Missing a key security signal could mean not catching a breach, but the number of security signals is increasing exponentially. It’s becoming impossible to manually prioritize them. That’s why Office 365 applies intelligence to help you proactively manage risk and ward off threats. Today, we’re pleased to introduce several new capabilities in Office 365 that help you manage risk and stay ahead of threats:
- Office 365 Secure Score—A new security analytics tool that applies a score to Office 365 customers’ current Office 365 security configuration.
- Office 365 Threat Intelligence Private Preview—Service that leverages billions of data points from the Microsoft Intelligent Security Graph to provide actionable insights to the global threat landscape and help customers stay ahead of cyber threats. Office 365 Threat Intelligence is now in private preview, with general availability planned for later this quarter.
- Office 365 Advanced Data Governance Preview—Applies machine learning to help customers find and retain the most important data to them while eliminating redundant, obsolete and trivial data that could cause risk if compromised. Office 365 Advanced Data Governance is now in preview, with general availability planned for later this quarter.
Know your Office 365 Secure Score
Do you know how you’d be rated if someone were to evaluate your security configuration? To give you better visibility into your Office 365 security configuration and the security features available to you, we’re pleased to introduce Secure Score—a new security analytics tool. Secure Score helps you understand your current Office 365 security configuration and shows you how implementing additional controls can further enhance your security and reduce risk.*
Here’s how it works:
Secure Score Summary—Displays your Secure Score and provides access to view your Score Analyzer. Your Secure Score, the numerator, is the sum of the points associated with security configurations that you have partially or fully adopted. The total score, the denominator, is the sum of the points associated with all the security controls that are available to you through your Office 365 plan.
In this example, the Secure Score is 130 out of 273 points possible:
Score Summary window showing your Secure Score.
Score Analyzer—Allows you to track and report on your score over time. The graph shows your Secure Score on any date in the past, what specific actions you completed and which actions were available to you. Your score results can also be exported to a CSV file for easy planning and communication with your organizations.
Score Analyzer graph showing the Secure Score over time.
In addition to providing insight, Secure Score provides suggestions on the possible actions you can take to improve your security position. These suggestions are prioritized based on the effectiveness of the action and level of impact to end users. Actions that are highly effective with low level of user impact are placed at the top, followed by actions that are less effective and more impactful to users. You can also filter actions in the list with criteria such as those that have low end user impact or that apply to user accounts.
Secure Score can play an important role in a holistic security strategy, which encompasses how an organization strengthens its risk controls, mitigates potential losses and offsets some of the risk. To help businesses strengthen their security position, property and casualty insurer The Hartford will consider a customer’s Office 365 Secure Score as a part of the cyber insurance underwriting process.
“We believe aligning the solutions between security and insurance can make a real difference. By encouraging the use of an innovative security analytics tool like Office 365 Secure Score and making it a part of the underwriting process, businesses have more information to make risk-based decisions around privacy and security, potentially reducing their exposure to loss.”
—Tom Kang, head of Cyber Insurance at The Hartford
This builds upon the endorsement of Office 365 made by insurance industry leader AIG last year.
Watch this Microsoft Mechanics video for an in-depth look at Secure Score:
To learn more about Secure Score, check out your score and see recommendations on how you can increase your security position in Office 365, go to securescore.office.com.
Office 365 Threat Intelligence—now in private preview
According to a recent Ponemon Institute study, the average cost of a data breach has risen to $4 million. These costs can include litigation, the effects of brand or reputation damage, potential lost sales, and in some cases, complete business closure. Organizations that are prepared for a breach by spending on appropriate staffing, security training and security products can ultimately reduce their long-term costs.
Office 365 Threat Intelligence uses the Microsoft Intelligent Security Graph to analyze billions of data points from global datacenters, Office clients, email, user authentications and other incidents that impact the Office 365 ecosystem, as well as signals from our Windows and Azure ecosystems—to provide actionable insights to global attack trends.
It provides information about malware families inside and outside your organization, including breach information with details, like how much bitcoin the attackers typically request in ransomware attacks. Office 365 Threat Intelligence also integrates seamlessly with other Office 365 security features like Exchange Online Protection and Advanced Threat Protection, so you’ll be able to see analysis, including the top targeted users, malware frequency and security recommendations related to your business.
Office 365 Threat Intelligence provides this visibility, along with rich insights and recommendations on mitigating cyber-threats, ultimately supporting a proactive defense posture, leading to long-term reduced organizational costs.
The Office 365 Threat Intelligence Dashboard provides visibility into the global threat landscape.
To sign up for the private preview of Office 365 Threat Intelligence, please contact your Microsoft account representative.
Why data governance matters
Many organizations are exposing themselves to unnecessary risk because they don’t have a good grasp on all the data they have. Often, they retain data they no longer need, such as the personal information of former employees who have long since left the company. Should this personal data be compromised in a breach, the company could be liable for costly remediation, such as lifetime credit monitoring for these former employees.
Office 365 Advanced Data Governance helps you find and retain the data that is most important to you while eliminating redundant, obsolete and trivial data that could cause risk if compromised. Office 365 Advanced Data Governance applies machine learning to intelligently deliver proactive policy recommendations; classify data based on automatic analysis of factors like the type of data, its age and the users who have interacted with it; and take action, such as preservation or deletion.
We’re already receiving a great response from legal professionals who expect Office 365 Advanced Data Governance to enhance their data management practices.
“The machine learning designed into Microsoft Office 365 Advanced Data Governance’s suite has the potential to tame the ever-increasing growth and complexity of data types we deal with. Office 365 Advanced Data Governance can apply unified policies to data in place across all Office 365 applications, regardless of when the data was ingested, to intelligently retain high-value data while disposing of what isn’t needed or is obsolete. As organizations grasp its potential to reduce compliance and security risks, this will be a game changer in information governance.”
—Paul Meyer, eDiscovery and Data Management managing counsel at Willis Towers Watson
Watch this Microsoft Mechanics for an in-depth look at Office 365 Advanced Data Governance:
Visit Office 365 Advanced Data Governance to register for the limited public preview.
Office 365 Secure Score is now generally available to organizations with an Office 365 commercial subscription and who are in the multi-tenant and Office 365 U.S. Government Community clouds.
Office 365 Threat Intelligence and Advanced Data Governance are expected to be generally available by the end of March 2017, and will be included in the Office 365 Enterprise E5 plan, as well as in the Secure Productive Enterprise E5 offering.
—Alym Rayani, director for Office Security and Compliance team