Security Automation with ThreatHunter
When the IT team at Cascade Environmental noticed that bad actors were automating their attempts to compromise identities and data, they proactively took action. They realized that while their environment may be secure at a point in time, morphing attack vectors could make them vulnerable at any time. Cascade’s growth made the challenge for its small IT staff even greater; the firm now provides environmental consulting and ecosystem restoration across 35 locations and 1,000 employees.
Who is Cascade Environmental?
Not Enough Budget, People, & New Threats Everyday
Unlike many other companies of Cascade’s size, it didn’t take a specific crisis to initiate action. CIO John Michael Gross explained, “I think for us, while we had been good enough with security for a long time, the automation of the threat against us was expanding that gap.” He would spend a significant amount of time reviewing Azure Active Directory audit logs and other Office 365 data. Looking through verbose logs for potential compromises at first helped Cascade understand the risk, but they quickly realized it was not scalable nor an effective use of their precious time.
Cascade Began Seeking Solutions
Enabling Technologies’ is a national Gold Partner of Microsoft, whose mission is to enable secure productivity in the cloud. Enabling protects customers’ identities, devices, data, and apps with expertise spanning the Office 365 and Enterprise Mobility and Security suite (Intune, Azure AD, Azure Information Protection, etc,), the email security capabilities of Office 365 (Advanced Threat Protection, Office Message Encryption, etc.), and the Azure Security Center.
Enabling’s account team and subject matter experts worked with Cascade to uncover the true challenge. “In particular for us, the challenge was business email compromise, spoofing of accounts, general phishing and in particular, spearphishing.” While the firm had a security awareness program in place to communicate risk and appropriate behavior to users, “We looked at how those things were affecting our end users, and it didn’t seem like any amount of training was going to solve that problem for us.”
Enabling recommended a layered security approach using a combination of Microsoft cloud services that together comprised Enabling’s ThreatHunter service. ThreatHunter detects accounts compromised due to phishing, automatically blocks the attacker from continuing, and forces a secure reset of the original victim’s password so they’re back working in a clean account.
Knowing that no security tool can be set and forgotten, Cascade saw value in a longer-term relationship with Enabling
Now, Enabling engages on a regular basis to ensure the latest configurations and protections are in place in the Cascade tenant to account for trending risks.
More Time for IT to Focus on Adding value to Cascade
The results are cleaner inboxes, less risk of Business email Compromise and financial loss, and more time for IT to focus on adding value to Cascade’s business. “After implementing ThreatHunter, I don’t have to spend my weekends looking at logs, so that’s been good for me personally, but for the company as a whole, really now we only see the aberrations. We’ve really eliminated a lot of the noise and we’re really focusing on those impossible travel situations and other things like that. It hasn’t done completely eliminated phishing, but I’d say it’s reduced the totality of threat about 90% for us, and that in combination with being able to focus on that 10% means that the time we’re spending with that bandwidth we have tends to be very effective.”
Through his years of experience and his recent late nights tracking threats, Gross advised others to “Understand the things you know, but be honest about the things you don’t know. Don’t fall victim to trying to put together this tapestry of applications for every marketecture that is going to tell you what you want to hear.” Gartner Group shows five Microsoft security solutions in their Leaders’ Quadrants, more than any other vendor, demonstrating how a platform is becoming more powerful than products.