Respond automatically to compromised credentials in Azure Active Directory

One of the most important threats in cloud and SaaS environments for modern organizations is credential theft. Malicious actors who obtain credentials can disrupt your business by stealing internal intellectual property information, expose sensitive data that can negatively affect and impact your employees, business, and customers, or damage your internal and production systems by installing malicious software or inserting backdoor access.

Detecting credential theft can often be difficult as it can be hard to parse what behavioral events are actual indicators of compromise vs false positives. Red Canary’s security expertise and threat knowledge combined with our advanced detection techniques suppress and reduce false positives while rooting out real compromised credential threats before they can become actual problems. And now, Red Canary also helps reduce your time to respond to these threats in Azure Active Directory by adding automated response actions, helping you stop the threat before it begins.

Red Canary customers with Azure Active Directory can now set up automated playbooks to granularly respond to compromised credentials depending on the severity or potential impact of the threat. Admins can revoke session tokens, forcing users to fully re-authenticate to prove their identity again when suspicious activity is detected. For potentially more severe threats, admins can have Red Canary suspend a user’s account entirely. Once the user has changed their password and any potential issues have been resolved, automation allows you to unsuspend the user’s account.

For more information on the Identity Security workloads available through Microsoft, check out this blog post which describes the difference between Azure AD Identity Protection and Defender for Identity, and this blog which discusses Microsoft Conditional access.