Microsoft: Office 365 Automated Incident Response Feature

ZDNet has reported that Microsoft has made its Automated Incident Response in Office 365 Advanced Threat Protection (ATP) generally available to enterprise customers.The automation feature, announced in preview earlier this April, aims to help security analysts respond faster and more systematically to a barrage of security alerts.

Microsoft is making two categories of automated incident response generally available. The first are automatic investigations that commence in response to new alerts, such as users reporting phishing email, users clicking on a link determined to be malicious, malware being detected in received email, and phishing email that has landed in a user’s mailbox.

The second category consists of manually initiated investigations that use Microsoft’s ‘automated playbook’ sequences for different scenarios and attack types.


EXPERTS COMMENTS
Tarik Saleh, Senior Security Engineer and Malware Researcher,  DomainTools
September 11, 2019
One of the biggest hurdles in doing security response is the manual work that’s required before you even start an investigation.
Microsoft’s latest feature release of automated response really shows they understand the actual problem space of security practitioners. As companies grow, security needs to scale in tandem with the business. Unfortunately, that is often not the case. This puts the ownership of keeping up with the business growth on security teams and building automation. One of the biggest hurdles in doing security response is the manual work that’s required before you even start an investigation, like creating an investigation ticket and opening up your response playbook. ATP’s new automatic investigations feature handles this on the security investigators behalf, saving time and reducing the pain of manual work. While there are appropriate concerns for having your data being managed and indexed with SaaS providers, Microsoft ATP & Office 365 integration clearly shows how it can dramatically reduce the risk to your organization. During the security incident response process, the key metric every security organization is concerned about is the TTD (Time To Detection) and TTR (Time To Response). Microsofts new features to ATP & Office 365 can dramatically lower your TTD and TTR times, which is critical for any business. E-mail based attack vectors continue to be one of the most effective ways to compromise a company. It's not a matter of if your company will be affected by these types of attacks, but when. Having automation baked into your e-mail gives you the weapons you need to be successful at reducing your risk.

Join the Conversation

Join the Conversation


In this article