Reduce Business Email Compromise attacks

Welcome. This is Quest Unscripted. A vlog series on trending topics-- And Quest solutions related to Active Directory-- Office 365-- Oh, and don't forget, Azure AD. You are here because you have questions. We're here because we have answers. I think. We will address questions we've received from customers-- --who experience the same challenges as you. All with the goal of helping you confidently move-- --manage-- --and secure-- --your Microsoft environment. We call the show Quest Unscripted because-- --except for this intro-- --nothing we say is scripted or rehearsed. And we're pretty sure you'll notice that right away. All right, gents. Business email compromise. I'm hearing more and more about that, the Hafnium just attack were on premises exchange, but there's business email compromise where people are getting access to other individuals' mailboxes, both on premises Exchange as well as Exchange online. What can we do? Robert? Well, one nice feature about Change Auditor is that it can protect those mailboxes, those critical mailboxes. From on premises only, though, right? Right. That is true. From an on premises perspective, we can protect the mailboxes. We can audit. We can alert. Well, with the auditing and the alerting, you can do that with on prem or in the cloud. But the protection feature is only available with on premises. So that's an option. We also have on demand audit. So on demand audit will show you the non-owner activity against mailboxes. And you would know that within five minutes of it happening. And I like all the different data is being stored and staying up in SaaS, but that's one component. How things are changing? How do we identify who currently has access to different mailboxes? In that case, then I would rely on Enterprise Reporter to go out and produce these discoveries, pull in the data, and then run reports against who has access to what. Enterprise Reporter can go across many areas right on premises in the cloud, active directory files, file systems, et cetera, so it's a solution that can go in many directions. Look, if you look at our cyber security methodology for how we as Quest can help customers detect and mitigate these things, there's four areas that we look at. There is the continuously assess what you have in your environment. So your last question kind of falls within that. You can always tell you who has access to what. We detect and alert on changes, which was the previous question, which I want to know when something does happen. We can also remediate and mitigate, Rob talked about protecting objects as well. And then we can always investigate. It's always a learning process for us. And we go through this cycle over and over again. The end result is we are better secure. We know we learn from the mistakes. There's always going to be exploits. We learn from them and continue to become better. So what I'm hearing, we start off, we probably want to identify who has non-mailbox owner access, vet out if that's OK, then we can set up alerts if that's ever changed and deviated from, detect and alert me. So if it's bad, I know about it right away. And then it's a continuous cycle where we can go out there and fix it if that does happen. Yeah. All security standards kind of follow the same thing. They may have other additional steps. But for the most part, these are the security standards and this is how you become more secure, I believe. Great. Thanks, guys.