Huntress Managed Detection and Response (MDR) has a new feature in beta testing, Microsoft 365. With the increasing frequency in cloud-based services, attacks are sneakier and more impactful then ever. Huntress M365 helps you identify and defend against these attacks by detecting suspicious logins, unauthorized activity such as new mail forward configurations, and other signs of intrusion.
Huntress is an MDR that provides 24/7 support with a human element that monitors your Microsoft 365 environment. Their software is trained to identify early indicators of an attack and swiftly shut it down. The software provides 24/7, 365 days a year support, this ensures there’s no lapse in coverage, even during the off hours and holidays.
Features and Threats:
- Suspicious Login Identification – Threat actors accessing an account leave behind behaviour indicators, for example, a series of sustained failed logins before success and impossible or improbable travel between logins, all things to look out for as suspicious login attempts.
- Suspicious Mail – Threat actors can use compromised user accounts for several malicious purposes, including reading emails in a user’s inbox, forwarding emails to external recipients, and sending phishing emails.
- Monitoring Access Activity – Threat actors will often need access to systems and services not available or unused by compromised accounts. Novel or unauthorized access to applications, files or data can be a key indicator of a compromised account.
- Privilege Escalation and Triggers – Threat actors often need to change, add, or alter the permissions for the compromised account or others. Permission changes can include high-level or sweeping privileges, additional mailbox access, creating new accounts, new groups, and others.
- 24/7 Huntress – Threats can happen at all hours, but attackers target off hours and holidays to catch their targets unaware. Huntress’ security experts always reviews incidents, removes false positives, investigates incidents, and provides remediation directions. No more vague alerts.
- Account Isolation – When a threat actor compromises and accesses an account, the account must be restricted immediately. Account Isolation enables the Huntress team to log out of the account from all applications and devices, including disabling the account from further environment access.
- Malicious Inbox – Malicious inbox rules remain a threat actor’s tool of choice for data exfiltration. Malicious Inbox Rule Removal enables the Huntress SOC to remove the offending inbox rule without impacting other important business email configurations.
MDR for Microsoft 365 seamlessly integrates with AzureAD, allowing it to collect and combine user, tenant, and application data. The data is monitored with external threat feeds that provide a view of your whole environment, this allows the huntress team to detect, analyse and report on suspicious behaviours and dangerous threats discovered within the data. If threats or issues are found, they provide remediation options to address the identified risk effectively.
By leveraging real-time cyber defence backed by human experts, Huntress MDR for Microsoft 365 enhances the security of your organization’s users and applications within your systems. It helps protect against unauthorized access, suspicious user activity, and permission changes, providing you with the peace of mind that your Microsoft 365 environment is continuously monitored and defended against potential cyber threats.
In conclusion, Huntress Managed Detection and Response (MDR) for Microsoft 365 is a robust and proactive cyber defence solution. While it’s only in Beta, it shows promising solutions as well as offering comprehensive protection for your organization’s Microsoft 365 environment. By leveraging a 24/7 Security Operations Center (SOC) staffed with expert analysts, Huntress MDR detects and responds to suspicious user activity, unauthorized access, and potential cyber threats.