Nicola Sotira, Head of Poste Italiane’s CERT, describes monitoring MS365 with TrackerIQ to detect breaches:
“We saw something that with the standard tools we weren’t able to see, and in this case it was something that permitted us to be more proactive. We saw the anomaly starting before creating damage, so we were able to block the anomaly and nothing happened.”
Transcript
00:00
uh from the maybe credential point of view the guy that he tried to attack you and your employee are the same but they are different in the user stuff so this in this way you don’t know what you’re looking for for sure you have to detect anomalies immediately we start to
00:18
monitor 365 environment uh the cloud because of course the use of the cloud the access to the cloud is uh there is today under the radar and we need to put this environment under control try to detect anomaly in the assets and normally in the usage and we detect some
00:40
anomaly uh I cannot and say talk about the things that you see but you know the issue was related to access mailbox access all this kind of stuff and so some we saw something that with the standard tool we weren’t able to see and in this case was something that the need
01:01
us to be more proactive so we see they’re normally starting before creating the image so we were able to block them normally and nothing happened you know this is the value for us
