“If an alert comes in through our security information and event management tool, we can look at it, isolate the machine, and check it out with just a few clicks.”
When the Chief Information Officer brought me in to create the first-ever Information Security Office at Duquesne University, we discovered that we were getting inundated with email attacks related to phishing, spear phishing, spoofing, and various scams. We actually had hundreds of compromised accounts every year, largely because each year we had new students and new faculty who did not know what to expect. They were unfamiliar with each other and people on campus. Exploits typically began with email attacks on new students. Stolen student credentials would then be used to attack faculty and staff.
To find a solution, we created a proof of concept with top vendors. We chose Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection), which is part of the Microsoft 365 Defender suite. Implementing that tool reduced the number of compromised accounts on campus by 95 percent.
Note that when deploying this or any security solution, it’s important to talk to peers and partners who have done this before and can suggest lessons they learned from their experiences.
This is an excerpt from 7 Experts on Implementing Microsoft 365 Defender. This eBook was generously sponsored by BlueVoyant.