RocketCyber has added three security solutions for Microsoft Office 365 environments to its app-based threat monitoring platform for MSPs.
The newest members of the vendor’s “RocketApps” family are also its first foray beyond endpoint protection. The decision to build cloud security into the product as well reflects the reality that most ransomware attacks begin with a phishing email, according to RocketCyber President Billy Austin.
“In order to give MSPs complete visibility, we felt like we needed to tackle and address additional attack vectors beyond and above the traditional endpoint,” he says.
The company chose to focus specifically on Office 365 because it’s the most widely used online email and productivity suite among SMBs, and because Microsoft doesn’t offer centralized, multitenant administration tools for that system, according to Carl Banzhof, RocketCyber’s CEO.
“It’s all pretty much a black hole for the MSPs today,” he says. “They don’t have any manageability across all their customers.”
All three new solutions unveiled today are designed to overcome that gap by collecting security threat information from all of an MSP’s Office 365 accounts. The Office 365 Login Analyzer app, for example, highlights potentially unauthorized authentication attempts by listing both successful logins and unsuccessful ones that could be connected to brute force attacks.
“The value-add that we’re providing there is we take that [Microsoft] login data and then we enhance it with IP threat reputation information, geolocation data, and WHOIS data,” Banzhof says.
Users can filter out logins originating in known-safe geographies or limit the list to a particular set of suspicious locations, he adds. “If they don’t have employees traveling through China, then they’re going to want to know about anytime somebody logs in from China,” Banzhof observes. The system can also train attention on specific known malicious IP addresses and adversaries.
A second new RocketApp, called Office 365 Log Monitor, shows event data for all of an MSP’s Office 365 users, groups, Azure Active Directory entries, and more. “That allows them to review and triage those event logs to detect when suspicious or unwanted activity is taking place,” Banzhof says.
The third app, Office 365 Secure Score, consolidates account-level information from Microsoft’s Secure Score tool, which is designed to assess an end user’s compliance with security best practices and point out opportunities for improvement. “We’re aggregating that information across the MSP’s customer base, and giving him a single dashboard that he can go to,” Banzhof says.
All three apps are available now to MSPs in two of RocketCyber’s three license models. Subscribers in the company’s Professional plan, who operate RocketCyber’s software themselves, pay $1 per Office 365 user per month for each of the new systems. The apps are included at no additional cost for channel pros using the vendor’s managed SOC service, in which RocketCyber security specialists handle threat monitoring on an outsourced, as-a-service basis.
Officially launched in November 2018, RocketCyber’s solution features a mix-and-match collection of apps for functions like threat hunting, malware analysis, and malicious file detection. There are 19 apps in all at present. With the release of the Office 365 apps announced today, those systems cover both endpoint and cloud security. A new firewall log monitoring app due to arrive shortly will extend the platform into network security as well.