Augmentt has added near real-time alerting for Microsoft 365 to Secure, the SaaS security component of its cloud management platform.
The new functionality, which is available immediately to Augmentt Secure subscribers at no additional charge, builds on email-based alerting introduced in July by gathering threat information from Microsoft via API-level connections and delivering it directly to the Secure interface. Augmentt previewed the forthcoming functionality to ChannelPro early this month.
The impact for Secure users will be faster notification of Microsoft’s latest threat intelligence, according to Augmentt CEO Derik Belair, who notes that while Microsoft distributes alerts via email roughly every quarter hour, Augmentt now collects threat updates straight from Microsoft once a minute. Alerts received via the API are more detailed too, he adds.
“The API really gives you a lot of information,” Belair says.
Alert categories covered by the new feature span from suspicious login locations and failed login attempts to policy violations like disabling multifactor authentication. Users can define rules for escalating alerts, based on type as well as severity, that include forwarding them to a specific technician or to their PSA solution.
“You’re able to create custom rules as to where and how you want to process those alerts,” Belair says. “It’s as customizable as you want to make it.”
To help users avoid “alert storms,” he adds, the system provides estimates for how many alerts a proposed rule is likely to escalate in the next month based on historical data from the prior month.
At present, Secure recommends remediation actions for new alerts, but doesn’t execute them. By early next year, Belair says, users will be able to define automated responses for specific kinds of alert, like resetting passwords or suspending users.
“You’re going to be able to create templates to say, ‘when this happens, automatically do this, then notify me,’” Belair explains.
Enhancing the Augmentt platform’s alert response capabilities by weaving Secure together more closely with other platform components is also on the roadmap for coming months. Ultimately, Belair says, users will be able to draw on physical endpoint location data in Augmentt Discover, the vendor’s SaaS application inventory system, to more accurately identify malicious overseas logins, and use functionality in the Augmentt Engage monitoring and management tool to perform a wider set of automated countermeasures.
Secure’s new alert capabilities expand on functionality in Augmentt Email & Notification Console, a “free forever” solution introduced in July that’s designed to recognize and take automatic action on notification emails from Microsoft about security issues and other topics.
They also arm Augmentt to strengthen the agreement it signed with SeedPod Cyber in June, which is designed to help partners get discounts on cyber insurance coverage for their clients, by enabling the Augmentt platform to offer proof to SeedPod of declining threat volumes over time.
“Up to now, we’ve been doing the auditing and giving you a tool to do remediation,” Belair says. “The alerting piece was kind of the final piece that they were looking for.”