Fastrack Blog

Microsoft Security: Where to start your security journey.

Written by Brodie Hamdorf | July 08, 2020

Cyber-crime is one of the biggest threats’ modern businesses face. Today, cyber security breaches that compromise finances, company data and market trust are commonplace. No business, regardless of size or notoriety is immune from the threat. In fact, in 2019 one in three Australians were affected by cyber-crime and lost a grand total of AU$328 Million.

We face several threats from many attack vectors, but the common thread is that the majority of data breaches are instigated by actors with malicious intent. Of the reported Australian data breaches, 65% were malicious or criminal attacks, 35% were human error and 5% were system faults.

The opportunity for organisations is that the most common attacks are preventable by technology you probably already own.

Source: Notifiable Data Breaches scheme 12-month insights report

Phishing, spear phishing and ransomware are common attacks that Microsoft Security - if deployed in the right way - is equipped to prevent and remediate.

Microsoft has become a genuine security player 

You might not think Microsoft as a leading security organisation. But, with an annual investment of over US$1 billion dollars in cyber security, Microsoft has developed a holistic approach that covers everything from identity management to cloud security.

Every organisation has its unique environmental challenges and should approach cyber-security through their unique lens. With literally hundreds of security tools available in the Microsoft Security suite (especially if you have M365 E5 license) it can be hard to know where to start.

 

Where to start your cyber security journey.

There are some fundamental steps every organisation should consider as part of planning their security road map:

  1. Give some thought to the threats.
  2. Understand your security posture.
  3. Protect your users’ credentials.
  4. Setup a defence for the most common attacks.
  5. Look for ways to protect your data.
  6. Proactively manage applications.
  7. Setup effective security management processes.
  8. Remove the hard work by automating manual remediation.

 

1. Give some thought to the threats.

Before you start deploying any security measures, you need to understand what the threat actually looks like. Think about what the cyber criminals are trying to achieve and where your organisation fits into the mix. 

Where to start with Cyber Security: Start by thinking about the threats to your environment.

2. Understand your security posture.

Your security posture refers to the strength of your current cyber-security measures in predicting, preventing, and responding to cyber threats. Understanding your current posture is a great place to start and will help you plan your security strategy.

Microsoft Secure Score does much of the manual analysis work for you, by scoring your security posture. The higher your number, the better.

Learn how to use Microsoft Secure Score >

Although we don't suggest focusing all your efforts on getting the highest possible score, it’s a useful tool for understanding where the chinks in your armour are and setting security goals that make the most sense for your organisation. Go with your gut and don’t let the score solely control your decisions. 

 

3. Protect your users’ credentials.

Users are likely to be one of your weakest links. Of the reported Australian data breaches in 2019, 35% were human error. So how do we save our users from themselves?

MFA, MFA & MFA. For the love of security, just turn it on! This is the single biggest step you can take to protect your users' credentials and if you only do one thing after reading this blog, make it this.

 

Learn to protect user credentials >

Once MFA is setup, Azure Active Directory Identity Protection is the next tool to explore. Look at setting up conditional access policies, managing guest users and identifying and remediating risky sign-ins. Do all this, and you'll make it exceptionally difficult for any attacker to do damage, even if they have access to compromised credentials.

 

4. Setup a defence for the most common attacks.

If you have a constant niggling feeling in your stomach that someone in your organisation is going to fall for a phishing attack, you are not alone. Phishing is the number one reported scam in 2020.

Every organisation will have a varying level of digital literacy throughout it's user-base. It is our responsibility as IT pros to train our people to detect and report threats.

Microsoft Attack Simulator is a fantastic tool that simulates phishing email attacks with real life users and provides detailed reporting on user activity during the simulation (i.e. who clicked the dodgy link or gave out their credentials).

Microsoft also has improved its capacity to detect and thwart these kinds of attacks before they reach the user. Office 365 Advanced Threat Protection's Safe Links and Safe Attachments features actively scan for dodgy links or attachments before the user can open them.



Learn more about attack simulator >

Office 365 Advanced Threat Protection is very simple to turn on, requires very little configuration and your users probably won’t even notice it’s live until it automatically blocks a nefarious email.

5. Look for ways to protect your data.

One of the biggest challenges for IT pros is protecting company data, without disrupting user collaboration or productivity.

Wouldn’t it be handy if you could place stringent security measures on only your most sensitive data (e.g. financial and HR records) and allow all other data to flow freely?

Microsoft Data Loss Prevention (DLP) allows you to:

  • Identify sensitive information across many locations including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.
  • Prevent the accidental sharing of sensitive information.
  • Monitor and protect sensitive information in the desktop versions of Excel, PowerPoint, and Word.



Learn more about Data Loss Prevention >

Some of these features, if not deployed with real thought, can be disruptive to users. To avoid angry calls from non-IT folk, don't turn it all on at once. Provide your users with plenty of notice and education, start with the least disruptive measures and work your way up.

6. Proactively manage applications.

Australian organisations are adopting cloud applications at a rate of knots. Despite the great features and flexibility cloud apps offer, security is often low on the priorities list when evaluating and introducing new technologies. IT pros are often left with patchy and conflicting security measures that are impossible to manage.

Microsoft Cloud App Security (MCAS) aims to close the gap as an 'Access Security Broker' that provides visibility and control over data travel, and analytics to identify and combat cyber threats across all your cloud applications. MCAS provides tools that facilitate:

  • The discovery of cloud apps and services across your environment
  • The assessment of risks and compliance of each application in your environment
  • The simplification of cloud application governance
  • Continuous monitoring
  • The automatic detection of misuse of corporate apps

 



Learn more about MCAS >

MCAS is a significant step in the in unifying your approach to security across your entire environment and in our opinion, would place your organisation in the upper percentile of security conscious organisations globally.

7. Remove the hard work by automating manual remediation.


The cyber security landscape is constantly changing. Therefore, an understanding the latest capability of your security platforms and access to insights about your live security posture is paramount.

Microsoft Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help you prevent, detect, investigate, and respond to threats.

One of the most useful portals in the suite is the Microsoft Defender Security Center which allows you to monitor and respond to alerts of potential advanced threat activity or data breaches.



Learn more about Microsoft Defender ATP >

There are so many alerts to explore and configure, so it might take a while to figure out which alerts are most meaningful to your organisation. Once again, start small and build your list of automated remediation activities as you go.

8. Setup effective security management processes.


Cloud adoption has pushed the border of your digital estate beyond the boundary of your physical network. Your data and users are not only in the Microsoft ecosystem, and so building your Security Operations centre around one vendor will only result in part of the story being told.

Microsoft Azure Sentinel fills this gap by making it easy to collect security data across your entire environment including devices, users, apps, servers, and any cloud. Sentinel uses the power of artificial intelligence to ensure you are identifying real threats quickly and unleashes you from the burden of traditional SIEMs by eliminating the need to spend time on setting up, maintaining and scaling infrastructure.



Learn more about Microsoft Azure Sentinel >

The Microsoft Security stack is full of portals, tools and tricks, but there's not one right way to do it. So before you start your security journey, think about what the threat is, what your biggest vulnerabilities are, and start planning.