Join the next in-person event in London - spaces limited:

register now
Close Notice

secure365 – Analyst Insights in 60 Seconds – May 2026

Posted : 28 May 2026

Posted In : News

AdobeStock_850400108 (1)

This month, secure365 analysts reviewed and closed incidents involving endpoint malware detections, suspicious file activity, firewall and VPN investigation, possible data exposure, external sharing, and emerging Defender-related threat activity. 

In endpoint cases, analysts checked suspicious files, file reputation, quarantine status, network connections, and device logon activity to confirm whether there was evidence of wider compromise. In data-risk cases, analysts reviewed anomalous downloads and external sharing activity, checking permissions, Microsoft infrastructure, recipient reputation, and whether the behaviour indicated account compromise or user-driven risk. 

The team also investigated firewall and VPN activity where suspicious infrastructure suggested possible jump-host style access, and provided analysis to help the customer decide whether deeper log ingestion was worthwhile. Alongside live incident work, analysts carried out threat hunting and worked with the Softwerx DevOps team to deploy custom Sentinel analytics for emerging Microsoft Defender zero-day activity. 

Actions taken by analysts included: advanced hunting, file and URL reputation checks, review of sign-in and device activity, customer escalation where needed, session revocation, sign-in blocking recommendations, device isolation where applicable, and clear closure notes explaining what was found and what action was required. 

Why it matters: many alerts are only the starting point. secure365 analysts investigate the story behind the alert, confirm whether there is real risk, and take action to contain or explain the issue. 

secure365 value: analyst-led investigation across Microsoft Defender and Sentinel, practical containment guidance, and customer-ready incident closure that explains what happened, what was checked, and what action was taken. 

Check in next month for more SOC Analyst Insights from Softwerx!

Search insights

Share this insight

Related insights

Getting started with us couldn’t be easier.

Just use the form or call us on +44 (0) 1223 834 333 to set up a call.

Sign up for our monthly Security Decoded newsletter
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.