Vectra Detect for M365 & Azure AD
Securing cloud IaaS, PaaS, and SaaS with Vectra AI
Broad coverage across the entire Attacker Kill Chain in Office 365
Vectra Detect for Office 365 ingests activity logs from multiple services like O365, Azure AD, SharePoint/OneDrive and Exchange. The Vectra AI has a deep understanding of Office 365 application semantics and leverages supervised and unsupervised Machine Learning models. By analysing events like logins, file creation/manipulation, DLP configuration, and mailbox routing configuration & automation changes, it accurately finds attacker behaviour patterns across the entire Attacker Kill Chain. The result is high precision actionable detections instead of anomaly alerts that accurately expose even novel and never before seen attackers with high confidence. The detections are correlated to accounts which provides the security team the prioritisation and narrative to act quickly.
How it works
As the industry’s first network detection and response solution for the cloud, Vectra Detect for Office 365 extends the proven platform that currently protects public clouds, private data centers, and enterprise environments to Microsoft Office 365. The award-winning approach leverages security research combined with data science to create an AI that understands real attacker behaviors and account privilege abuse in Office 365. By taking a cloud-native approach, Cognito Detect for Office 365 detects and stops known and unknown attacks before they lead to breaches, without relying on preventative security
Once an attacker has gained access to an Office 365 account, they can move around easily. New phishing attacks originating from the internal company domain, or shared files with malicious code have high success rates and lead to rapid spread in both Office 365 and onto endpoints. The Vectra Cognito platforms’ enterprise-wide coverage allows organizations to regain visibility across their entire infrastructure, from cloud to ground. As attacks progress and move between endpoints and Office 365, Vectra enables security operations teams to stay ahead and respond faster with a full context of the threats.
By automatically detecting and prioritising attacker behaviours, accelerating investigations, and enabling proactive threat hunting, Vectra Detect for Office 365 takes back control of Microsoft Office 365 security
Threat Hunting with Vectra NDR
Vectra Detect for Microsoft 365 and Azure Active Directory (Azure AD) finds and stops both known and unknown attacks in Microsoft 365 and any software-as-a-service (SaaS) applications federated with Azure AD before they lead to breaches—all without relying on preventive security.
Vectra integrates with multiple Microsoft services, including Microsoft 365, Azure AD, SharePoint, OneDrive, Teams, and Exchange. The Vectra AI uses a deep understanding of Microsoft 365 application semantics and leverages supervised and unsupervised machine learning models to accurately find attacker behavior patterns across the entire kill chain.
Vectra gives security teams high-precision, actionable detection capabilities correlated to all accounts and devices—ultimately giving you back control of Microsoft 365 and Azure AD security.
Office 365 account takeover
Theft, ransom, phishing, fraud, and network pivoting for even more access
O365 Account Takeover is real and happening:
“40% of organizations had O365 account takeovers”
"..over 70% of O365 business users suffer at least one compromised account per month"
“.5% of Azure AD accounts as used by O365 are compromised every month. If you have an org of 10k users, that’s 50 accounts per month”
Microsoft and Vectra are complementary
E5 offers prevention and compliance with a top-tier EDR
Vectra delivers deep detection coverage for threats that bypass prevention in Azure AD and Office365
Network and Azure AD / O365 threat are correlated when Detect for Network is deployed
Competes with pure-play CASB and email security
35+ AI models
