- O365 Security Enhancement - Internal Fraud Countermeasures with CASB
Countermeasures against O365 internal threats with CASB-What are the unique attractions of MVISION Cloud that solves the four challenges? ~
It is said that 31% of confidential data is now stored in Microsoft Office 365 (O365) *1. Since robust security is emphasized, many companies may misunderstand that "If you use O365, you don't need to take any security measures."
However, countermeasures against "inside threats" caused by employee misconduct or negligence are essential. This is because the user company is responsible for "user account management", "prevention of unauthorized use of users", and "auditing operation logs" when using O365.
Here, we will organize the issues of O365 internal threat countermeasures and introduce CASB (Cloud Access Security Broker) "MVISION Cloud" provided by McAfee, along with case studies.
Be careful when using O365! What are the common challenges in internal threat countermeasures?
In recent years, internal fraud by employees has become a serious security threat. You will often hear of cases where confidential information is leaked to a new job or personal information is leaked. In addition, there are many cases where employee user account information has been leaked and unauthorized access has occurred.
O365を利用する企業の多くが、内部脅威対策で、以下4点の課題を抱えています。
Issue (1) Visualization of unauthorized access
It is necessary to have a mechanism to monitor suspicious accesses and unauthorized login attempts that are below the threshold from areas that are not normally possible, and to notice them at an early stage.
Issue (2) Visualization of external file sharing
Information leaks by employees cause great damage to companies. In order to prevent file sharing to personal emails and competitors, there is a growing demand for visibility into how files are shared.
Issue (3) Controlling the upload of confidential files
Some companies have operational policies such as "do not upload confidential files to O365", but since there is no mechanism to notice when they are actually uploaded, they cannot control accidental or intentional violations of the policy.
Issue (4) Storage of audit logs exceeding 90 days
O365 operation logs have a short retention period of 90 days, so regular downloads are required. On the other hand, there are 930 types of logs, and if you keep the downloaded file as it is, it will be difficult to read.
Perfect internal threat countermeasures. What are the advantages of MVISION Cloud?
To solve these problems, CASB "MVISION Cloud" provided by McAfee, a major security company, is recommended. Here are the advantages of using it.
Advantage (1) Automatic collection of operation logs and quick visualization of suspicious logins
Automatically collect O365 operation logs and visualize user behavior. Quickly uncover suspicious activity, such as logins from unusual locations or fraudulent login attempts.
Since log collection is performed using an API, there is no need to change networks or install agents.
Advantage (2) Controlling external file sharing with the only CASB real-time API call
With shared links and co-editing features, you can get detailed visibility into who your files were shared with, what actions were taken, and more. It is also possible to automatically control access rights according to the sharing destination.
"MVISION Cloud" uses the Lightning Link method, which connects directly to O365 and executes APIs in real time. Since there is almost no time lag, a high degree of safety can be ensured. Real-time API execution is a unique feature of MVISION Cloud, which is not implemented in other CASBs.
Advantage (3) DLP function that automatically controls the upload of confidential files
You can also control the upload of confidential files to O365. You can automatically delete or restrict sharing based on file tag information and more. MVISION Cloud provides a DLP (Data Loss Prevention) function that prevents the leakage of confidential information, ensuring the protection of important information.
Advantage (4) 930 types of operation logs are categorized for easy viewing. Storage period extended to 1 year
With "MVISION Cloud", you can check the O365 operation log for one year on an easy-to-read screen. 930 types of logs are automatically categorized and can be filtered and sorted freely. Logs can be tracked easily without the hassle of regular downloads.
【事例】大手企業A社が「MVISION Cloud」を導入した決め手は?
Here are some examples. Company A, a major company that operates globally, introduced O365, but felt the following security issues.
<Challenge>
- Logs can only be retained for 90 days, so they may disappear when needed
- There are 930 types of activity logs, and it is difficult to understand and check them correctly
- I want to detect suspicious access and unauthorized login attempts at an early stage.
- I want to visualize and understand file collaboration
Therefore, CASB is considered. McAfee's "MVISION Cloud" was introduced. The following points were the decisive factors for the selection.
<Decisive factors for selecting MVISION Cloud>
- Audit logs are automatically collected and can be retained for one year
- 930 types of logs are categorized into about 10 types and displayed in an easy-to-understand manner
- Ability to quickly detect suspicious activity, such as access from areas that are not normally possible
- Track who uploaded what files to O365 and who downloaded them from where and when
With a Lightning Link API that runs in real time, MVISION Cloud has outstanding reliability not found in other companies' CASBs. Please consider introducing it as an internal threat countermeasure for O365.
*1 Research by McAfee
*Information at the time of interview.
Inquiry/Document request
In charge of Macnica Skyhigh Security
- TEL:045-476-2010
- E-mail:mfe-info@macnica.co.jp
Mon-Fri 8:45-17:30