Investigative Tools to Empower Stronger Threat Protection
We launched Office 365 Threat Intelligence to help organization’s become more secure by enhancing admin capabilities which offer greater visibility, deeper insights, and powerful executable actions (check out the recent webinar overviewing the service). Today we’re excited to announce ‘Threat Trackers’ for Office 365 Threat Intelligence, enabling efficient monitoring and management of threat investigations to help admins quickly remediate and respond to threats. The feature can be found under ‘Threat Management’ in the Security and Compliance Center. Table 1 summarizes the four available ‘Threat tracker’ categories.
Threat Tracker Categories
Noteworthy campaigns are classified, as well known and important global threats. Office 365 Threat Intelligence pre-builds Noteworthy Campaign monitors, enabling admins to quickly review the impact of these threats, assessing both their volume and frequency. This automated monitoring allows admins speedy remediation from these threats. Noteworthy Campaign monitors update hourly, showing the latest impact of these threats to your organization. Click ‘Explore’ if you want to see the detailed events detected by the filter.
The Trending Campaigns view provides dynamic assessments of email threats impacting your organization’s Office 365 environment. This view shows tenant level malware trends, identifying malware families on the rise, flat, or declining, giving admins greater insight into which threats require further attention. New threats not seen recently in your organization will appear at the top of the page (sorted by trend). Trending Campaigns also offers a comparative view on how a threat impacts your organization versus others. If an organization’s targeting percentage is >10%, it indicates that it is being specifically targeted by the attack. Admins can further investigate targeted and trending attacks in Explorer, where actions such as deleting or moving the malware to junk can be taken. Targeted attacks are typically short-lived, so these types of attacks in the Trending Campaigns view may drop out of the view within a few days.
While the campaign views enable tracking and quick assessment of threats, queries are powerful investigative views allowing deeper understanding of threats, aiding admins to make data driven security updates. Queries can be accessed from either campaign view by clicking on ‘Explorer’ which displays that tracked threat campaign. Saved Queries provides a view into all Explorer searches saved as queries. Admins can monitor malware and phish events with the scope (number of emails included in an incident) defined and saved from Explorer. Saved queries are useful for checking items frequently. To create more saved queries, go to the Explorer, add filters to view specific sets of events, then select ‘Save query’ (button at top of page).
Tracked queries provide regular assessments of malware, phish, and other events with the scope defined from Threat Explorer. Tracked queries help monitor items frequently, providing reports, allowing quick and in-depth evaluation of threats or groups. A limited number of tracked queries are available for each organization. Admins can choose to convert saved queries and begin tracking them using the edit option for that query.
These 'Threat Trackers' enrich the admin experience, providing a powerful new tool for monitoring and managing, investigations, which ultimately enables quick response to threats. With this added feature, Office 365 Threat Intelligence provides admins to more efficiently and easily secure their organization.
Send Us Your Feedback
Let us know what you think of the new Threat trackers feature by beginning an Office 365 E5 trial today to experience the powerful capabilities of Office 365 Threat Intelligence. Your feedback enables us to make updates and enhancements to provide you with the best protection for Office 365. Please watch our recent webinar on Office 365 Threat Intelligence to learn further details on how the service can help your organization become more secure.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.