Overview

Vectra Cognito Detect for Office 365 ingests activity logs from multiple services like O365, Azure AD, SharePoint/OneDrive and Exchange. The Vectra Cognito AI-driven threat detection and response platform has a deep understanding of Office 365 application semantics and leverages supervised and unsupervised machine learning models. By analyzing events like logins, file creation/manipulation, DLP configuration, and mailbox routing configuration & automation changes, it accurately finds attacker behavior patterns across the entire attacker kill chain.
The result is high precision actionable detections instead of anomaly alerts, so it can accurately expose even novel and never before seen attackers with high confidence. The detections are correlated to accounts which provides the security team the prioritization and narrative to act quickly.
As the industry’s first threat detection and response solution for the cloud, Vectra Detect for Office 365 and Azure AD is an extension of Vectra’s proven Cognito platform that currently protects public clouds, private data centers, and enterprise environments to Microsoft Office 365.
Detect™ for Office 365 automatically identifies and stops cyberattackers who leverage the Office 365 suite to attack organisations. The Vectra approach leverages security research combined with data science to create a solution that understands real attacker behaviors and account privilege abuse in Office 365. Delivered as a cloud native, agentless, SaaS solution, Detect for Office 365 detects and stops known and unknown attacks before they lead to breaches, without relying on preventative security.