Microsoft Office 365 is popular — very popular. In 2016, Gartner reported that 78 percent of enterprises surveyed used or planned to use Office 365. With access to a range of user activity events from a variety of sources, including Exchange Online, SharePoint Online and Azure Directory, how can Office 365 administrators correlate all this valuable data with other security events across their enterprises?

Applying Security Intelligence to Office 365 Audit Logs

Office 365 provides application program interfaces (APIs) that work in tandem with security intelligence platforms to deduce what’s occurring in your cloud installation and alert you to potential issues. It also includes forensic analysis features and, of course, event logging. However, security information and event management (SIEM) isn’t a core concept for Microsoft, so you’ll need to enlist a dedicated third-party offering such as IBM QRadar for the analytics you need.

The benefit of ingesting Office 365 audit logs into your IBM QRadar security intelligence platform is that you can perform powerful use cases. This integration enables you to:

  • Augment your enterprise’s security compliance posture by including Office 365 events into existing regulatory compliance reports and correlation rules.
  • Detect potential system breaches.
  • Identify possible data leaks.
  • Track user and admin activities for Exchange Online and Sharepoint Online. Activities include file and folder actions such as view, create, edit, upload, delete and download, in addition to file sharing and collaboration.
  • Report on Azure Active Directory authentications by users, and IPs for all of your Microsoft cloud apps such as Skype, Yammer, Exchange Online and others.

Join the webinar

Investigating Insider Threats With UBA

But IBM QRadar doesn’t stop there. In addition to correlating and analyzing cloud-based application logs with security analytics, it can be used within IBM QRadar User Behavior Analytics (UBA) to take user profiling to the next level. This process can help you:

  • Discover risky user behaviors and fraudulent activity.
  • Identify at-risk users, calculate risk scores and place users on a watchlist.
  • Understand the risk profile of the environment and the total of all user scores at a particular time.
  • Drill down into potential threats and gain insights for taking corrective action.

If you don’t think you need UBA as part of your security intelligence infrastructure, consider this: Insider threats account for roughly 60 percent of cyberattacks, many of which leverage phished or otherwise stolen credentials. By cross-referencing a baseline of normal activity, IBM QRadar UBA can alert analysts when anomalous behavior occurs and stop insider threats in their tracks.

To learn more about how QRadar can help you defend your network against insider threats, watch the webinar, “The Human Element: Surfacing Insider Threats with UBA.”

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today