to protect their confidential data through encryption (whether they are on-premises or in the cloud), ensuring that, even if the document leaves the organization for a non-environment Sure, only authorized users can access it. In addition, we can define the actions that authorized persons can carry out and continue to have the document (and its copies), always under our control, wherever it is, even if we do not physically have access to it.

Features summary:

• Protection of data through encryption, authentication and use rights.

• Smart classification and automated labeling of data.

• View where the documents are being opened from and by whom (wherever the document is).

• It helps to comply with the GDPR by facilitating the detection and protection of personal data.

• Revoke access to all copies of a document (even if they are physically outside the organization).

 Following the analogies, you can think of Azure Information Protection as the system that ensures that our briefcase, which contains highly sensitive documentation, turns to dust in case it falls into the wrong hands. 

See all the details of Azure Information Protection

Smart security

EMS offers visibility into everything that happens to our data in the cloud (wherever they are), threat detection and attack prevention through the solutions: Microsoft Cloud App Security , Advanced Threat Analytics (ATA) and Azure Advanced Threat Protection ( Azure ATP).

Microsoft Cloud App Security (MCAS)

What happens if an employee, correctly identified and authenticated, does something wrong with your data? What’s more … What if that employee is no longer loyal or acting under duress? or .. What if your computer is not properly protected and malware is reading data on your behalf? This is where Cloud App Security would step in.

Specifically, Cloud App Security provides IT departments with visibility and control over cloud applications used by users in your organization (those allowed and .. not allowed). In this way, on the one hand, you will be able to restrict access to those that you do not authorize and on the other you will be able to observe the activity that users carry out with the data of the allowed applications, identifying suspicious activities and possible threats before they become reality.For example, Microsoft Cloud App Security may indicate that a certain user is downloading a large amount of information outside the company (even, if the situation is too anomalous, they may log you out), or you can limit that it is not possible to access According to applications from outside your organization or from unknown computers.

MCAS, apart from Office 365 and Azure, provides activity visibility for popular cloud applications like Dropbox, G Suite, AWS, Salesforce and many more.

Microsoft Cloud App Security includes:

• Detection of cloud applications for ShadowIT control

• Protection of information through data loss prevention policies (DLP)

• Visibility of user activity in cloud applications.

• Application risk assessment.

Microsoft Cloud App Security is, following the similes, like the bodyguard that always accompanies a person so that they do not do or suffer any damage.

Check here all the details of Microsoft Cloud App Security

Advanced Threat Analytics and Azure Advanced Threat Protection

All the lines of defense described in this article provide very effective protection for your organization. However, user behavior (for example falling into a phishing attack or reusing passwords on insecure websites), possible vulnerabilities in VPNs and server infrastructure (especially domain controllers – with their local active directory) and others Creative attacks by cybercriminals provide alternative ways for them to enter the “kitchen”.

Attackers, in those cases, move fast .. and once they obtain the credentials of any user , (often through vulnerable VPNs or without multi-factor protected authentication), they manage to assign themselves administrator privileges (with the help of log files, data residing in memory, non-encrypted files and other mechanisms), and … we already have them inside, without being able to do anything (and for a period of more than 140 days, on average, until they are discovered). What’s more, because many companies still have local infrastructure, unfortunately, when it comes to on-premises attacks, “network barriers / firewalls” that companies have to keep theoretically safe, actually prevent and for technical reasons, that smart cloud products (such as AAD Identity Protection, Azure AD Conditional Access and Cloud App Security) can be used to help keep the data physically hosted in your organization safe.

Your on-premise infrastructure represents the highest risk, so having a quick response to these intrusions is the best strategy. Fortunately, Advanced Threat Analytics (ATA) and the cloud version, Azure Advanced Threat Protection (Azure ATP), help companies quickly detect an attempt to penetrate an on-premises infrastructure by analyzing advanced attacks, mainly on our controllers. Of domain.   The difference between the two products is that ATA (included in EMS E3) needs to be installed in local infrastructure requiring server and relevant storage for a lot of data, while Azure ATP (included in EMS E5), stores the data and operates entirely from the cloud, without need for local infrastructure.

ATA and Azure ATP offer among other features:

• Detection of suspicious user and device activity based on company history, machine learning, and threat intelligence.

• Monitoring of multiple company entry points through integration with Microsoft Defender ATP (Azure ATP only).

• Detection of lateral displacement routes to accounts with administrator permissions.

• Future integration with AAD (Azure ATP only)

• Alerts with clear, real-time information of attacks on the company to respond quickly.

In the end, ATA / Azure ATP is like the vigilante hidden in our house, able to quickly alert us if an attacker has broken a security barrier.

If you want to know more, you can check here the details of Azure Advanced Threat Protection

Protection in mobility

Although we are sure that an identity has not been compromised and that the person who accesses our data is who they say they are, there is always the possibility that a user will download information to an insecure device (without encryption and / or without pin) or worse still, already committed.

For example, if a user is synchronizing corporate email on their personal phone and it doesn’t have a PIN, anyone who picks up that phone will have full access to the company’s mailbox. Or, if the user has downloaded a document with very sensitive content (contracts, payroll excel, …) on their personal device and laptop (or phone), it is lost or stolen, those documents will fall into the wrong hands. What’s more, many devices are currently used as a security validation factor, so having them without protection and with malware that is capable of intercepting the user’s credentials every time they connect to a service is a great threat.

For all these reasons, as one of the points of access to corporate resources is through both company and employee devices (mobile, tablet or laptop), the management of these devices to ensure compliance with certain parameters ( such as having a pin, being encrypted or not having viruses or malware), maintaining control in case of loss or theft along with the ability to decide which applications can be used from them (and how and from where), is an essential part of the company’s security strategy to avoid information leaks. All this is what EMS offers us within Microsoft Intune .

Microsoft Intune includes among other features:

• Management of which applications and how they can be used on mobile devices.

• Isolation of corporate data and personal data within the same application (both in the same application and in other non-company applications)

• Selective deletion of corporate data on lost or stolen mobile devices.

• Management of mobile devices (iOS, Android, MacOS and W10).

Using another analogy, you may think that Intune guarantees the integrity of our briefcase and its lock , helping to protect the security of what’s inside.

Check here more details of Microsoft Intune

How is EMS licensed?

This product has two versions:

• EMS E3: Includes Azure Active Directory Premium P1, Intune, Azure Information Protection P1, Advanced Threat Analytics and rights for Windows Server CAL.
• EMS E5: Includes Azure Active Directory Premium P2, Intune, Azure Information Protection P2, Microsoft Cloud App Security, Azure Advanced Threat Protection, and rights for Windows Server CAL.

Likewise, EMS is included in the following suites:

• MICROSOFT 365 E3: Includes EMS E3, Office 365 E3 and Windows 10 E3.
• MICROSOFT 365 E5: Includes EMS E5, Office 365 E5 and Windows 10 E5.

Conclusions

The stark truth is that the speed and sophistication of attacks is increasing and together with the risks derived from human errors (in passwords or sharing information), it provides the enemy with multiple ways to access our data. Yes, the enemy is out there or … maybe already inside, so, our recommendation is to follow a strategy that supposes that we have a gap and think that no defense will be enough.

Do you want to know more about Enterprise Mobility + Security? Contact us!

Yes, I want to know more!

Security is critical for any business that is in the cloud. According to a study carried out by Microsoft, an average of 17 cloud applications are used in companies, sometimes some, with the knowledge of the IT managers but often without their authorization (for example, Facebook, Gmail, Dropbox, etc. ..), exposing companies to unknown security risks and privacy policy breaches. Faced with this situation, many IT managers ask themselves : How can we detect which cloud applications our users use as part of their activity? and … then … How can we control the activity carried out by these users in these applications, taking into account that it is often confidential data?

The solution: Microsoft Cloud App Security

What happens if an employee, correctly identified and authenticated, does something wrong with your data? What’s more … What if that employee is no longer loyal or acts under duress? or .. What if your computer was not properly protected and a malware was reading data on your behalf? This is where Microsoft Cloud App Security (MCAS) would step in.

Specifically, Cloud App Security provides IT departments with visibility and control over the cloud applications that your organization’s users use (allowed and disallowed). In this way, on the one hand, you can restrict access to those that you do not authorize and, on the other, you can observe the activity carried out by users with the data of the allowed applications, identifying suspicious activities and potential threats before they become reality.For example, Microsoft Cloud App Security may indicate that there is a certain user who is downloading a large amount of information outside the company (even if the situation is too anomalous, it may close the session), or you can limit that it is not possible to access depending on which applications from outside your organization or from unknown computers.

MCAS, apart from Office 365 and Azure, provides activity visibility for popular cloud applications like Dropbox, G Suite, AWS, Salesforce, and many more.

What exactly does it offer you?

• Application detection: Monitor your network traffic in real time and detect used cloud applications, gain visibility into unauthorized ones and assess risk.
• Visibility of user activity in cloud applications : Through Cloud Discovery you will be able to obtain detailed information on the activities, users, traffic and files used in the cloud, as well as personalized reports of activity logs in the cloud by user.
• Greater control and protection of your critical data : Control the use of your company’s data through data access and sharing policies and data loss prevention (DLP). For example, your company may have a file policy enabled that alerts you when a user has shared a company document with an external domain.
• Smart protection: Cloud App Security relies on the information of millions of unique data received by device signals from Microsoft’s customer base to detect incidents and anomalous user behavior patterns that may be indicative of a security risk for your company .
• Application risk assessment: Cloud App Security relies on information from millions of signals received from Microsoft customer devices to detect incidents and anomalous user behavior patterns that may be indicative of a security risk for your company.
• Integration with Azure AD: You can consolidate the various identifiers that Cloud App Security collects from a user when accessing different applications in the cloud and unify them with their identification name in the Active Directory of your company. In this way, you can more easily control activity in the cloud and can also create customized reports by user groups or departments (This functionality requires a configuration in the company’s Firewall)

With native integration technology with identity and security solutions such as Azure Active Directory, Intune and Azure Information Protection, you will gain visibility into all your applications and services in the cloud by leveraging sophisticated analytics to identify and combat cyber threats and control how data is consumed. , no matter where they reside.

Investigation panels

The Cloud App Security panels provide an overview of the activities and characteristics of the cloud applications that are being used and allow you to measure that use by the number of users, the volume of traffic or the IP’s from which it is accessed. To help you investigate the applications in your environment you can consult:

• Main panel: Overview of cloud status (users, files, and activities), as well as required actions (alerts, activity violations, and content violations)
• Data: Analysis of the data stored in the application; Breakdown by file type and file sharing level.
• Files: File details, possibility of filtering by owner, level of sharing, etc., as well as carrying out government actions (such as quarantine)
• Third-party applications: Details of third-party applications implemented in the company, such as G Suite, and definition of policies for those applications.
• User: Complete overview of the user profile in the cloud, including groups, locations, recent activities, related alerts, and browsers used.

Detected applications

From this tab you can carry out a detailed analysis of the applications that are used in the company and carry out actions with the unwanted ones, because they are considered risky applications or because they violate company policies, marking them as Unauthorized .

Once an application is marked as unauthorized, you can perform two types of actions on them:

• Do not prevent its use, but more easily monitor its use through Cloud Discovery reports.
• Prevent its use by blocking access to the application throughout the company (this feature requires specific configuration in the company firewall)

Connected apps

Through this view you can connect applications and keep track of the actions performed on them, such as:

• Consult the map of active users and real-time monitoring
• Control the actions that are carried out (data or documents)
• View the user accounts that use the application
• Apply your policy policies.

Cloud App Security uses the APIs provided by the providers of the cloud applications to connect them and gain control over them.

  Policy policy to control applications

The actions that employees take with the applications can be managed and controlled based on directives and, if necessary, apply the necessary policies to mitigate the risks in your company. For example, through policies you can allow users to access certain applications in the cloud from the company, but prohibit the download of documents.

There are several types of policies that map to the different types of information you want to collect about your cloud environment and the types of corrective actions you want to take:

• Activity policy: They allow you to monitor specific activities carried out by different users or to follow unexpectedly high levels of traffic for a certain type of activity.
• Anomaly Detection Policy: Allow you to search for unusual activity in the cloud to issue alerts when something other than the organization’s baseline or normal user activity occurs.
• Application detection policy: They allow setting alerts that notify when new applications used are detected on the organization’s network.
• Cloud Discovery Anomaly Detection Policy : This policy examines the company’s network traffic and looks for anomalous behavior. For example, when a user who has never used Dropbox suddenly loads 600GB or when there are many more transactions than usual in a given application.
• File policy: Allow browsing of cloud applications to detect specific file types or files (shared, shared with external domains), data (proprietary information, personal information, credit card information, etc.) and apply policies necessary to comply with company regulations.

Alerts

This view provides complete visibility into any suspicious activity or violation of company policies by helping administrators determine the nature of the incident and the response required for each alert. Additionally, Cloud App Security alerts help you adapt policies or create new ones based on incidents. For example, if you receive an alert that a company user has logged in from Greenland and no user in your organization has ever logged in from that location, you can create a policy that automatically suspends any account when access is attempted from that location. .

Alerts dashboard view showing suspicious activity and abnormal logins

Control in Azure

You can seamlessly monitor all Azure subscriptions and protect your environment through:

• Visibility of all the activities carried out through the portal.
• The ability to create custom policies to alert you to unwanted behavior, as well as the ability to automatically protect yourself from risky users by suspending or requiring them to log in again.
• All Azure activities are covered by the Anomaly Detection Engine, which will automatically alert you to any suspicious behavior in the Azure portal, such as abnormal logins, massive suspicious activity, and activity from a new country.

In recent months Microsoft Cloud App Security has received interesting improvements, among which stand out, for example, the possibility of visualizing which applications and services run on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) subscriptions, regardless of whether are running on Azure, AWS, or Google Cloud.

Microsoft Cloud App Security and the GDPR

Thanks to integration with Azure Information Protection (AIP) , Cloud App Security can help your company in GDPR compliance by allowing you to apply AIP classification labels to files in the cloud to protect and identify them. With integration you can:

• Apply classification labels as a governance action to files that match policies.
• View all classified files in one central location.
• Conduct research based on classification level and quantify the exposure of sensitive information in cloud applications.
• Create policies to ensure classified files are handled correctly.

Cloud App Security Licensing Options

• Cloud App Discovery (Basic functionality): Provides information about which cloud applications not managed by you are being used in your company, with the aim of controlling shadow IT. This product is integrated into Azure Active Directory Premium andEnterprise Mobility + Security E3 .
• Office 365 Cloud App Security (Intermediate functionality): Includes threat detection based on user activity logs, detecting more than 750 Office 365 applications or applications with similar functionalities. This version is built into Office 365 Enterprise E5.
• Microsoft Cloud App Security (Full functionality): The most complete solution that provides detailed visibility and threat protection for both Office 365 and SaaS applications, with a complete catalog of more than 16,000 applications in the cloud . It also enables labeling and classification thanks to integration with Azure Information Protection. This version comes bundled with Enterprise Mobility + Security E5, Microsoft 365 E5, or as a standalone product.

With Cloud App Security you can benefit from the advantages of the cloud with confidence, while remaining safe, protected and complying with regulations.

Do you want to know more about Microsoft Cloud App Security? Contact us!

Yes i want to know more

The new way of working of companies using cloud technology to boost their growth and adapting to the new collaboration and mobility needs of their employees, has opened new fronts of risks and security vulnerabilities. Companies are increasingly aware that their employees must be able to work better together, regardless of where they are. However, they are concerned about their ability to protect themselves from cyber attacks and keep their data safe.

Recently, Microsoft conducted a survey in Spain of companies with less than 300 users on security and from it they obtained that 80% of companies with less than 300 users feel vulnerable to a cyberattack and more than 71% have already suffered one. However, despite this reality, not all companies are sufficiently aware of the risks of not being protected. The proof ? More than half of companies do not have essential measures such as the ability to remotely wipe corporate data from an employee device (lost or stolen), protect the identity of their users, or use encryption. information for (emails, files, etc). And if we ask about more advanced protection measures to protect ourselves against threats (phishing, ransomware, targeted attacks) or simply from information leaks caused by employees (by accident or not), in our experience, more than 80% of companies they are not protected.

The solution: Microsoft 365 Business

To respond to the needs of companies and increase the protection of their confidential information, Microsoft offers a solution that provides the best productivity tools and modern collaboration with Office 365, advanced security and device management.

With Microsoft 365 Business you can:

• Increase the productivity of your company, improving technology to meet the growing needs of your company.
• Expand the security of your data , protecting your company’s sensitive information on all PCs, phones and tablets.
• Improve the mobility of your employees, being able to access their job safely from anywhere.
• Safely manage your employees’ devices, with Intune, Windows 10, the most secure Microsoft operating system and Office 365.

Microsoft 365 Business is divided into 3 pillars:

Collaboration

It offers the tools of Office 365 Business Premium, which help your company to:

• Improve productivity with smart tools built into Office.
• Promote communication and collaboration between the people of your organization.
• Work better as a team, collaborating from anywhere and on any device.
• Optimize work processes.

Secure device management

It offers the necessary tools to manage your employees’ devices efficiently and safely, helping you to:

• Remotely manage devices against theft, loss and loss of employees with Microsoft Intune.
• Enforce security policies to protect business data on all devices, including iOS, Android, and Windows PCs.
• Configure computers to automatically install Office and Windows 10 apps and updates with Autopilot on Windows 10.
• It offers you upgrade rights to Windows 10 Pro from Windows 7, Windows 8 and Windows 8.1 Pro versions

Security and compliance

It offers the security and compliance tools that help your company to:

Identity and data protection

• Prevent unauthorized access to your data in the cloud through a second authentication using a mobile app, an automated phone call or a text message with Azure Active Directory Multifactor Authentication.
• Label and set permissions on files to ensure confidentiality when required, using Azure Information Protection.
• Track and revoke documents to control shared data.
• Protect against sophisticated threats hidden in email attachments and links, gain defenses against zero-day threats, Ransomware, and other advanced malware attempts with Office 365 Advanced Threat Protection.
• Apply data loss prevention policies to help protect sensitive information with Data Loss Prevention (DLP).
• Enforce malware protection to help keep Windows 10 devices safe from viruses, spyware, and other malicious software – Windows Defender.
• Enable unlimited cloud archiving and long-term preservation policies to ensure email is never lost – Exchange Online Archiving.
• Microsoft recently introduced Azure AD conditional access policies that allow you to set specific conditions on how your company data can be accessed.

Compliance

The GDPR implies for companies 3 obligations in the field of security:

• Protect personal data
• To be able to demonstrate to the AEPD that we are protected.
• Being able to detect security breaches and notify them in less than 72 hours.

In this sense, Microsoft 365 Business, through its security tools, helps you comply with the regulation as follows:

• Assessing compliance risk.

• Identifying the data.

• Keeping the data protected.

• Detecting and reacting to the theft of personal data.

All these processes are covered with the security tools mentioned in the identity and data protection part, also adding: Compliance Manager, Litigation Hold, Data Subject Request and eDiscovery.

In conclusion, with Microsoft 365 Business your company will be able to achieve more and gain peace of mind, providing the appropriate technology to your employees so that they can work safely where, when and how they want, helping you boost the competitiveness of your company.

Do you want to know more about Microsoft 365 Business? Contact us!

Yes, I want to know more

Within the process of digitalization of companies, the transformation of the environment in which the work takes place is becoming increasingly important. It no longer matters from where it is made, or when, or from what devices, so that mobility becomes an important piece. The key to the success of any company must be focused on ensuring that workers are more productive and have greater flexibility, collaborating safely and in this way can create value and innovation for the company.

Microsoft 365 Enterprise

Microsoft 365 Enterprise is the flagship of Microsoft’s strategy to drive this new work culture, a platform that includes Office 365, Windows 10 Enterprise and Enterprise Mobility + Security (EMS), the most complete set of collaboration, analysis and security, which applies artificial intelligence to the day to day of the workers to facilitate productivity.

Microsoft 365 Enterprise is designed for teamwork, in a decentralized and highly mobile work world that demands solutions that bring people, information and analysis together safely, meeting the needs of large organizations (more than 300 users). Specifically Microsoft 365 Enterprise:

• It provides the most comprehensive and complete set of applications and services for teamwork, giving people flexibility and mobility with the choice of how they connect, share and communicate.
• It helps to safeguard the confidential information and intellectual property of your company with built-in intelligent security.
• Train workers to work anywhere and device.
• It helps to manage complex IT environments, because everything is integrated for simplicity.
• It allows to obtain more detailed information from your data to make better decisions.

Collaboration

It includes the best collaboration tools included in Office 365 Enterprise that help your company to:

• Promote communication and collaboration between people in your organization, boosting their productivity.
• Work better as a team, collaborating from any place and device.
• Optimize work processes.
• With unified communications, you can extend, duplicate or reduce the company’s entire communications infrastructure to the cloud and also extend it with integration with Microsoft Teams.
• Connect with the entire company through Yammer.
• Work naturally with pen inputs, voice and touch functions.

Secure device management
It offers the necessary tools to manage your employees’ devices efficiently and safely, helping you to:

• Remotely manage devices against theft, loss and termination of employees with Microsoft Intune.
• Apply security policies to protect business data on all devices, including PCs with iOS, Android and Windows.
• Offers you upgrade rights to Windows 10 Enterprise from Windows 7, Windows 8 and Windows 8.1 Pro versions
• Configure computers to automatically install Office and Windows 10 Enterprise applications and updates with Autopilot.
• Enforce malware protection to help keep Windows 10 devices safe from viruses, spyware and other malicious software.

Smart Security and Compliance

Microsoft 365 Enterprise provides you with complete protection (with Microsoft Intelligent Security Graph technology) to offer you:

• Complete protection of identities, applications, data and devices.
• Advanced protection against security breaches on devices and servers (using Microsoft Defender ATP).
• Protection against sophisticated threats hidden in attachments and email links, zero-day threats, Ransomware and other advanced malware attempts.
• Shadow IT prevention and use control of unauthorized cloud applications.
• Streamlines compliance with the GDPR standard with advanced compliance and government administration capabilities.
• Control who has access to company information with the ability to track all activities that are carried out with the shared data, see where a document has been opened and revoke access remotely at any time.
• Secure your business data against accidental or intentional leaks, protecting the shared use of your confidential data inside and outside the organization and applying data loss prevention policies.
• Unlimited cloud archiving and long-term conservation policies to ensure that email is never lost.

Analysis and intelligence

Microsoft 365 Enterprise, in its higher edition, includes Power BI capabilities that help you achieve significant business value from your data, also taking advantage of the Power Apps platform.

• Transform data into stunning visual objects and share them on any device.
• Visually explore and analyze your data in real time, in the local environment and in the cloud, all in one view.
• Collaborate on custom panels and discover new trends in your data through interactive reports.

Discharge

Microsoft 365 Enterprise offers 3 editions:

Microsoft 365 E3
Get access to key products and features from Microsoft to improve work area productivity and drive innovation safely. This edition includes: Office 365 Enterprise E3, Windows 10 Enterprise E3 and Enterprise Mobility + security E3 (EMS)

Microsoft 365 E5
The most complete plan with which you will get access to the latest products and features with Microsoft, adding an advanced layer of advanced security with Microsoft Defender ATP, voice and data analysis tools. This edition includes Office 365 Enterprise E5, Windows 10 Enterprise E5 and EMS E5

Microsoft 365 F1
The integration of the so-called “Fist line workers” or frontline workers, who work permanently in mobility with the rest of the company, is a very important part in the success of our digital transformation strategy. These workers usually lack access to the appropriate technology, to share ideas, data and information with the rest of the colleagues in the office and thus be more productive, so connecting them efficiently to the collaboration tools will improve the processes of the company.

In short, Microsoft 365 Enterprise offers you a modern and highly secure work area for employees, which drives teamwork and collaboration with smart security.

Want to know more about Microsoft 365 Enterprise? Contact us!

Yes, I want to know more