Microsoft 365’s Next Security Target is the Malicious Insider

When we look at the security profile of a company, the first vector analyzed is often the outside threat. After all, it’s much easier to attack a firewall than it is to gain physical access to a building or a server.

But threats can come from anywhere, including inside your organization. Insider threats are not new and have been part of the security conversation for decades but today at Ignite 2019, Microsoft has announced a new security feature for Microsoft 365.

Called ‘Insider Risk Management’, this new tool is designed to identify hidden patterns that traditional insider threat models may overlook. The solution can leverage data across the Microsoft graph and third-party systems, like HR software, to identify the signals of an insider threat.

The system takes it one step further by anonymizing the data as well. That way, the person investigating the threat will not initially know the name of the potential bad actor which can help avoid conflict issues if the person is a co-worker or supervisor. Of course, the name can easily be unmasked as well but by default, the name of the person is hidden.

Insider threats can be significantly more harmful than an outsider as they have already passed the first layer of security for your organization. While there are certainly more outside threats than insider threats, those inside the organization have a much higher probability of inflicting harm than those still outside the firewall.

Insider Risk Management is entering private preview at Ignite 2019 with general availability likely arriving in 2020.