Microsoft Threat Intelligence for Higher Education - Defend, Identify, and Respond to Threats

Cyber Security Breaches Cost Companies $3.86 Million per Breach

Cybercrime has cost companies over a combine $400 billion a year since 2016 and the average breach costs a company $3.86 million per breach. In fact, 1 million new pieces of malware are created each day and malware accounts for over half of all breaches!

Therefore, it is no surprise that security is the primary focus for Microsoft. 

To thwart would be threat actors, Microsoft relies on threat intelligence. Microsoft Threat Intelligence is an ecosystem that gathers and collects telemetry from across its cloud services and the cyber landscape to better understand and mitigate the growing level of sophisticated attacks. 

One major advantage Microsoft has is its economies of scale. For example, each month Microsoft gathers billions of data points from over 450 billion authentications, 400 billion emails, and over one billion Windows devices. From this data, Microsoft can utilize all of this data to achieve a level of aptitude that allows its security services to quickly identify attack types and filter through the noise. 

What does it all mean?

Microsoft’s threat intelligence does more than just look for attacks and vulnerabilities. Microsoft threat intelligence goes a step further to prove relevant context so users are able to make faster, more informed, and proactive decisions. 

Furthermore, due to the breadth of Microsoft’s customer base, Microsoft takes a collaborative approach and allows all organizations and customers visibility of security events. 

How does it all happen?

Through Office 365, Azure, and Windows Defender, Microsoft gathers, produces, and consumes threat intelligence data. 

All of this data can then be visualized in Microsoft services including Azure Sentinel and Microsoft Defender Security Center.

Scenario: Office 365 threat protection to help prevent a malware attack

To help prevent a malware attack from occurring Microsoft leverages their end-to-end Office 365 Threat Protection stack which includes:

Office 365 Exchange Online Protection which has anti-virus signatures that are constantly updated to block malware attacks based on known file hashes. 

Defender for Office 365 can catch new variants of a malware attack, such as when email is utilized as the vehicle of attack. When new variants are detected, the anti-virus signatures are updated in Exchange Online Protection. Further, Defender for Office 365 works with Defender for Endpoint and Defender for Server to help protect users and systems from the same Malware based attacks.

Office 365 Threat Intelligence allows us to see emails that were part of a malware campaign. We can search for the malware family and if the malware made it through to the tenant. 

Lastly, Office 365 Advanced Security Management, allows us to create an activity policy to detect if a user renames, syncs, or uploads multiple files with a suspicious file extension to Office 365. This policy can be configured to automatically disable the user’s account to help stop other encrypted files from being transferred.

As we can see, the threat intelligence capabilities in Office 365 Threat Intelligence complement each other in order to provide insights to help organizations proactively defend against advanced threats, malware, phishing, zero-day attacks, and other attacks.

Industry Focus – Higher Education

Maintaining security online and on campus is an ever growing challenge for IT leaders at universities. 

Recent data shows that 1.3M identities are  exposed as the result of cyber attacks on higher-ed institutions and 44% of these institutions admit that mobile devices have been the culprit for security compromises. 

However, with Microsoft Threat Intelligence features, these institutions have the opportunity to optimize and build a holistic security picture. Further, this allows organizations to maintain high-quality insights into their cloud and identity security while enabling automated identification and investigation of threats.

With Microsoft’s security technology, schools can protect student and faculty data at home, on campus, and from anywhere in the world. This is accomplished through leveraging Microsoft’s Identity Management solutions such as Azure Active Directory with MFA tied with Intune for Education that can manage and enforce identity access policies to control the devices and apps that students and faculty are allowed to access university resources from. 

Lastly, with remote learning, universities are faced with the task of securing devices that can be located anywhere around the world. Threat Intelligence solutions like Microsoft Defender for Office 365 leverages AI and automation to help protect against advancing threats built within email, shared links, and other collaboration tools. 

Key Take Aways

As we have seen, Microsoft is constantly taking in data to help its customers create a more secure network. The protection features within Office 365 and Azure provide customers with great visibility of the cyberthreat landscape, rapidly identify threats such as targeted email campaigns, and allow customers to conduct thorough investigation and response to any threats. 

And don’t forget, just as cyberthreats are constantly occurring, Microsoft is constantly expanding upon their Threat Intelligence capabilities. To learn more about how Microsoft Threat Intelligence can help secure your business, you can visit the following link from Microsoft.