Yesterday we watched an interview with white-hat hackers and how and why your organization finds itself in the cross-hairs (it’s not you, it’s them, and by “them”, we mean it’s mostly just unattended bots on the Internet). There’s some good stuff in the video, but their key takeaways for ensuring your assets are safe are to:
As an adjunct of that last one, one of the panelists stressed the importance of properly inventorying your systems.
We’ve been beating a security drum for the past few months that might sound fairly similar to those salient points: enable multi-factor authentication! protect mailbox users with anti-phishing & credential theft controls! patch patch patch!
It may also sound fairly similar to the center for Internet Security’s top 5 most important security controls (paraphrased):
It is absolutely critical for modern connected organizations to understand the current threat landscape, and as we pointed out to attendees at the Microsoft Tech Summit in Atlanta, it’s a heck of a lot easier to get users to compromise your security than it is to brute force through your perimeter defenses. Recent attacks like the Winter Olympics counter-terrorism message and pivoted financial attacks on payroll systems show that attackers are still constantly evolving their methods.
If you haven’t looked at the top 20 CIS controls recently, or need a refresher, here are the other 15 (again, paraphrased):
What is interesting here is that, with the exception of configuring the actual network devices, Microsoft 365 actually has a solution for every single control on the list. That’s pretty crazy to think that you can knock out 18 of 20 critical controls with one tool.
And that would be pretty cool even if that were the extent of it, but honestly, it’s not. Take malware defenses & analysis of audit logs: with integrations between Windows Defender ATP, Azure ATP for Users, and Office 365 ATP, we can see an attack across multiple vectors and drill down from one control surface to the next with 1:1 incident correlation. Tack on the recently-announced Office 365 Attack Simulator, and you’re armed with powerful tools to not just respond, but to assess and fill gaps in your security training & configurations.
And if we’re feeling particularly frisky, we can activate Azure Log Analytics and the Azure Security Center (both at free tiers) to monitor for update compliance, best practices, application compatibility, and threat management across our deployments. If you haven’t looked at using Log Analytics to get insights into your Windows 10 deployments, you should consider it. It’s totally 100% free to use, and now deployable without a big cumbersome script.
Before we veer too far off the subject of the CIS, on Tuesday they released their Microsoft Azure Foundations Benchmark. It’s free, and if you are or are considering using Azure, we strongly recommend downloading a copy (free registration required). At 200+ pages, it’s not a quick read, but it gives some great standardized best practices guidelines to secure your Azure environment, with guidance from identity to SQL instances to VM’s to tying it all together with Azure Security Center.
For every recommendation, it provides a description, rationale, remediation, impact, default value, reference(s), and how that setting corresponds to those same 20 guiding controls for system security.
Just like with the Office 365 Secure Score, some of the recommendations just won’t work well with your particular installation. And that’s ok. The goal is to align your security practices with the 20 CIS controls where practical, and meet at least the first 5 controls where possible.
Posted: 5/29/2018 8:57 AM
Working in the cloud space is an amazing ride. We see changes happening in monthly increments. At times we’re sitting around and talking about functionality we’d like to see in the cloud …