Part 1 – Microsoft Secure Score
56 Security Actions You Can Take Today to Improve Your Security Posture
Microsoft has been investing substantially in security and compliance since 2004, and today that investment protects all Microsoft products, but none more so than Office 365 and Azure.
One shining culmination of that investment is Microsoft Secure Score, integrated into your Microsoft 365 security center. If your organization has yet to discover your own points-based “secure score” from Microsoft, now is the time to click on over to the security center and grab your cybersecurity by the horns.
Today’s Cybersecurity Landscape: Assume Breach
Increasing cybersecurity risks are undeniable, and government-sponsored hackers, such as Advanced Persistent Threat (APT) teams, are gaining access to even the most secure environments in the world.
So, assuming an organization will experience a security breach is the new security model, and therefore the new goal in security is to prepare ahead of time to respond to that almost-guaranteed breach. Many parts of this puzzle are solved with simple changes that, when implemented effectively, stop even the most persistent threats from gaining a foothold in your domain.
But how can your organization identify what changes are needed?
Enter your Microsoft Secure Score.
Prepping for Breach with Microsoft Secure Score
Microsoft Secure Score helps your organization identify simple changes to help you move to safer ground and then keep safe over time. With Secure Score, you get a single glass-pane overview of your Office 365 tenant with an outline of quick and effective recommendations and actions you can implement to make cybercriminals’ jobs harder and your job easier.
Microsoft Secure Score takes the various areas of Office 365 and groups them, assigning points for various security-related actions available for you to implement. These actions are grouped into 6 areas:
- Identity (Azure AD status and scoring)
- Data (Office 365 document protection status and scoring)
- Devices (user device security status and scoring)
- Apps (email and cloud app security status and scoring)
- Infrastructure (Azure resources security status and scoring)
- Microsoft Defender ATP (malware and exploit status and scoring)
One Security Solution to Replace Them All
Historically, cybersecurity solutions have required a patchwork of products, each with its own interface, reporting structure, and capabilities. Limitations of one solution were shored up by another and so on, either to the point of budget exhaustion or misplaced feelings of having achieved a secure solution while in reality, gaping security holes were still present. And on top of that patchwork of products, teams of personnel would attempt to manage the flood of alerts from different portals, trying to bring meaningful action items to light. The process has been very manual and very error prone.
Microsoft Secure Score drastically improves that old model by addressing the all-encompassing cybersecurity question:
“What is your current organizational security posture, ranked, scored and compared to your industry peers?”
Answering that question has traditionally required weeks of data gathering, analysis, and reporting / document preparation to arrive at a conclusion. Then the conclusion was usually outdated by the time it reached the hands of decision-makers, and then decisions were impacted by personal biases of the people doing the work. For example, “We could never be attacked by vector X, because of Y” is a type of bias that will cause someone to overlook new and sophisticated ways that cybercriminals can gain dominance over your environment.
Microsoft Secure Score Beats the Clock & Biases
In today’s cybersecurity landscape, time-lag to reporting and lack of a holistic near real-time picture can be the live-or-die difference when under attack. Microsoft Secure Score solves that problem by offering timely feedback on your current posture and outlining recommendations to implement, ranked by effectiveness, to increase your “secure score”.
Add to this the option to use Microsoft Graph API to access your Secure Score data and run scripts and export data not available via the portal, and you have a complete solution to bring security insights into the 56 places Microsoft has identified to help all organizations stay safe and protected in today’s cybersecurity landscape.