What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Mar 18, 2022

You Invested in Microsoft Office 365 E5 – Now What?

4 minutes read
Speak With A Security Expert Now

Over the past two years, organizations have been transitioning their on-premises infrastructure to the cloud because of the shift to remote work. Part of this transition includes an investment in Microsoft Office 365 E5, which includes the traditional Microsoft productivity applications and cybersecurity services, all based in the cloud.

There are a host of cybersecurity products that you can leverage to strengthen your security posture. Most notably, Microsoft has three main offerings to help bolster your cybersecurity posture:

But, why Microsoft? Many companies have also accumulated a host of cybersecurity software over the years. While many of those tools just add to the overall noise, Microsoft’s cybersecurity products allow teams to consolidate their spend to secure their endpoints, email, identity, SIEM and cloud environments by implementing a zero-trust approach to their cybersecurity program – all consolidated within a fully interoperable, easy-to-manage platform.

Although the cost savings alone is enough to make a compelling business case for the switch, Microsoft also gives security operations teams the power to identify, detect, and rapidly remediate attacks in their earliest stages. This enables your team to gain comprehensive visibility across the full ecosystem and the ability to initiate response actions directly within the tools themselves. The fact that they’re natively integrated with the Microsoft cloud platform inherently simplifies the task of monitoring them.

If your organization is one of the many that has invested in Microsoft Office 365 E5, here are the four most important things you need to know:

1. Understand what you have

Although organizations may choose to invest in Microsoft’s E5 licensing (as opposed to E3) for many reasons, cybersecurity is undoubtedly one of the primary drivers. In Microsoft’s case, this is for good reason. In August 2021, Microsoft announced they would increase their cybersecurity investment by 4x, pledging to invest $20 billion in its cybersecurity products by 2026.

Unfortunately, plenty of organizations that have made the decision to adopt Microsoft E5 are unaware of the cybersecurity capabilities that they can leverage or may not have the internal resources to apply them. So, the first step is to take stock of the new technologies you have and work with your in-house cybersecurity team to determine the people and policies you’ll need to fully leverage the tool stack.

2. With great (response) power comes great responsibility

Microsoft’s E5 licensing provides you with numerous cybersecurity tools that allow you to take response actions across all major breach vectors – endpoint, email, and identity. So, if you’re planning to manage the Microsoft tool stack in-house, you need a plan to operationalize these response capabilities. Ask yourself:

3. Operationalize threat intelligence

Although there are several resources on enabling cyber threat detection and response on websites like GitHub, many of those resources bank on your team to simply ‘set it and forget it’. However, implementing threat detection and response capabilities should be anything but that, requiring active, and ongoing, cyber threat intelligence that must be managed.

Unfortunately, it’s very difficult to operationalize cyber threat intelligence capabilities in-house since it requires dedicated, highly skilled cybersecurity talent. On the other hand, leveraging an external team of elite threat hunters that can provide you with investigative playbooks and threat detections can significantly increase the breadth of your response against modern cyber threats.

4. Engage an external MDR provider

Once you understand the breadth of the cybersecurity capabilities as part of the Microsoft E5 licensing, you need to consider how you will manage your cybersecurity tool stack. In other words, will you do it yourself or engage an external Managed Detection and Response (MDR) provider to manage your new toolset?

The reality is that the expertise and resources you need to properly optimize and manage these tools is hard to come by and retain. This means the DIY option is not realistic for a lot of teams, especially given that many in-house cybersecurity teams are already over-worked and burnt out. Therefore, we recommend engaging an MDR provider that can provide you with 24/7 visibility across your Microsoft ecosystem, ongoing cybersecurity event monitoring, threat detection and investigation, and complete response utilizing Microsoft 365 Defender and Azure Sentinel.

However, prior to engaging an MDR provider, consider whether the provider holds any Microsoft Security Competency certifications that represent their expertise in managing and working with the platform. We recommend choosing an MDR provider that is a Microsoft Gold Partner and one that belongs to the Microsoft Intelligent Security Association (MISA).

For many companies that have already made an investment in Microsoft’s products and are facing the growing complexity of the cybersecurity landscape, it can make sense to take a simplified approach by consolidating their tool stack to Microsoft. However, to truly make the most of your Microsoft investment, you need to enable 24/7 threat detection and investigation, and complete response capabilities to reduce the risk of business disruption.

Learn how our eSentire MDR for Microsoft can help your team reduce your overall cybersecurity spend and stop cyber threats across your Microsoft ecosystem by booking a meeting with an eSentire cybersecurity specialist.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
eSentire
eSentire

eSentire is the Authority in Managed Detection and Response, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events. Combining cutting-edge machine learning XDR technology, 24/7 Threat Hunting, and proven security operations leadership, eSentire mitigates business risk, and enables security at scale. The Team eSentire difference means enterprises are protected by the best in the business with a named Cyber Risk Advisor, 24/7 access to SOC Cyber Analysts & Elite Threat Hunters, and industry-leading threat intelligence research from eSentire’s Threat Response Unit (TRU). eSentire provides Managed Risk, Managed Detection and Response and Incident Response services. For more information, visit www.esentire.com and follow @eSentire.