I find it mindboggling to think about how many aspects need to be considered for solid security. And I wonder how many of these are practical or realistic to consider? Let’s look at some of these and talk about a cheap and easy way to move forward.
There are a plethora of options and approaches. First, there are the many different frameworks to conceptualize security, e.g., NIST, CIS/SANS 20, SOC2, ISO 2700. Then there are the many individual steps you can take to bolster your defenses, such as vulnerability testing, multi-factor authentication, conditional access, getting proper policies in place, training users and so on. Add to these the many comprehensive suites to do the work for you and help you respond automatically. Some of these suites include Red Canary, ActZero, CrowdStrike, Arctic Wolf, Sophos and many more.
We have worked with all the above-mentioned frameworks, components, and comprehensive suites. We find that there is one security essential that is easy to do and is low cost. It is easy for you because you don’t have to devote much time to preparation and the remediations are generally straight-forward and quick to implement. It is easy for us since we have done these about a zillion times (just a rough estimate). Since we have done so many, we have been able to standardize and offer a low price.
I am thinking of CGNET’s AD Audit and Microsoft 365 Security Posture. We generally include this component in our assessments. I thought it might be useful to break out this service separately since it is affordable and often has a handsome ROI.
Don’t Shut the Barn Door After the Horse Has Gone
An amazing number of the breaches that we see involve forgetfulness: an old laptop that is only used to show PowerPoints in the conference room; a user account that still exists even though user has left; an admin account that was temporarily set up but then forgotten; an old firewall or switch not thought to be in use, and so on. Hackers find these as useful access points to your network and exploit them. Fortunately, an audit of your Active Directory and Microsoft 365 environment can quickly look for and tell you how to fix many potential vulnerabilities that may have been overlooked.
Curing Forgetfulness
CGNET has developed a simple set of routines that can help find items that may be overlooked. As part of the AD Audit and Microsoft 365 Security Posture, we do the following:
- Conduct an Active Directory “hygiene” check that looks for
-
- inactive user accounts
- user accounts with no password expiry
- user accounts with expired passwords
- user accounts with locked passwords
- accounts with numerous login failures
- accounts with privileged rights
- Active Directory configuration
- Review your Active Directory and Microsoft 365 domain administrator accounts for
-
- number of accounts
- assigned roles and privileges
- multi-factor authentication review
- sign-ins
- Check to see if a complex password policy exists and is being enforced.
- Determine if any accounts exist for use by IT service providers.
- Examine Microsoft 365 security reports.
- Check Exchange Online Protection reports.
- Review sharing permissions set for SharePoint Online and OneDrive for Business.
- Check administrator audit logs.
Avoid an Accident Waiting to Happen
By looking at some basic information in your AD and Microsoft 365 environment, CGNET can add to your quiver of cost-effective security essentials. If you are ready to make sure the stable doors are closed, contact me directly at g.lindsey@cgnet.com or call 1.650.833.6020.
0 Comments