Best Practice Security Evaluation $950

MDR for Microsoft 365

Recent Posts

See all Headlines
Image of devices protected by The AME Group MDR security for Microsoft 365

Managed Detection and Response (MDR) is now required to keep your Microsoft 365 tenant and services secure.

Why is MDR now required to keep your M365 secure?

M365 is a significant target, because most businesses rely on Microsoft email, SharePoint and more. 
Insurance and Compliance Requirements target high risk areas.  This service can fulfill requirement for compliance and lower cost of cyber liability insurance. (See The Cyber Liability Insurance Crisis)

Time is of the essence in a breach.
Within minutes of compromise an attacker can gain access to SharePoint, OneDrive, download sensitive files, upload malware or crypto software, setup email rules with scripts and send malicious emails. Most criminals enter as quietly as possible and just watch and learn. This is often more than 1 month, as logs are only kept for 30 days.

Business Email Compromise is also very costly.
The median amount STOLEN through Business Email Compromise (BEC) has increased from $40,000 to $50,000 in the last year. (Verizon DBIR – 2023) We’ve had businesses come to us after losing $300,000 in a BEC scam. According to the FBI’s Internet Crime Report, the total lost last year related to BEC was $2.9 billion dollars, which is 23% of the loss from all crime losses of $12.3 billion. (See Business Email Compromise is Your Biggest Threat)

How an Email Breach Can Cost Your Business Thousands – Another True Story of Compromise: HR and Payroll

Isn’t this built into Microsoft 365 SaaS?

There are many great security features available in Microsoft 365 Premium and above, but they don’t just magically appear and turn on. You must evaluate them based on your company needs, turn them on and monitor the tenant for updates and new features.

In general, you do not have visibility into your network to know if someone has entered and created a new admin account, or new email forwarding rules to intercept communication with your vendors, clients, bank, etc. And most do not have time to investigate emailed alerts and act immediately to reduce the damage.

“There is no single technology solution to BEC; rather, it’s a combination of technology upgrades, investment in additional controls, process improvements and user awareness.”

Gartner Reports – Aug 2023

The AME Group Responds to Changes in Cyber Threats

For cyber security to be effective, it MUST ADAPT to changes in the threat landscape. As more businesses are being successfully attacked by Business Email Compromise, we built a reasonably priced Managed Security Service solution specifically for Microsoft 365 and Google Workspace to gain visibility into malicious network activity and ability to respond rapidly.

We perform proactive threat hunting to detect any abnormal activity that may indicate a potential security breach. Our team monitors for a wide range of indicators, including unusual login times or locations, brute force and password spraying attempts, changes to user permissions, and many other potential threats.

Some examples of key items for Microsoft 365 security monitoring and alerting include,

  • Logon from outside the US
  • High volume of file downloads
  • Changes to membership in Admin groups
  • Email forwarding rules modified
  • Exchange transport rules modified
  • Security settings modified
  • Guest access created
  • External sharing of documents

QUICK RESPONSE

Our team can quickly identify and address vulnerabilities, and respond to suspicious behavior, helping to minimize the impact of any security incidents and ensure the ongoing safety and security of our customers’ systems and data.

INITIAL RESPONSE TO INTRUSION IS CONTAINMENT

A quick response lessens the likelihood of significant disaster recovery.

Action within seconds/minutes 24/7: Secure Account
Change passwords
Revoke all sessions
Reset MFA

Then, determine the scope and next steps
Look at what was accessed.

Remediation

For full-service clients, remediation might be completed within an existing agreement. Otherwise, it is a time & materials project.

HOW OUR OFFERING IS DIFFERENT

Many MSPs are starting to offer this type of service, but they are outsourcing to a third party.  They would need to wait for their response and recommendation, which can slow down the process.

Our internal security team is unique.  While being separate from any managed services team, they work seamlessly together.

We take a holistic approach to the Microsoft 365 Environment, looking at it in the context of your business goals. We monitor, assess and recommend based on your business needs.

Isn’t security included in managed IT services?  Why the answer is NO.

Although we approach our managed IT services from a security-first mindset, not everything can be built into one service. Threat Hunting, Monitoring and Containment Response is not included in standard managed IT services. This service engages the security team for real-time monitoring and security expertise. The managed services team have important roles in preventive maintenance and support. 

Security threats and controls are constantly moving and changing. There’s no set it and forget it with business IT security. 

Services are based on biggest threats and needs. 

Services are separated to be most efficient and effective in both outcomes and cost. 

This analogy might help you understand the difference between Managed IT Services and Managed Security Services (particularly MDR for Microsoft 365)

Managed IT Services is PERIMETER SECURTIY.
PROACTIVE management of standard business IT plus basic security. Reactive to end users support and resolution of issues.

Locks on the house, doors, windows.
Regular maintenance on those locks.
Fixing broken locks, doors and windows.
But the monitoring cannot see inside the house. You are often the first to see or experience their presence and call.
It is reactive to your call about lost functionality or unusual behavior. If it is found to be a burglar, managed services will kick them out.

Microsoft 365 MDR is Perimeter and INTERNAL SECURITY Monitoring.
PROACTIVE management of security by dedicated security team. 

Watching who comes and goes.
Cameras are in the house being constantly monitored.
Intruder alerts.
Containment – secured / boarded up the broken windows and doors. Immediate response is to kick the intruder out, resetting the locks and checking to see if anything was taken.

Incident Response is like SEARCHING.
Reactive.

Forensic deep dive and recommendations to reduce risks.
How did the intruder get in?
Where did the intruder go?
What did the intruder touch, change, take?

Determine next steps. 
Do you need stronger windows and doors?

SUMMARY

In conclusion, the ever-evolving landscape of cyber threats necessitates a proactive and comprehensive approach to securing your Microsoft 365 environment. Managed Detection and Response (MDR) is not just an added layer of security but a critical component in safeguarding your business against sophisticated attacks like Business Email Compromise. The AME Group’s tailored MDR service offers visibility, rapid response, and expert threat hunting, ensuring that your systems are continuously monitored and protected. By integrating this advanced security solution, you can confidently meet compliance requirements, potentially reduce insurance costs, and, most importantly, secure your valuable data and operations. Trust the AME Group to provide the dedicated and holistic security your business needs to thrive in today’s digital landscape.

MAIN LINE

1.800.264.8851

CORPORATE HEADQUARTERS

619 Main St
Vincennes, IN 47591
812.726.4500

VIEW ALL LOCATIONS

QUICK LINKS

Instagram Facebook Youtube Linkedin
COPYRIGHT © 2024 AME Group. All Rights reserved.