Security for Entra ID
Hackers no longer break in, they log in…
As the underlying directory service of the Microsoft 365 ecosystem, Entra ID and its configuration plays a pivotal role in an organizations security posture and risk exposure.
Not only are configurations (or misconfigurations) relevant to the potential for a breach, the telemetry available from an identity and behavior context within Entra ID is leveraged by the broader Sabiki platform to provide unmatched Business Email Compromise protection.
“Misconfigured Entra ID is the silent breach waiting to happen.”
Over 50 elements of Entra ID scanned and monitored
Besides assessing your Entra ID for compliance to Microsoft best practice guidance, Sabiki Entra ID Security also scans your Entra ID configuration against MITRE Attack framework Indicators of Compromise and Attack, with detailed explanation of what the business risk is for a given misconfiguration.
With monitoring and alerting on configuration changes, not only can you ‘hook' in’ and run point in time health checks on multiple Entra ID tenants within a single console, ongoing monitoring and alerting provides an additional layer of detection for attacks in their early stages.
The 360 degree view of Microsoft 365
Unmatched visibility for BEC protection
The most damaging of Email threats (Business Email Compromise) can be more thoroughly detected with additional telemetry on internal users. Data points on the user, their mailbox, location and overall behavioral fingerprint is consumed by the Sabiki Email Security engine to provide more granular email scoring and for ‘needle in the haystack’ detection.
Entra ID Health Check
Perform a Healthcheck of your Entra ID environment comparative to both recommended Microsoft best practice configuration and against known indicators of risk due to misconfiguration. Detailed feedback on ‘grey’ area settings, their purpose and risk profile.
Email Account Takeover (ATO) Monitoring
Monitor for and alert on the most common indicators of Email Account Takeover. Using a list of IoCs curated by team Sabiki and published by respected security organizations, Sabiki Entra ID Security can scan and notify security and email administrators for indicators of an adversary being in control of a user Email account.
Entra ID Compliance
Email and User Directory platforms can play a large part of various Cybersecurity standards and Frameworks globally. Sabiki for Entra ID can scan and report on compliance to those areas relevant to Entra ID within those frameworks.
NIST (US, Global), ASD Essential Eight (Australia), Cyber Essentials (Singapore/UK), CERT-In (India), CyberSAFE (Malaysia), NCA (Saudi Arabia, IA Regulation (UAE)
Use Cases
-
Organizations wanting a once off health check of their Entra ID or prior to onboarding additional tenants and establishing trusts between organizations. Ideal technical M&A tool or for partners onboarding new customer tenants.
-
Monitoring changes to Entra ID which may be the result of a threat actor.
-
Entra ID, as Microsoft’s directory service may be relevant to certain security compliance frameworks, examples include the ASD8 in Australia, in Canada, In Singapore and NIST in North America.
-
As a SSPM for Entra ID, enabling Sabiki for Entra ID unlocks granular user level behavioral telemetry and monitors configuration changes that feed the Sabiki AI engine to enable Advanced Business Email Compromise Protection.
Data Science, without the Data Scientist
