Cyber Security

In 2015 it was reported that “time taken to detect and incursion was 205 days. It was also revealed that less than a third (31%) of organisations discovered an internal breach themselves last year, with 69% notified by a third party”

If your organisation has a Cyber Security breach where do you think it will originate and how much could it cost your organisation.

“Today, social engineering attacks on employees outnumber attacks on software. No matter how strong your technical security is, your employees are often the most vulnerable link in the chain”.

Of course, people are not the only threat when it comes to Cyber Security. Broadly speaking there are four action areas on which to focus you Cyber Security efforts.

Protect against identity compromise

Augment passwords with additional layers of authentication security. Detect unusual authentications and identify signs of breach early for a proactive notification of suspicious behavior. Respond automatically and elevate access requirements and provide risk-based conditional access.

Protect corporate data

Apply rights management, identify unsanctioned apps, thwart phishing, and contain, classify, and encrypt data. Detect un-authorised access and get notifications of any attempts for unauthorized data access, anomalies, and other threats. Respond with policies and block suspicious applications, revoke un-authorised access, and remotely wipe device data.

Control devices

Protect devices with encryption and manage company and personal devices to encrypt data and ensure compliance. Detect unusual activity and automatically identify questionable or compromised endpoints. Respond by blocking devices and quickly block, quarantine, or wipe any device suspected to be compromised.

Safeguard your Infrastructure

Protect servers and workloads and gain deep visibility into security health to monitor and enforce policies on cloud data resources. Detect baseline deviation and identify deviations and any sign of compromise early through behavioral analysis. Respond with new controls and deploy new security controls and quickly trace malicious attacks directly to the source.

At Vigilant.IT we have a methodology to help you in your Cyber Security efforts and we recommend that full consideration is given to Microsoft security products, as these products are fully built-in as opposed to bolt-on, in both Operations Management Suite (OMS) and Enterprise Mobility Suite (EMS).

Let’s take a closer look at these product suites, focusing purely on Cyber Security. We think you will agree that with these built-in Identity, Access and Security features your organisation can go a long way to alleviating the threat of a Cyber attack. We have extensive practical knowledge and expertise in these products and can help you apply them in your organisation.

With EMS you get the following features:

Azure Active Directory Premium

  • Secure single sign-on and self-service identity protection and management capabilities

  • Multi-Factor Authentication (MFA)

  • Risk-based conditional access through intelligent assessment

  • Discovery and restriction of privileged identities and their access to resources

  • Advanced security reporting including access and usage

Cloud App Security

  • Complete visibility into cloud app usage

  • Ongoing risk detection, powerful reporting, and analytics on usage

  • Behavioural analytics that assess risk and identify attackers targeting your cloud apps

  • Identification of anomalies and policy violations that may be indicative of a security breach

Azure Information Protection

  • Persistent data classification and protection that ensures data is protected

  • Safe sharing inside and outside your organisation with easy to use controls

  • Deep visibility and control of shared data

Microsoft Advanced Threat Analytics (ATA)

  • Identification of advanced persistent threats (APTs) on-premises

  • Detection of known malicious attacks almost instantly

  • A simple attack timeline with clear and relevant information

So you have got your threat detection covered but what will you do when you have to produce a Security Audit.

The Operations Management Suite Security & Compliance solution aggregates logs and event data from your environment to discover security threats and vulnerabilities within your infrastructure, and this becomes a critical data set for security audits. Security audits can happen at any time, and can stretch the resources of IT Operations. OMS, a cloud based Management System has the ability to access, search and correlate unstructured data quickly. This is vital requirement for the audit process. With OMS Security, you can have the insights required to provide a comprehensive security or compliance audit providing the following information.

With OMS you get the following features:

Complete and Accurate Log Data

  • Log and event data stored in the cloud to ensure complete data set

  • On-premises or cloud environments, Windows and Linux operating systems

  • Complete data set in a searchable format

  • Pre-defined security dashboards and alerts

  • Triggered alerts based on security events

On-Demand Accessbility

  • Export to Excel or Power BI

  • Data accessible via API

  • Leverage OMS advanced search to provide the specific data

  • Access critical data for investigations or compliance audits

Security Baselines

  • Proactive monitoring of security configurations

  • Built-in remediation recommendations

  • Based on Microsoft Windows security best practices