Cado Security has recently introduced new features to its platform, enabling collection and analysis support for SaaS environments, enhancing the response to Microsoft 365 compromises. The platform's heightened functionality promises organisations a better understanding of the scope and impact across SaaS, on-premise, and cloud environments.

From now on, clientele will be able to acquire Microsoft 365 Unified Audit Log (UAL) on the Cado platform to investigate and respond effectively to Microsoft 365 compromises, such as business email compromise (BEC), account takeover (ATO), and insider threats. This significant feature will allow security teams to comprehensively analyse UAL logs and other critical sources captured across on-prem and cloud environments.

James Campbell, CEO and Co-Founder of Cado Security, articulated the importance of this advancement, stating, "With Microsoft 365's rapid adoption and the ever-increasing amount of critical data being stored on its ecosystems, the rate and scale of attacks should not be surprising. Overburdened security teams need automated solutions that give them visibility into their organisation's entire environment and enable a proactive response to suspicious activity."

Campbell continues, "Our new collection and analysis support of SaaS environments does just that by providing the much-needed tools to quickly identify, investigate, and respond to threats so organisations can continuously strengthen their security posture and prevent future occurrences."

BEC has become one of the most common and damaging threats to organisations, largely due to the reliance on email for transfer-of-fund requests. Attackers frequently manipulate tactics like email spoofing and phishing attacks to hijack legitimate email accounts and execute unauthorised money transfers. It's worth noting that between 2013 and 2022, BEC reportedly cost organisations over $50 billion globally, according to the FBI.

By making use of Cado's new feature, customers can automatically import Microsoft 365 Unified Audit Log (UAL) by timeframe, user, IP, or workload. Consequently, this allows security teams to swiftly examine and counter potential M 365 threats, simultaneously gaining a deeper understanding of their scope and impact using the Cado Security platform. By investigating UAL events in conjunction with other events, such as forensic artifacts of an impacted user's workstation in a central platform, security teams can promptly identify the origin of an incident, whether it stems from a phishing attack or malware infection.

The key capabilities that the Cado platform offers for rapid incident response includes Single-Click data capture with Cado providing fully automated or single-click evidence collection across cloud, on-premises, and SaaS environments. The Cado platform's patented cloud-native architecture capacitates the normalisation of hundreds of data formats in minutes. Automated investigations are powered by Cado's local LLM, delivering a high-level summary of an incident and automatically analyses potentially malicious files. Organisations can grasp the impact of threats with a complete visibility across their entire ecosystem since Cado seamlessly analyses SaaS, cloud, container, serverless, and on-premises assets within a single platform.