Authored with Itamar Falcon, Product Manager, Microsoft Cloud App Security
Attacks don’t respect domain boundaries. They move fast across cloud applications, endpoints, user identities and data domains. They establish a foothold and move laterally across platforms. The integration of Microsoft Cloud App Security and Microsoft 365 Defender is designed to reduce the surface area for potential attack byaccomplishing thesethreekey objectives (and that’s just the start):
Protecting against attacks and coordinating defensive responses in multi-cloud, multi-app environments and other Microsoft 365 Defender workloads through signal sharing and automated actions.
Delivering complete narration of the attack across products for security teams by joining data on alerts, suspicious events by comparing UEBA analytics and impacted assets to incidents.
Enabling security teams to perform detailed, effective threat hunting across all security domains.
Threat protection from your CASB should help automate your responses to incidents and alert you to risky activities in your cloud environment. Check out this brief two-minute video, which demonstrates the value of integrated threat protection in Microsoft Cloud App Security:
As organizations move increasingly to the cloud, protecting the cloud attack vector iscritical. In some cases, attackers perform malicious activities on the organization's cloud infrastructure with a limited footprint on other domains. In other cases, the cloud attack is only part of a much bigger campaign. To fully understand the connections between different alerts and signals, Microsoft 365 Defender, together with Cloud App Security, has developed unique correlations tolend SOC teams insight on the full story with less effort.
In the video below, Itamar leads a discussion on threat protection in Microsoft Cloud App Security, demonstrating:
The flow of correlation of signals into an incident between Microsoft 365 Defender and Microsoft Cloud App Security.
The scope of breach as coordinated by Microsoft 365 Defender advanced hunting by combining signals across workloads: classification of an alert in Microsoft Cloud App Security from the Microsoft 365 Defender portal.
These simple examples illustrate the power of integration of Microsoft Cloud App Security and Microsoft 365 Defender. This integration delivers a set of full capabilities to save time, strengthen security and quickly resolve incidents in your environment. In upcoming development cycles, you will have new threat capabilities around advanced hunting and correlations with Cloud App Security alerts.