Recently minted unicorn threat detection and response startup Vectra AI Inc. today released a new report on threat detections for Microsoft Corp.’s Azure Active Directory and Office 365 and has found that risky Exchange operation detection was at the top of the list.

The report details the top 10 threat detections customers receive based on frequency when Vectra detects abnormal behavior in a customer environment. The data in the report is provided to help customers identify and fix attacks in cloud environments.

The report found that regardless of company size, risky Exchange operation detection was at or near the top of the list of detections seen by Vectra customers. That issues with Microsoft Exchange top the list does not come as a great surprise given that an attack by Chinese hackers gained widespread attention in early March. That attack prompted an emergency task force and then the unprecedented step of the U.S. Federal Bureau of Investigation legally hacking Exchange servers to remove vulnerabilities in April.

The report highlighted actions by threat actors targeting the Azure AD environment during a recent supply chain attack. The report also noted that Office 365 has piqued the interest of cybercriminals thanks to the platform’s large audience.

“Solving for the challenges organizations continue to see from cybercriminals involves understanding the behaviors adversaries are motivated to take,” Vectra said. “This means having the ability to collect and aggregate the data that uncovers these behaviors in a way that can be operationalized by security staff.”

John Morgan, chief executive officer at cloud cybersecurity detection and response company Confluera Inc., told SiliconANGLE that the cloud requires a different security mindset and strategy.

“The pace of application and network deployment is much higher with ephemeral workloads and infrastructure as code in the cloud,” Morgan explained. “The security tools and processes to keep with this high pace need to change.”

Security to be taken into account early in application development, he added. “Run-time security and visibility of what is actually happening in the environment is also required and paramount with the advanced nature of targeted attacks today,” he said.

Tim Bach, vice president of engineering at security management and posture solutions provider AppOmni Inc. noted that “to fully protect cloud and software-as-a-service data, security teams need to have ongoing visibility of the internal and external users who have access to data, including which third-party applications are connected to their cloud and SaaS environments.”

Photo: Vectra