MVISION Cloud for Microsoft Azure extends Activity Monitoring and Security Configuration Audit features to your Azure infrastructure. To detect internal and external threats to Azure infrastructure, MVISION Cloud captures a complete record of all user activity in Microsoft Azure across multiple heuristics, detects threats, automatically takes risk-mitigating action, and supports forensic investigations. As threats are resolved, MVISION Cloud automatically incorporates this data into its behavioral models to improve detection accuracy.
MVISION Cloud also detects compromised account activity in Azure based on brute force login attempts, logins from new and untrusted locations for a specific user, and consecutive login attempts from two locations in a time period that implies impossible travel – even if the two logins occur across multiple cloud services – to support immediate remediation and limit exposure.
MVISION Cloud automatically constructs a behavior model with dynamic and continuously updated thresholds for each user and group to identify activity indicative of insider threat. Privileged User Analytics identifies risk from inactive administrator accounts, excessive permissions, and unwarranted escalation of permissions and user provisioning.