Secure Score (part 2)

By Ashwin Venugopal -

 




To read part 1, please click here 




Secure Score Dashboard

The secure score tool can analyze an organization's Microsoft 365 security according to the security settings across the tenant, assigns a score that can be easily tracked on time, and is designed to help an organization to create a prioritize as well as an actionable roadmap to mitigate its security risks. Global administrators can easily access Microsoft secure Score, which displays the dashboard tab at first which offers a quick view into an organization's security posture.

Overview Tab

Microsoft's improvement actions are organized into groups in order to help you with the information you require instantly:
  • Identity (Azure AD accounts & roles)
  • Data (Microsoft Information Protection)
  • Device (no improvement actions for now)
  • App (email and cloud apps, including Office 365 and Microsoft Cloud App Security)
  • Infrastructure (no improvement actions for now)
The overview page shows how to split points between these groups and what points are available, along with the entire view of the total score, historical trend of your score with benchmark comparisons, and prioritized improvement actions in order to improve your scores.

Improvement Actions Tab

This tab can list the security recommendations that can address possible attack surfaces, including their status (completed, uncompleted, resolved through third party, and ignored), along with the capability of searching, filtering as well as grouping all the improvement actions. 

History Tab

Here, you can easily view a graph of your organization's score over time containing a list of all the actions that can be taken in the selected time range and their attributes, like resulting points and category, while also customizing a data range as well as filter by category. 

Secure Score API

It's fully integrated into the Microsoft Graph which helps you to customize organization's score wherever you want it to be seen for aligning a dashboard to view all pertinent information. Some of the benefits of collecting Secure Score data through Microsoft Graph are:
  1. Monitor and report on your Secure Score in downstream reporting tools.
  2. Track your security configuration baseline.
  3. Integrate the data into compliance or cybersecurity insurance applications.
  4. Integrate Secure Score data into your Security Incident & Event Management (SIEM) or Cloud Access Security Broker (CASB) solutions to drive a hybrid or multi-cloud framework for security analytics.

After successfully setting up the Security Score API, you can PowerShell scripts to retrieve the necessary data from Secure Score.

Improve Your Security Posture

After using Secure Score tool to know the exact condition of your organization's security posture and identify the risks within your organization, you have to analyze your findings as well as plan to improve to your condition while considering the potential for risk, the difficulty of implementing proposed solutions, the time frames for implementation, and the impact to your rating according to each Microsoft 365 Secure Score action. 

Note: Planning and implementation must include all the key stakeholders in your organization, along with the Chief Information Security Officer (CISO), the IT security manager as well as the administrators who manages AD, Exchange, networking, and whatnot. 

Success Criteria

Each and every organization have different success criteria like, some of them want to hit the maximum target score, while the others just want to be somewhere in the middle, some may prefer to address only their top five items, while the others only focus on the items that needs the least amount of effort, etc. But, there are sill some common approaches that most of the companies starts to design their own security upgrade plan, for example:

  1. Enabling multi-factor authentication on all admin accounts.
  2. Designating more than one Global Admin.
  3. Enabling auditing across workloads.
  4. Enabling mailbox auditing.
  5. Having a weekly review of sign-ins after multiple failures.
  6. Having a weekly review of sign-ins from an unknown sources.
  7. Having a weekly review of sign-ins from multiple geographies.

Note: It's recommended to appoint a sponsor in order to help facilitate meetings, remove roadblocks, and make sure that the teams remains on track.

Although Secure Score tool helps you to identify potential risks as well as mitigate them, changes will always occur over time that might affect your your organization's state of security along with the addition of new administrators and users, new regulations, and new services as well as features across Microsoft 365. Hence regular running of Secure Score every 6 months or so offers you the much needed insight to mitigate any risks related with those changes.











To read part 1, please click here 



























Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different groups of computers, re
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning of alert rule parameter
Read more

Design Planning (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Complex Organizational Structures SIEM can be an expensive security control, hence, it is common multiple businesses to contribute to the overall expense. Various organizational units may require a level of access to specific dashboards or sets of data. Microsoft Sentinel offers the ability to assign table-level permissions and limit the level of access to the minimum required to perform requisite job functions.  Role-based Access Control (RBAC) Requirements Microsoft Sentinel offers an extensive list of Azure built-in roles that can be used to provide granular access according to the job requirements and permitted level of access. Some of them are various Microsoft Sentinel dedicated roles: Microsoft Sentinel Contributor- Can perform all engineering-related configuration, such as creating alert rules, configuring data connectors, and additional similar tasks.  Microsoft Sentinel Reader- Can query the log data stor
Read more