Office 365 Security, Forensics and Incident Response
Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.Contact Us
Diverse O365 Investigations Inform Proven Forensics Methodology
Kroll’s forensic specialists have spent years investigating O365 security incidents of all sizes, types and complexity. These include business phishing attacks, email compromises, insider threats, compromise of privileged accounts, SMTP relay attacks, etc.
Our experts’ unique experience not only informs Kroll’s robust forensic methodology, but also primes our approach with the agility to recognize and respond to new forms of cyberattacks.
Our investigations deliver actionable information by reconstructing a detailed timeline of a bad actor’s activity in your environment:
- Identifying search terms the actor ran and the messages that may have been viewed as a result of those search terms
- Isolating mail client vs. web browser–based access
- Identifying and compiling emails auto–forwarded by unauthorized mail rules
- Looking across an entire O365 tenant to identify other suspicious/unauthorized access, including OneDrive and SharePoint file access
- If available, we will also run original phishing campaign discovery and analysis
O365 Security Incident Forensic Methodology
Kroll’s forensics methodology for O365 security incidents is structured and implemented in three broad phases. Each phase is customizable for your needs and goals. The team routinely works with counsel and cyber insurance providers, and can provide support remotely, onsite or in combination. Our findings ultimately also help with decision–making around notification efforts, including defensible communications to regulators.
Note: The following is a high–level overview of Kroll’s methodology. Contact Kroll for complete scope of activities.
Proactively Fortify O365 Email Security With Kroll’s Unique Frontline Insight
Organizations that have deployed O365 are often unaware they can directly improve data security, including their ability to recover after an incident. Kroll offers practical guidance that focuses on the entire email kill chain, including O365 configuration, phishing prevention, workstation defenses and end–user awareness. Our goal is to provide you with a prioritized set of specific recommendations to help manage the email security program.
O365 Email Security Assessment
Goal: Identify material gaps or significant shortcomings in the organization's email security defenses.
Process: Kroll experts remotely review email security defenses with a focus on identifying proactive measures and controls.
- Security settings to restrict unauthorized access
- User activity logging and auditing configurations to aid investigative efforts
- Email filtering options and configurations in place to prevent phishing attacks and malicious payload delivery
- Email access protocols
- Secure message communications
- Azure Active Directory Security Configuration
- Intune Mobile Device Management
O365 Email Secondary Defenses Assessment
Goal: Assess the secondary defensive measures in place to protect the organization against email–based attacks.
Process: Kroll experts conduct interviews with a cross–section of employees and functional areas.
- Workstation controls
- Employee Awareness
- Incident Response
- Business processes related to email authorization of payments
- Phishing campaign to gauge employee awareness and effectiveness of controls
O365 is a Dynamic Environment. Is Your Security Keeping Up?
Office 365 is continually introducing new features and retiring older capabilities. You can count on Kroll’s O365 security specialists to be there on the leading edge, able to guide you through challenges and harden security throughout the environment.
In fact, Kroll has you covered end–to–end when it comes to incident response, including our powerful CyberDetectER. Speak with one of our O365 security specialists today to learn about all our capabilities.