Oh! 365 - Avoid an "Oh ****" moment in Office 365

Dan Whalen (@vac4n7) Oh! 365: Avoid an “Oh ****” moment in Office 365 “You mean I don’t have to host Exchange? Where do I sign up!” These days, it only takes a few clicks to spin up a fully provisioned Office 365 subscription that gives your users access to all of their favorite office productivity apps they ?love? without all of the operational overhead and licensing headaches IT hates. As usual, though, security is often an afterthought. It’s easy to overlook how these services impact your risk profile and it can be confusing to figure out exactly what you should be worried about or how to respond if something does go wrong. In this talk, we’ll walk through real examples of how attackers have used O365 to compromise organizations. We’ll also share techniques we’ve used to investigate and detect O365 compromises. Finally, we’ll share how you can mitigate some of the key risks in O365. You’ll leave with a clearer picture of risk exposure and a bag full of tips and tricks that you can go implement! Dan is a Detection and Response Lead at Expel, a transparent managed security provider. With many years of experience in security operations at scale, he’s been exposed to a ton of different environments, unusual attacks, and challenging security problems. Dan holds a BS in Information and Security and Forensics from the Rochester Institute of Technology and is an avid learner / conference goer. Lately, he’s been focused on helping organizations detect and respond to security threats in their cloud infrastructure.