This post is authored by Yossi Basha, Senior Program Manager, Azure ATP
With 81 percent of security breaches caused by compromised user credentials, identity security is paramount for all organizations. Enterprise security operations (SecOps) analysts face an increasing volume and velocity of alerts and incidents across an ever-expanding surface area from on-premises to the cloud.
For analysts investigating compromised users, context is key. The ability to understand relationships between events and activities across multiple environments is central.
Microsoft has three identity-centric security products offering detection capabilities across on-premise and in the cloud:
We are happy to announce that we have brought these together in a unified SecOps experience, which focuses on identity-based alerts and activities for true hybrid identity threat protection.
Because many organizations have hybrid environments, we see attacks that start in the cloud and then pivot to on-premises, meaning SecOps teams need to investigate these attacks from multiple places.
By combining signals from cloud and on-premises sources, Microsoft empowers security analysts by providing unified identity and user information, in a single console, ending the need to toggle between security solutions. This gives your SecOps teams more time and the right information to make better decisions, and actively remediate the real identity threats and risks.
In addition to the aggregated security awesomeness, we have simplified and boosted your ability to investigate with the new Investigation Priority Score, which provides you visibility into users that could pose the greatest risk to your organization should they be compromised.
Your SecOps team can immediately understand the real top user threats to your organization by Investigation Priority Score, directly verify their business impact and investigate all related activities – no matter whether they are compromised, exfiltrating data or acting as insider threats.
To calculate the Investigation Priority, we assess the investigation urgency of each specific user, using security alerts, abnormal activities, and potential business and asset impact related to each user. For every Azure Active Directory user, we then build a dynamic Investigation Priority Score, based on intelligence built from Azure ATP, Microsoft Cloud App Security as well as Azure AD Identity Protection – which is continually updated based on recent behavior and impact.
The Investigation Priority Score helps in identifying top users to investigate and surfacing those users that we recommend for review based on the user analytics engine.
The unified portal also brings significant new investigation capabilities for cloud and on-premises information.
Get Started Today
If you’re one of the many enterprise customers already using Azure ATP, Microsoft Cloud App Security, and/or Azure AD Identity Protection and want to test the new identity threat investigation experience, get started by checking out our comprehensive technical documentation.
If you’re just starting your journey, begin a trial of Microsoft Threat Protection to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.
We would love your feedback! Find us on the Azure ATP Tech Community and send us your questions or feedback on the new experience.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.