Your organisation faces a great multitude of challenges when it comes to safeguarding its precious data – and conditional access can provide the protection you’re after.
While its worth versus oil is still hotly debated, data remains an invaluable asset to organisations – hence why so many hackers and characters of ill repute want access to it. Keeping them out can be a tough job, but conditional access is here to help, acting as something of a bouncer to make sure only the right people get through the door.
What is Conditional Access?
You can guess what conditional access is from the name: permission to view data or applications is restricted, unless users can meet certain conditions. It’s another way of saying that every attempt to access sensitive data is verified against criteria to ensure they’re genuine and safe – in the case of our bouncer on the door, it’s a well-vetted guestlist.
Every month, Microsoft updates more than a billion PCs, services more than 450 billion authentications, and analyses more than 200 billion emails for malware and malicious websites. All of this data is pushed into the Microsoft Intelligent Security Graph, enabling Microsoft to identify where the most serious threats come from.
All of those analytics trickle down to users such as yourself, providing preventative insight into what’s putting your data at risk. The best part? That information helps to demonstrate how conditional access can neutralise the threat before you even have to worry. Let’s take a look.
- Leaked Credentials
Microsoft security researchers search for credentials that have been posted on the dark Web, which usually appear in plain text. Machine learning algorithms compare these credentials with Azure Active Directory credentials and report any match as “leaked credentials.”
- Impossible Travel or Atypical Locations
Machine intelligence detects when two sign-ins originate from different geographic locations within a window of time too short to accommodate travel from one to the other (think appearing in Manchester, and seconds later, New York). This is a pretty good indicator that a bad actor succeeded in logging on. Machine intelligence also flags sign-ins at atypical locations by comparing them against past sign-ins of every user. Sign-ins from familiar devices or sign-ins from or near familiar locations will pass.
- Sign-ins from Potentially Infected Devices
The Microsoft Intelligent Security Graph maintains a list of IP addresses known to have been in contact with a bot server. Devices that attempt to contact resources from these IP addresses are possibly infected with malware and are therefore flagged.
- Sign-ins from Anonymous IP Addresses
People who want to hide their device’s IP address – often with malicious intent – frequently use anonymous proxy IP addresses. A successful sign-in from an anonymous IP address is flagged as a risky event. If the risk score is medium, a risk-based conditional access policy can require multi-factor authentication (MFA) as additional proof of identity.
- Sign-ins from IP Addresses with Suspicious Activity
Multiple failed sign-in attempts that occur over a short period of time, across multiple user accounts and that originate from a single IP address, also trigger a risk event. Traffic patterns that match those of IP addresses used by attackers are a strong indication that accounts are either already compromised or will be very soon, although the traffic pattern may also originate from an IP address shared with multiple devices via a router or similar device.
All of the above makes our metaphorical bouncer much more effective at discerning who gets entry because there are more criteria to meet, and they’re much stricter than simply having the right username or password.
To find out more about how conditional access can keep your critical data safe, or to learn about risks to your business, be sure to get in touch with our helpful experts.