Microsoft 365 Security
Helping you defend against cyber criminals looking to exploit security gaps in Microsoft 365.
4 Pillars of Securing Your 365 Environment
So often we see organizations who purchase cyber security tools and services, such as deploying security appliances and anti-malware solutions, who then rarely have the time and resources to keep up with routine maintenance and monitoring of all the possible issues that can arise.
These security measures need to be routinely assessed as well as regularly updated with the latest signatures. Because of this, it is critical that cyber security is an ongoing process as part of any business function.
The Azure Cloud and Microsoft 365 professionals at Oakwood understand the challenges of addressing today’s security concerns. We’ve identified 4 primary pillars aimed at securing your users and critical business data. These include; Process & Governance Planning, Identity, Workforce & Recovery.
Security Incidents
Hoping a malicious attack will never happen to you is not a plan. The figures here should serve as a stark reminder that cyber criminals are becoming more savvy with each passing day and you need a team on your side that understands how to properly address today’s security concerns.
37%
Percent of organizations who were hit with ransomware within the last year.
54%
Percent of organizations in which cybercriminals successfully encrypted the target’s data.
65%
The percentage of data that was actually restored AFTER a ransom was paid.
$170,404
The average ransom amount paid by mid-sized organizations to recover their encrypted data.
Process & Governance Planning
Sustain and increase improvements, ensure asset coverage
The purpose of this phase is to actively discover and continuously improve the security posture of your environment. Review & update (if necessary) organizational processes to manage major ransomware events and streamline outsourcing to avoid friction.
Attackers are continuously looking for ways to monetize weaknesses in your security posture. Staying secure requires visibility to find and address these weaknesses and validate that the mitigations have been implemented successfully.
Implementation Approach
Sustaining and improving security requirements
Assign Responsibilities
Assess & Measure
Apply Recommended Improvements
Audit & Monitor
Exercise whole-enterprise recovery plans to build and strengthen organizational processes and muscle memory for this scenario
Update IT and security outsourcing contracts (if applicable)
Identity
Passwordless / MFA, Password Security, Detection, Administrative rights and more
Starting with critical impact admins, we’ll rigorously follow best practices for account security including using passwordless or multi-factor authentication (MFA). It’s here where we’ll implement a comprehensive strategy to reduce risk of privileged access compromises.
While MFA was once a burdensome extra step, Passwordless approaches today improve the logon experience using biometric approaches that don’t require you to remember or type a password. Additionally, zero trust approaches remember trusted devices, which reduce prompting for annoying out of band MFA actions. All other security controls can easily be invalidated by an attacker with privileged access in your environment.
Implementation Approach
Enforce Strong MFA or Passwordless Logon
Passwordless Authentication
Azure Mulit-Factor Authentication (MFA)
Third Party MFA
Increase Password Security
Azure AD Accounts
On-Premises AD
Audit & Monitor
Workforce
Collaboration & Email, Remote Access and Endpoint Protection
Our goal here is to implement best practices for email and collaboration solutions to make it more difficult for attackers to abuse them. We advise to follow zero trust security best practices for remote access solutions to internal organizational resources. Implement relevant security features and rigorously follow software maintenance best practices for computers and applications, prioritizing applications and server/client operating systems directly exposed to internet traffic and content.
Attackers frequently enter the environment by transferring malicious content in with authorized collaboration tools such as email and file sharing and convincing users to run it. Internet exposed endpoints are a common entry vector that provide attackers access to the organization’s assets. Prioritize blocking common OS and application with preventive controls to slow or stop them from executing the next stages.
Implementation Approach
Implement Advanced Email Security
Enable Attach Surface Reduction (ASR) Rules
Enable AMSI for Office VBA
Configure Azure AD
Maintain Software/Appliance (security updates, etc.)
Publish Remote Desktop
Secure Access to Azure Resources (Bastion)
Block Known Threats
Set Security Baseline
Recovery
Ransomware data protection, detection & response plan and secure backup
Finally we’ll want to ensure rapid detection and remediation of common attacks on endpoint, email, and identity while confirming critical systems are backed up and backups are protected against deliberate attacker erasure/encryption. Follow data protection best practices to ensure rapid and reliable recovery from a ransomware attack.
Minutes matter. Rapidly remediating common attack entry points to limit attacker’s time to laterally traverse & do damage is critical. Ransomware extortion (and destructive attacks) only work when all legitimate access to data and systems is lost. Ensuring that attackers cannot remove your ability to resume operations without payment will protect your business and undermine the monetary incentive for attacking your organization.
Implementation Approach
Migrate to The Cloud
Designate Protected Folders
User Permission Review (write/delete)
Prioritize Common Entry Points
Monitor for Adversary Disabling Security
Rapid Isolations
Backup
Ensure Rapid Recovery
Strong Protection (MFA or PIN require)
Strongest Protection (off-site / Azure Blob)
How To Get Started?
We have a variety of engagement options to help us get started. Contacting us below is the first step to securing your Microsoft 365 environment!
Microsoft Security Review
Validate configuration against requirements and surface opportunities for improvement.
Governance Strategy & Review
Find & close gaps in business processes as well as technical controls for cloud apps.
SIEM & CASB Workshop
Learn to deploy advanced cloud application monitoring solutions (SIEM + CASB).
Backup Best Practices Review
Validate backup strategy against industry best practices.
Cloud Migration Strategy
Comprehensive plan for migrating users, content, and devices to the cloud.
AVD Deployment
Demonstrate the capabilities and applications of Azure Virtual Desktop.