View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 10, 2019

Microsoft Rolls Out Automated Office 365 Incident Response Tools

"Automated, playbook-based investigations"

By CBR Staff Writer

Microsoft has rolled out a range of automated incident response tools for security teams in its Office 365 Advanced Threat Protection (APT) product a feature it first teased in preview in April this year.

With an upgraded API the new tools which use machine learning to react to a range of triggers in the email protection service can be integrated into existing security workflow solutions, like SIEMs, Microsoft said.

Automated Incident Response

The tools include automated, playbook-based investigations that are initiated when alerts such as user-reported phishing emails are reported.

These include automatic investigation when a user clicks a malicious link, clicks through a warning page, or malware is detected post-delivery. (Using signature-based detection of content that has been weaponised after delivery).

Users can also manually trigger investigations that follow an automated playbook, Microsoft said; a series of “carefully logged steps to comprehensively investigate an alert and offer… recommended actions.”

The release comes amid the common complaint from over-worked security teams that they are inundated with alerts, both genuine and false-positives, meaning workloads like correlating signals across multiple different systems is increasingly challenging, and alerts hard to prioritise.

Image of a clicked URL being assigned as malicious.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The release is the latest from one of the public cloud giants aimed at tackling the flood of alerts security teams deal with and automating away some of the investigation or threat-hunting elements of the role.

See also: ESET Agrees to Furnish Google’s Chronicle with Threat Data

Plenty of existing SIEMs also aim to help tackle that problem, with products from LogRhythm, IBM, Dell, Splunk and Exabeam among the most popular.

Google has also got in on the action, with Backstory, which launched in March 2019, letting companies upload, store, and analyse their internal security telemetry to detect and investigate potential cyber threats, by running Chronicle’s analytics engine over high-volume data such as DNS traffic, netflow, endpoint logs, proxy logs, etc. in Google Cloud.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.