Authored with Itamar Falcon, Product Manager, Microsoft Cloud App Security
Attacks don’t respect domain boundaries. They move fast across cloud applications, endpoints, user identities and data domains. They establish a foothold and move laterally across platforms. The integration of Microsoft Cloud App Security and Microsoft 365 Defender is designed to reduce the surface area for potential attack by accomplishing these three key objectives (and that’s just the start):
- Protecting against attacks and coordinating defensive responses in multi-cloud, multi-app environments and other Microsoft 365 Defender workloads through signal sharing and automated actions.
- Delivering complete narration of the attack across products for security teams by joining data on alerts, suspicious events by comparing UEBA analytics and impacted assets to incidents.
- Enabling security teams to perform detailed, effective threat hunting across all security domains.
Threat protection from your CASB should help automate your responses to incidents and alert you to risky activities in your cloud environment. Check out this brief two-minute video, which demonstrates the value of integrated threat protection in Microsoft Cloud App Security:
As organizations move increasingly to the cloud, protecting the cloud attack vector is critical. In some cases, attackers perform malicious activities on the organization's cloud infrastructure with a limited footprint on other domains. In other cases, the cloud attack is only part of a much bigger campaign. To fully understand the connections between different alerts and signals, Microsoft 365 Defender, together with Cloud App Security, has developed unique correlations to lend SOC teams insight on the full story with less effort.
In the video below, Itamar leads a discussion on threat protection in Microsoft Cloud App Security, demonstrating:
- The flow of correlation of signals into an incident between Microsoft 365 Defender and Microsoft Cloud App Security.
- The scope of breach as coordinated by Microsoft 365 Defender advanced hunting by combining signals across workloads: classification of an alert in Microsoft Cloud App Security from the Microsoft 365 Defender portal.
These simple examples illustrate the power of integration of Microsoft Cloud App Security and Microsoft 365 Defender. This integration delivers a set of full capabilities to save time, strengthen security and quickly resolve incidents in your environment. In upcoming development cycles, you will have new threat capabilities around advanced hunting and correlations with Cloud App Security alerts.
For additional deeper information on this topic, read Sebastien Molendijk’s recent blog: Microsoft Cloud App Security: The Hunt in a multi-stage incident.
We welcome your feedback or relevant use cases and requirements for these capabilities in Cloud App Security by emailing CASFeedback@microsoft.com and mention "Threat Protection".
For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below:
To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Cloud App Security.
Follow us on LinkedIn as #CloudAppSecurity. To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.