What We Do
How we do it
Resources
SECURITY ADVISORIES
May 11, 2022
CVE-2022-26923 - Active Directory Domain Services Elevation of Privilege Vulnerability
THE THREAT Microsoft has disclosed a new vulnerability impacting Active Directory Certificate Services (ADCS) tracked as CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability). If exploited successfully, an authenticated attacker can escalate privileges in environments where ADCS is running on the domain. eSentire is aware of technical details and tooling [2] for…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
May 17, 2022
Cybersecurity Leader eSentire Continues Its Commitment to Rigorous Security Standards Earning PCI DSS Certification
Waterloo, ON, May 17, 2022 — eSentire, the Authority in Managed Detection and Response (MDR), maintains one of the most secure and robust IT environments of any MDR provider in the industry. To that end, eSentire today announced that it has received the Payment Card Industry Data Security Standard (PCI DSS) certification, considered one of the most stringent and comprehensive payment card…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Mar 18, 2022

You Invested in Microsoft Office 365 E5 – Now What?

Speak With A Security Expert Now

Over the past two years, organizations have been transitioning their on-premises infrastructure to the cloud because of the shift to remote work. Part of this transition includes an investment in Microsoft Office 365 E5, which includes the traditional Microsoft productivity applications and cybersecurity services, all based in the cloud.

There are a host of cybersecurity products that you can leverage to strengthen your security posture. Most notably, Microsoft has three main offerings to help bolster your cybersecurity posture:

But, why Microsoft? Many companies have also accumulated a host of cybersecurity software over the years. While many of those tools just add to the overall noise, Microsoft’s cybersecurity products allow teams to consolidate their spend to secure their endpoints, email, identity, SIEM and cloud environments by implementing a zero-trust approach to their cybersecurity program – all consolidated within a fully interoperable, easy-to-manage platform.

Although the cost savings alone is enough to make a compelling business case for the switch, Microsoft also gives security operations teams the power to identify, detect, and rapidly remediate attacks in their earliest stages. This enables your team to gain comprehensive visibility across the full ecosystem and the ability to initiate response actions directly within the tools themselves. The fact that they’re natively integrated with the Microsoft cloud platform inherently simplifies the task of monitoring them.

If your organization is one of the many that has invested in Microsoft Office 365 E5, here are the four most important things you need to know:

1. Understand what you have

Although organizations may choose to invest in Microsoft’s E5 licensing (as opposed to E3) for many reasons, cybersecurity is undoubtedly one of the primary drivers. In Microsoft’s case, this is for good reason. In August 2021, Microsoft announced they would increase their cybersecurity investment by 4x, pledging to invest $20 billion in its cybersecurity products by 2026.

Unfortunately, plenty of organizations that have made the decision to adopt Microsoft E5 are unaware of the cybersecurity capabilities that they can leverage or may not have the internal resources to apply them. So, the first step is to take stock of the new technologies you have and work with your in-house cybersecurity team to determine the people and policies you’ll need to fully leverage the tool stack.

2. With great (response) power comes great responsibility

Microsoft’s E5 licensing provides you with numerous cybersecurity tools that allow you to take response actions across all major breach vectors – endpoint, email, and identity. So, if you’re planning to manage the Microsoft tool stack in-house, you need a plan to operationalize these response capabilities. Ask yourself:

3. Operationalize threat intelligence

Although there are several resources on enabling cyber threat detection and response on websites like GitHub, many of those resources bank on your team to simply ‘set it and forget it’. However, implementing threat detection and response capabilities should be anything but that, requiring active, and ongoing, cyber threat intelligence that must be managed.

Unfortunately, it’s very difficult to operationalize cyber threat intelligence capabilities in-house since it requires dedicated, highly skilled cybersecurity talent. On the other hand, leveraging an external team of elite threat hunters that can provide you with investigative playbooks and threat detections can significantly increase the breadth of your response against modern cyber threats.

4. Engage an external MDR provider

Once you understand the breadth of the cybersecurity capabilities as part of the Microsoft E5 licensing, you need to consider how you will manage your cybersecurity tool stack. In other words, will you do it yourself or engage an external Managed Detection and Response (MDR) provider to manage your new toolset?

The reality is that the expertise and resources you need to properly optimize and manage these tools is hard to come by and retain. This means the DIY option is not realistic for a lot of teams, especially given that many in-house cybersecurity teams are already over-worked and burnt out. Therefore, we recommend engaging an MDR provider that can provide you with 24/7 visibility across your Microsoft ecosystem, ongoing cybersecurity event monitoring, threat detection and investigation, and complete response utilizing Microsoft 365 Defender and Azure Sentinel.

However, prior to engaging an MDR provider, consider whether the provider holds any Microsoft Security Competency certifications that represent their expertise in managing and working with the platform. We recommend choosing an MDR provider that is a Microsoft Gold Partner and one that belongs to the Microsoft Intelligent Security Association (MISA).

For many companies that have already made an investment in Microsoft’s products and are facing the growing complexity of the cybersecurity landscape, it can make sense to take a simplified approach by consolidating their tool stack to Microsoft. However, to truly make the most of your Microsoft investment, you need to enable 24/7 threat detection and investigation, and complete response capabilities to reduce the risk of business disruption.

Learn how our eSentire MDR for Microsoft can help your team reduce your overall cybersecurity spend and stop cyber threats across your Microsoft ecosystem by booking a meeting with an eSentire cybersecurity specialist.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1200+ organizations in 75+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.