Assess (and remediate) insider threats in minutes with CoreView

Assess (and remediate) insider threats in minutes with CoreView
Summary
  • Swift risk identification and correction ensured IT operations stayed on track
  • Prevented leakage of sensitive data, including trade secrets and executive info
  • IT team efficiency preserved, keeping systems stable and secure
Download case study

Headquartered in Canada, this diversified holding group plays a vital role in the nation’s energy and utilities sector. With interests spanning power generation, natural gas distribution, and electricity transmission, it’s a cornerstone of Canada’s energy infrastructure. Beyond energy, the group ventures into real estate, transportation, and logistics.

The challenge

An employee was potentially accessing sensitive data, drawing the attention of the company’s IT team who flagged the activity. The company wasn’t quite sure what data the employee had, the scope of the risk, or who the employee might have shared the data with.

The executive team needed more information on the potential threat and its impact. Every extra minute it took to assess the situation was another minute the company was at risk. The company’s executives asked the IT team to produce a list of all the activities the suspicious employee had performed while working there to assess the severity of the situation and determine a response.

Quote top graphic

"The real benefit I see is giving people the ability to be operators and dig into the data themselves. See a problem, grab the data and work on a solution in near real-time."

– Executive at the Canadian Company

The solution

With CoreView’s M365 audit log feature, IT operators easily gathered the relevant details. Within minutes the audit log was pulled, filtered by the User Principal Name, and pivoted to provide the data to the company’s executives. Something that normally would take hours and a significant amount of chasing was done in under 10 minutes.

“The real benefit I see is giving people the ability to be operators and dig into the data themselves. See a problem, grab the data and work on a solution in near real-time,” a company executive said.

The IT department was able to create a comprehensive report detailing all the data the employee accessed. They also could evaluate what actions the employee performed while working at the company and whether those actions were appropriate.

The impact

The speed and accuracy of the process allowed the company to quickly determine potential risks to their Microsoft 365 (and to the organization as a whole) and take corrective action. That also meant that the IT team could continue in their daily activities, keeping the company’s systems up and running smoothly.

Because they were able to catch the problem early—and immediately respond—the company was able to prevent the exfiltration of sensitive data, including trade secrets, information on high-level executives and future-looking company plans.

Get a personalized demo today

Created by M365 experts, for M365 experts.