Articles
Aug 8, 2023
4 min read

Redefining Microsoft 365 Security with AI-Driven Data Protection

Redefining Microsoft 365 Security with AI-Driven Data Protection

AI-Driven Data Protection

With a dominant market leadership, Microsoft 365 generates an immense amount of data volume: over 2 billion new documents are added every work day, and over 200 PB of new data monthly to SharePoint alone. The sheer volume of data indicates how indispensable the Microsoft 365 collaboration and productivity tools have become to businesses worldwide. These assets represent business critical data, and malicious actors are recognizing this fact and looking for ways to compromise it and extract value from it.

To help protect against this, Alcion offers a data protection platform, delivered as a cloud based solution. Alcion goes beyond addressing simple use cases of accidental deletions for popular Microsoft 365 services like OneDrive, SharePoint, and Exchange and focuses on applying AI-driven techniques to safeguard data against cyber threats and facilitate fast recovery through an intuitive user experience.  

Common Cyber Threat Scenarios

1.   Ransomware Attacks

One of the gravest threats businesses face today is ransomware attacks, which are rising both in frequency and sophistication. When critical data becomes unavailable, productivity plummets, and recovery can take weeks and even months. Backups are a great line of defense and the only option to restore operations without paying ransom. Attackers recognize this and in most cases aim to not only encrypt your data, but also compromise backups in order to thwart recovery.

2.   Malware Proliferation

A recent Netscope threat vector study concluded that Microsoft OneDrive delivered 30% of all cloud malware downloads. OneDrive is a convenient launching point since it is a well-known domain that might be whitelisted by threat protection software. Additionally, users often don’t pay close attention to the full URLs, making OneDrive links suitable for phishing attacks. The situation is much worse when an attacker manages to compromise a single OneDrive account in an organization and then hosts malware targeting users in the same organization with completely legitimate links.

3.   Disgruntled Insiders

The most dangerous threat is usually the one from within that is unexpected. In an economic environment froth with staff reductions, there is an increased risk of employees who may use residual access to actively harm the company by destroying or otherwise compromising data. To make matters worse, if the disgruntled insider has privileged access, they could use it to actively circumvent native Microsoft 365 protection mechanisms such as versioning and multi-stage recycle bin to permanently delete valuable data.

Alcion Security Focused Capabilities

1.   Ransomware Scanning, Detection, and Recovery

Alcion monitors the activity stream in Microsoft Office 365 data backups and extracts a set of metadata and content based metrics which are then fed through an AI-powered anomaly detection algorithm which determines the likelihood that your data is under attack. When Alcion determines that there is a high likelihood of attack, it will initiate pre-emptive backups to minimize potential data loss. Lastly, the system will also mark known good backups in order to simplify recovery, once the root cause of the attack is determined and neutralized.

2.   Malware Detection and Elimination

With the proliferation of malware, malicious items frequently reside among legitimate data. Microsoft does a good job of detection, but the signals are easily lost and may go unnoticed by both users and administrators. In the worst case, malware infected items find their way in your backups and restores, a common mechanism to recover from mass infections, resulting in reinfections. Alcion prevents this vicious cycle by automatically detecting malware during backups and proactively filtering it out.

3.   Delayed Backup Deletions

Sophisticated attacks will attempt to compromise backups and take away the last line of defense. Even when backups are stored in a completely different environment and protected with robust security, the attacker may have compromised the credentials of backup admins and disguise their attacks as properly authenticated and authorized requests. Alcion protects against this case by intentionally delaying requests to delete backups by two weeks, giving administrators the opportunity to recognize and cancel requests that they did not initiate.

4.   Intelligent Backup Scheduling

Regardless of the threat vector, scheduling of backups directly impacts the ability of a business to meet its Recovery Point Objective (RPO) as outlined in a well-defined backup policy. Alcion analyzes data access patterns and uses predictive analytics to determine the optimal times to perform backups in order to minimize the potential data loss window.

5.   XDR Integrations

In addition to robust native capabilities to detect threats and initiate the appropriate response, Alcion also leverages external Extended Detection and Response (XDR) solutions, such as Microsoft 365 Defender, to further its capabilities. Integrating with Microsoft 365 Defender components such as Cloud Apps, Identity, and Endpoint provides Alcion additional threat signals that can lead to more precise attack detection.

Final Words

When it comes to data and Office 365 ransomware protection, businesses cannot afford to take risks. This necessity brings to light the pivotal question: why backup Microsoft 365?

That’s why the Alcion comprehensive backup software for Microsoft 365 leverages advanced technologies such as AI and multi-layered security to ensure your data is always secure.

Check it out for yourself, you can try Alcion for free! The trial runs for 14 days, and no credit card is required. Find instructions on how you can get a free Microsoft 365 test/sandbox domain in five minutes and use it to trial Alcion. If you have questions or need support, find us on Discord or contact us via our support page.

Georgi Matev
Author
Georgi Matev
Head of Product

Georgi Matev is the Head of Product at Alcion. Georgi has spent his entire career in Product Management for enterprise B2B and B2B2C companies in a number of verticals including storage and data protection, AI infrastructure, healthcare, and travel tech. Most recently, he held product leadership positions at Domino Data Lab and Kasten. Georgi holds an MBA from the Stanford Graduate School of Business and a BA from Harvard University.