Microsoft 365 + Qostodian: Proactive risk monitoring for workstations now extended into Microsoft cloud apps

In this 6 minute read, you’ll gain an understanding of the core Qostodian value proposition – and what it means to Microsoft customers.

Prefer to listen instead of read? At the bottom of the page, you’ll find a video of Qohash’s lead product manager summarizing the value of the integration for Microsoft users.

About Qostodian

I get approached by 100s of vendors. My tech stack is massive. Sum up for me why I should consider Qostodian.

Qostodian is a SaaS data security platform designed to deliver in-the-moment insights that drive proactive risk management. 

The majority of solutions on the market, including DLP, employ a “reactive” approach to managing risk–meaning they detect and respond to problems after they occur. 

Using DLP alone, data security teams are stuck in incident response mode, limited in their ability to take preventative action.

The Qostodian platform becomes the layer BEFORE your DLP. It’s the intelligence layer on top of your DLP that makes it more effective.

Also, Qostodian double encrypts data. The platform never makes a copy of customer data in order to scan it. Complete security is maintained. 

Getting proactive

Qostodian leverages patent-pending “data element tracking” technology to deliver the powerful risk indicators that shift security teams into proactive threat-response mode. 

At a high level, here’s how it works:  

1. First, it looks INTO files, to gain a comprehensive picture of organizational risk.

2. It then takes data found in files and classifies and inventories every discrete data element, both on-premises and now, in the cloud.
3. Next, Qostodian monitors employee interactions with each sensitive data element and flags risky behavior in real-time.

By cross-referencing two fundamental elements of organizational risk – employees + interactions with sensitive data elements – Qostodian delivers insight to drive intervention.

Granular insights

Desjardins, the 37th largest bank in the U.S., with more than $86B in global asset management, leverages the Qostodian Prime tier of the platform to monitor 55,000 endpoints. Armed with powerful risk indicators, they intervene in real-time with alerts the instant risky behavior by negligent or malicious insiders occurs.

Here are the main points of enhancement that we offer:

1. Workstation coverage

• Full inventories at endpoints and the ability to integrate to Microsoft DLP. While Microsoft offers DLP at endpoints, the extent of their offering is to provide blocking on sensitive data. No visibility is offered to what’s sitting on the endpoint until a very specific action is taken.

2. Early warning risk indicators

• Ability to view risk levels for individual employees, and each department.

• If an employee appears risky, drill down into their “risk profile,” benchmark between employees, and add specific employees to a “watch list.”

• View a monthly organizational risk evolution report to see changes over time.

• Real-time alerts are generated to SOC teams based on policy violations and risky employee behavior such as data accumulation, exfiltration and deletion.

3. Faster incident response with indexed search

When an incident occurs, every second counts. Qostodian saves teams valuable time when it counts the most.

• Operating at a deep, granular level means that if our customers want to search for a specific piece of potentially leaked data, they can drop in that credit card and find every location it exists–in milliseconds.

• They can also see a full visualization of how that piece of data propagated across employees and locations over time.

4. Coming soon

• User defined sensitive information (UDSI) searches
• Automated remediation actions based on specific policy violations conditions 
• An integration with Microsoft Purview file labeling to enhance DLP effectiveness and add labeling on workstations

The integration

Jean Le Bouthillier, Qohash’s CEO, said it best in our recent press release.

We revolutionized workstation monitoring with our highly sophisticated sensors, providing 24/7 visibility in even the most complex environments. Our success in deploying this technology at scale with Microsoft customers set the foundation for the logical next step: adding coverage for Microsoft 365. By covering the hardest part, workstations, M365 coverage becomes an easy and valuable addition. We’re committed to increasing coverage to provide our customers with one simple data security platform that covers all of their blindspots.” 

-Jean Le Bouthillier

Benefits

Now available in the Azure Marketplace, Qostodian for M365 includes immediate coverage for OneDrive, with Outlook, Sharepoint, and Teams forthcoming. 

In addition to shifting into a proactive security posture, Qostodian enhances Purview coverage in three key ways:  

1. Enhanced security coverage with the ability to find and scan files of all sizes at endpoints and other on-premises locations. 
2. Zero limitations on scanning of file types (over 135 extensions) 
3. Retain complete control of your data. Qostodian connects through Microsoft’s API, so it does not break the security chain by making a copy of customer data to scan. 

Ready to learn more?