Security Assessment

  • 5 minutes to read

Overview

Azure has several offerings to facilitate security assessment & situational awareness including Azure Security Center, Azure Sentinel, Azure Blueprints and the Microsoft Graph Security API.

  • Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
  • Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.
  • Microsoft Graph Security API simplifies integration with Microsoft and third-party security solutions. Using one endpoint, one software development kit (SDK), one schema, and one authentication mechanism, customers and partners can easily build integrated security applications, workflows and analytics.

Assess Security Controls

The Microsoft Security & Compliance Center assists in streamlining the process of meeting regulatory compliance requirements by leveraging the compliance dashboard.

The Security Center continuously provides insights into your compliance posture based on continuous assessments of your tenant & environment.

Monitors have assisted the Nimbus Logic team in creating the best possible configuration profiles and policies for your tenant to maintain the lowest possible risk factors available. Scheduled and on-demand reports will allow you to see your current status any time.

Monitor Security Controls

The configuration policies and profiles that Nimbus Logic has implemented based on the Microsoft best practices for NIST 800-171 R2 are designed to keep you and your devices compliant. Any modifications or deviations from our baseline are closely tracked, tested, logged & implemented with a detailed modification trail in place. This will ensure that your tenant and endpoints remain compliant, and fully documented.

Leverage Scanning Tools

  • Defender for Endpoint is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response. With the implementation of Compliance as a Service from Nimbus Logic, your endpoints are all protected and continuously scanned for threats - which if/when found trigger alerts, implement blocks, or remediate the issue(s) based on the situation.
  • Microsoft Defender Vulnerability Management enhances the Defender services by delivering continuous asset visibility, intelligent risk-based assessments, and built-in remediation tools to help your security and IT teams prioritize and address critical vulnerabilities and misconfigurations across your organization. The appropriate groups (generally NIST - Compliance Alerts, NIST - Endpoint Administrators, NIST - User Administrator) will be notified based on the categorization and severity of a triggered event.
  • Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools. Email & collaborate with confidence as DLP & sensitivity labels constantly scan your shared files for inappropriate distribution and/or malware.
  • Your users are licensed with Defender for Identity and Azure Active Directory (Azure AD) Identity Protection. These services use your on-premises Active Directory Domain Services (if applicable) to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure AD Identity Protection automates the detection and remediation of identity-based risks in your cloud-based Azure AD.
  • Microsoft Defender for Cloud Apps is a comprehensive cross-SaaS solution bringing deep scans, visibility, strong data controls, and enhanced threat protection to your cloud apps.

Penetration Testing

  • Penetration testing will be done on an annual basis, and will follow the MS Penetration Rules of Engagement. The Microsoft Cloud Services will be tested, and is defined as:
    • Azure Active Directory
    • Microsoft Azure
    • Microsoft Intune
    • Microsoft Dynamics 365
    • Microsoft Power Platform
    • Microsoft Account
    • Office 365
    • Azure DevOps (when applicable, non GCCH)
  • Any issues or security flaws that cannot be addressed by policy or configuration modifications, and that are related to MS Cloud or other services will be reported to the Microsoft Security Response Center (MSRC).
  • Nimbus Logic will provide your company with penetration testing results / reports at the completion and remediation of any issues.

Ingest Cyber Threat Data

Azure Sentinel is enabled and configured on your tenant to import any threat indicators that have been triggered. This helps to enhance Nimbus Logic’s ability to detect and prioritize threats, while maintaining a healthy audit trail for compliance purposes.
Multiple features of Azure Sentinel have been employed on your tenant, including:

  • Analytics are a set of rule templates that are enabled to generate alerts and incidents automatically based on matches of log events from pre-established threat indicators. These indicators span across your tenant and services to bring the most crucial data to one place for easy monitoring and notifications.
  • Workbooks provide us with summarized information about the indicators that have been imported into Sentinel, along with any alerts that may be generated from other analytics rules.
  • Hunting queries are an invaluable tool that let investigators use the threat indicators in hunting scenarios. This is crucial in the diagnosis and remediation of threats.
  • Notebooks are configured to use the threat indicators that are pre-configured by Nimbus Logic, and coupled with MS best practices when investigating anomalies, and other not previously identified threats.

Conduct Threat Hunting

In the event of an incident, or even a one-off anomaly, Nimbus Logic will leverage threat hunting to identify any active or potential issues. A general overview of hunting queries is available here: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries

Share Threat Data

Any incidents that have been detected will have an automated email notice sent to the compliance alerts distribution listing, and dependending on severity, will have a ticket opened automatically with Nimbus Logic Government support.