Take a Security Health Check with assess365
By Andrew Dansie, Microsoft Security Solutions Architect, Softwerx
What is it and why do you need it?
In a world where navigating the cybersecurity landscape is not easy, not having a security health check is like flying a plane without a GPS – you won’t really know where you are or where you are going.
So, how can you assess the current security position of your infrastructure and map out the way ahead? The answer lies in transforming data into actionable information and information into valuable knowledge. Accomplishing this amidst the vast sea of settings, logs, and policies in an IT environment can be an overwhelming manual task—one that demands sophisticated programmatic tools. Ultimate oversight and governance require the discerning judgment of human expertise.
This is where assess365 security health check comes in. assess365 offers a quick and easy AI-driven cybersecurity assessment of your infrastructure, including Microsoft 365 and Azure. The process is consultative and it is all aligned with internationally recognised CIS? standards, based on the CIS v8 framework.
CIS v8
CIS (Center for Internet Security) is a global community-driven organisation with the aim of safeguarding public and private organisations against cyber threats. assess365 harnesses the CIS controls to create a framework for analysing and informing on your security posture.
The CIS v8 controls consist of 18 top-level controls, which, themselves, divide into sub-controls (known as ‘safeguards’).
These safeguards are classified into three ‘implementation groups’ – IG1, 2 and 3, with IG1 being the lowest of the groups and aimed at ‘basic’ cyber hygiene. If you are just starting to get to grips with putting a formal framework around your security systems, then IG1 is probably the best place to start. As those controls are formalised and embraced by your organisation, you can then think about moving forward to the IG2 set of safeguards or going straight on to IG3.
assess365 comes in two flavours – the ‘quick’ and ‘full’ implementations. These map to the CIS IG1 and IG3 safeguards. The graphic below gives you an idea of the controls as they relate to the implementation groups. For more in-depth information, visit the CIS website – CIS Critical Security Controls Implementation Groups ( cisecurity.org )
The assess365 Process
Two methods are involved in the assess365 Process – the questionnaire and the infrastructure scan.
The questionnaire is a consultative process – we will guide you through each question. Various topics are covered following the CIS v8 framework. Depending on whether the full or quick assessment is being undertaken, there can be up to 18 top-level controls and differing safeguards.
In tandem with the questionnaire, we programmatically gather information from your desktops, laptops, Active Directory, Azure, Office365 and email settings.
Together with the questionnaire answers, a report and presentation are compiled. These are discussed with you and suggestions are presented to help improve your security posture.
This is all fine – and extremely useful – as a one-off exercise, but security doesn’t stand still.
assess365 gives you the benefit of being able to schedule the reports during the year to keep on top of your security roadmap, and by giving you an indication of the progress since the last scan. It also helps you address new components as the CIS controls and vulnerabilities evolve.
Below, we'll dive a bit deeper into the mechanics of the scanning process.
How does it work?
The Azure and Office365 scans employ an Azure Application that will discover and extract information from Intune, Office365 components (SharePoint, Exchange etc), Azure AD and the various versions of Defender.
Endpoints are scanned with a script that can be deployed via GPO, Intune or run manually if required.
Azure AD is scanned via LDAPS.
This all feeds back into an application that is usually hosted on a dedicated Virtual Machine (typically in Azure, but this can also be done on-premises).
The questionnaire responses are also logged in this application, which will then create the bare bones of a report that will be further refined by one of our consultants.
The Report
The report is a detailed analysis based around the CIS controls discussed earlier. Gaps in security settings and policies are highlighted and a road map of improvements are presented. This roadmap is divided into immediate, 30–90-day and 90 day+ actions to provide a practical plan of action.
The report presents the findings as a ‘maturity level’ and ‘maturity score’ as displayed here. This is based on a model developed by Microsoft (Security Maturity Model) and is consistent with the Software Optimisation Model (SOM).
This is how they are presented in the report itself.
领英推荐
This is an easy way to present an overview of how well the organisation is approaching cyber security defence. It also provides a benchmark to measure against in future assessments.
Action plans are drawn up and presented in a format that both identifies the actions and provides suggested software or licensing to help achieve the goals.
The maturity scores are further broken down to provide a focus on where your attention should be aimed. For instance, the below extract of a quick scan shows that ‘Audit Management’, ‘Malware Defences’ and ‘Incident Response Management’ are all well under control, but ‘Network Infrastructure Management’ needs to be addressed.
?The questionnaire is further analysed and presented with ‘urgent’ and ‘high’ recommendations to allow a focus on the most important issues to tackle. Advice and recommended products are presented to help further research on how to resolve the concerns.
The technical data is then included – I won’t go through the full details as it is a very extensive report, but in short, it includes a status, conclusion and recommendation in following areas:
Device Encryption, PII (Personally Identifiable Information) exposure, shared documentation and links, unused accounts, accounts without MFA, privileged accounts, updates and patching, email (SPF, DKIM and DMARC), Antivirus, Cyber Security Awareness and more
It is a very in-depth technical analysis that would take many days to perform manually but thanks to the AI-powered process is vastly accelerated. The following is a snippet from one of the report sections.
The Presentation
As discussed, the report contains a lot of detail and information and, although there is an ‘executive summary’, it is probably more use to IT senior management – this who we typically deliver and discuss the report with. One of the goals of the assessment is to align the IT and Security teams with the Business Management teams. This is delivered remotely via a TEAMS meeting or in-person. We advise that the decision-makers from the IT and non-IT sides of the business attend to gain the maximum benefit from the process. This gives the opportunity for all sides to gain an insight and appreciation of the cyber security position of the company.
The following example of one of the slides shows how we present an overview of the topic for more in-depth discussion which is driven by all the attendees. We’re not just madly clicking through the slide deck!
PowerBI Reports
As a bonus we can also provide you with a PowerBI report from the data export. Because this is sensitive data, we only provide this on your Office365 tenant (you will need a PowerBI Pro license).
An example of a few of the PowerBi pages are shown below.
Key Take-aways
assess365 provides a holistic view of the cybersecurity position together with fact-based recommendations based on an internationally recognized cybersecurity framework.
assess365 provides you with detailed insight into your company’s security posture. It is designed for IT and CISO functions, a tailored report will be provided with an action plan. For the Business Management roles, a tailored presentation is provided including a roadmap and Interactive PowerBI reporting is provided.
Navigating the cybersecurity storm without a GPS is risky business. assess365 provides a clear understanding of where you are so you can set coordinates for cyber safety.
Microsoft Security Specialist@ Softwerx London
5 个月Take a Security Health Check with assess365