M365 Advanced Threat Protection: “Potential Nation-State Activity”
Increased nefarious activities by Nation-States has been widely reported and it’s on the increase and they’re not just targeting the multi-nationals or governments, they are going after anyone with data that may be useful or anyone who’s customer base may have useful data.
We believe these threats to be real, that their frequency will increase and that to ignore them would be foolish.
So how do we protect against such threats; surely their resources and technology is so vast and complex and if Governments and Corporations can’t protect themselves then what hope smaller targets have…
Thankfully all is not lost and we can go a long way towards doing this through the use of protection in depth or layers of protection. These layers or tools include:
- Alert staff who watch for something out of the ordinary and report it to their managers or IT support
Your staff are on the front line, they know their daily tasks and should report anything out of the ordinary
- Advanced Controls around how your data can be accessed and from where, we call this Conditional Access
We block access to customer data from countries or regions they don’t operate in amongst a few other conditions
- The use of Advanced Alerts like the new “Potential Nation-State Activity” being talked about here
- Monitoring other signals across Microsoft 365 platforms (something we do every day)
Microsoft have a proven track record when it comes to tracking, monitoring and mitigating Potential Nation-State Activity and their work with global security outfits like the FBI and others is to be applauded. I am thrilled to report that Microsoft have extended their monitoring platforms to be able to identify the traces and fingerprints that such activity creates within Microsoft 365 platforms like SharePoint, OneDrive, Azure and Exchange Online and has made these advanced tools available for us to utilise in protecting our customers.
From Microsoft’s Roadmap: “Nation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. These attacks represent some of the most advanced and persistent threat activity Microsoft tracks. The Microsoft Threat Intelligence Center follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers” and they have now added an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.
As of the time this post was published I am pleased to advise that we now we have implemented the deep monitoring of “Potential Nation-State Activity” and importantly the timely automated reporting of Potential Nation-State Activity for our managed customers. Our Service Desk will receive alert notifications 24×7 and raise tickets for action to ensure all anomalous events are investigated.