Microsoft has announced the general availability of Automated Incident Response in Office 365 Advanced Threat Protection. These capabilities are designed to improve efficiency and effectiveness of organizational security by adding automation to investigation and response workflows. Here’s what you need to know about the new offering so you can take advantage of it for your cybersecurity team.

Benefits of Automated Incident Response

Today’s companies and organizations face a wide array of cyberthreats. So, security teams are often responsible for investigating a huge number of signals that can come from completely different sources. Responding to all of those incidents can be incredibly complicated and time-consuming, meaning that employees get bogged down and can sometimes even miss or delay responding to critical issues in a timely manner.

By automating parts of the process, the idea is that Automated Incident Response can help security teams save time, become more efficient, and respond to the most important or urgent threats right away. This can help companies save money and avoid serious breaches or similar issues.

How it works

There are a couple of different options for security teams using Automated Incident Response in Office 365 ATP. First, you can set up automatic investigations that are triggered when alerts are raised. These alerts can come from user-reported phishing emails, user clicks on malicious links, malware detected after delivery, or phishing detected after delivery.

You can also set up manually triggered investigations that use an automated playbook. Basically, this means that you can specify when you want to start an investigation, but use the tool’s automation capabilities for pinpointing the issue or source of trouble within an email. You can do this within Threat Explorer any time you have suspicions about an email or related content, like an attachment or hyperlink.


Source: Techgenix