Critical Start Releases Enhanced Capabilities for Microsoft 365 Defender to Detect and Respond to Phishing and Other User Account Attacks

Plano, Texas – March 29, 2022 – These latest enhancements allow customers to leverage Microsoft 365 Defender and MDR to not only identify but also immediately respond to breaches stemming from user account-based attacks. – Today, Critical Start, a leading provider of Managed Detection and Response (MDR) services, introduced industry unique capabilities around Managed Detection and Response (MDR) services for the Microsoft 365 Defender security suite that protect against phishing, brute force, and cloud application attacks on user credentials.  Other MDR providers offer recommendations, while the Critical Start SOC responds on behalf of the customer to stop user account attacks that are often a precursor to a breach.

These enhanced capabilities allow customers to extend existing defenses and prevent breaches stemming from user account-based attacks. Figures and analysis from the 2021 Verizon Data Breach Investigations Report (DBIR) reveal that “credentials remain one of the most sought-after data types”, continuing a trend noted in previous iterations of the report. Since cyber-criminals are continuing to focus their attacks on credentials that will allow them to stay hidden as they access networks rather than hacking the networks themselves, users need to be able to quickly detect and easily take action to disrupt these attacks.

“By adding threat detection and response capabilities for credential and user account attacks into our MDR platform, Critical Start goes beyond the endpoint to protect against one of the most common attack vectors involved in the majority of breaches,” said Chris Carlson, vice president of product at Critical Start. “This new expansion of capabilities was developed in direct response from customers that MDR providers need to go beyond giving recommendations for action and swiftly respond to stop attacks in progress.  Critical Start now grants our customers the ability to improve their organizations’ security postures as well as their overall readiness to face off against credential-based attacks.”

With the combined power of Critical Start’s existing MDR services and the Microsoft security suite, alerts can be brought in from multiple Microsoft systems, including user-reported email phishing attempts, Azure Active Directory identity alerts and alerts triggered by anonymous login IPs to business applications running from Defender for Cloud Apps.

The expanded offering allows for optimized detection and response for different kinds of attacks that could result in users’ account becoming compromised, including in the following use cases:

  • Credential Harvesting through Email Phishing: Multiple steps in credential harvesting attacks, such as real phishing emails and malicious links, are detected. Critical Start provides courses of action to disrupt the chain and update potentially compromised user accounts.
  • Attacks Against Cloud Applications: Adversaries that gain access to an organization’s cloud applications find themselves with access to the entire organization’s sensitive data. Critical Start’s Zero Trust Analytics Platform (ZTAP) automates investigating alerts from Microsoft 365 Defender suite products and elevates any real threats to the Critical Start SOC analysts for investigation. Critical Start can also provide responses for potentially stolen credentials including disabling an account, forcing a logout and enforcing password changes.
  • Brute Force Attacks: When unable to gain access to an organization’s data through stolen or purchased credentials, adversaries will attempt to break in via brute force attacks with weak passwords. When this occurs, Critical Start’s platform automates investigating alerts from Microsoft 365 Defender suite products and elevates legitimate threats to the Critical Start SOC analysts for investigation. Critical Start can also provide responses for potentially stolen credentials including disabling an account, forcing a logout and enforcing password changes.
  • Security Awareness Training to Defend against Phishing Attacks: Critical Start adds additional email phishing analysis in combination with Microsoft’s native capabilities, further supporting security awareness training by enabling a positive feedback loop informing employees of the outcome of the reported email.

More information can be found here: https://www.criticalstart.com/our-solutions/managed-detection-response-services/xdr/microsoft-365-defender/

About Critical Start

Today’s enterprise faces radical, ever-growing, and ever-sophisticated multi-vector cyber-attacks. Facing this situation is hard, but it doesn’t have to be. Critical Start simplifies the complexity of cybersecurity by extending your team with a comprehensive enterprise solution of flexible services, exclusive technology and seasoned security experts that deeply understand and adapt with your organization’s unique needs and collaborate with you to detect the right threats and respond with the right actions. We strive to provide peace of mind and value with contractual Service Level Agreements (SLAs) for Time to Detection (TTD) and Median Time to Resolution (MTTR) and 100% transparency into our service.

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.
Tactics to Mitigate Security Gaps in Modern Threat Response. Upcoming Webinar - October 15.
This is default text for notification bar