Why now

Account takeover in Office 365 has become the largest threat vector in the cloud


Multifactor authentication (MFA), cloud access security brokers and email security all fail, here’s how:

Account takeover

Attackers can already steal authenticated sessions, even those protected by MFA.

Attacker movement

Attackers move across cloud service providers, SaaS and your entire workforce, blindsiding Cloud Access Security Brokers (CASB)

Unknown threats

Email filtering and anti-phishing struggles with targeted and unknown attacks.

Why Vectra

  • 30% of organizations suffer account takeovers every month, even with multifactor authentication. By understanding attacker behaviors and account privilege, Vectra puts an end to account takeovers.
  • Attackers don’t operate in silos. Your security solution shouldn’t either. Vectra tracks attacker activity that pivots between enterprise, data center, IaaS and SaaS. All from a single place.
  • Vectra AI-driven threat detection finds attackers who are in your environment and past the preventative security defenses, such as firewalls and CASBs.

Cognito Detect for Office 365

Detect and stop the largest attack vector in Office 365
Stop Account Takeovers by detecting account based attacks.
Advance your security solution
Combine attacker behaviors between on-prem, IaaS, and SaaS.
Put together Microsoft security telemetry
Find and stop active attackers in your Office 365 environments.

Office 365 kill-chain coverage

Custom detections for every tactic


Brute Forcing (including legacy protocols), suspicious logins , adding users to groups

Defense evasion

Disabling security monitoring and logging, bypassing DLP


Compliance eDiscovery searching, email search, file enumeration


Creating Power Automate flows, adding new accounts, installing malicious applications


Compliance / eDiscovery searching, email search, file enumeration


High-risk downloads, mail forwarding rules

Privilege escalation

Adding users to groups

Lateral movement

Internal phishing, watering hole / file poisoning, endpoint takeover via malicious mail rules


Encrypting files for ransom

Cognito Detect for Office 365

Protection against the largest threat vector in the cloud

Widespread threat coverage – Stop data breaches by detecting threats in Office 365

and leveraging AI to identify malicious behaviors and hijacked accounts.

    Deploy in minutes with a cloud-native approach that quickly starts to monitor, detect and stop attacks.


  Regain comprehensive security coverage between Office 365 and your local enterprise infrastructure.

    Stop unknown and known attacks and account takeovers in real time before they lead to data breaches.