In the past decade, more organizations have transitioned into Microsoft 365 and Microsoft Azure environments to better manage their resources. This change has also increased the number of attacks targeting these popular platforms.
USA ups Microsoft 365 security
In light of these changes, the Cybersecurity & Infrastructure Security Agency of the United States has released a free-to-use tool that would detect malicious activities in the M365 or Azure environments. It is expected that incident responders and security administrators can use the tool to detect intrusions at the earliest and prepare with the right set of countermeasures.
The free tool from CISA, Homeland Security, is called Sparrow.ps1, and the Cloud Forensics team of the CISA has contributed a lot to its development. The official GitHub page of the tool indicates that it should not be considered a complete replacement to intrusion detection systems.
Instead, CISA has built the tool to narrow down the possibilities that may have caused the malicious entry in the first place. According to an official description, Sparrow.ps1 will install the necessary PowerShell modules on the system. It will keep an eye on specific indicators to predict whether the system is under attack or any malicious elements are present within the file system.
Unlike the other detection utilities available for Azure and Microsoft 365, Sparrow.sp1 is completely free to use and is available in the worldwide public domain. It means the tool would receive further updates from the public domain developers’ community in the near future.
CISA says that its Cloud Forensics team has analyzed a huge number of recent attacks to the Azure/M3365 platform to understand the common factors, which can then be used by Sparrow.sp1 to detect an upcoming attack before the team sees the apparent issues.
This announcement comes when Microsoft increases the level of protection offered in the Azure and Microsoft 365 platforms. In related news, the company introduced a feature that alerts administrators if an incident is detected.
However, what makes Sparrow.ps1 is a compelling choice is that the Department of Homeland Security always has more data at its disposal than Microsoft has, meaning that it could do a better job of threat detection as well.