While Finchloom is a 100% Microsoft focused provider, we offer many different suites of services to meet our clients’ varying needs. In this week’s blog, I wanted to create a short rundown of some of the services that we offer, and where better to start than our security solutions. If you are interested in learning more about Microsoft’s security efforts, read our blog about Microsoft’s $5 Trillion Investment in cybersecurity over the next 5 years.
Microsoft is known for its attention to and focus on security, and knowing how to navigate Microsoft products is half of the battle when it comes to securing company data. As a Microsoft partner and provider, we know the ins and outs of every Microsoft software and service that we have to offer. Whether you need a standard Risk Assessment or an Advanced Threat Detection Assessment, we can help your business get a handle on its security.
There are 5 basic security service solutions that Finchloom offers, each of which can be catered to your businesses size, industry, and location. A company with 25 retail employees in Hawaii will have different security standards than one with 10 finance employees working from the east coast. The basic categories of Finchloom Assessments are as follows:
- Risk and Vulnerability Assessment
- Microsoft Solution Implementation
- Active Directory Security Assessment
- Red Team Assessment
- Advanced Threat Detection Assessment
Risk and Vulnerability Assessment
Understanding organizational threats, risks, and vulnerabilities is critical for any business to succeed. Not only do companies need to understand these threats, but they also need to know what to do about them.
Questions like ‘Are we at risk? Are we prepared for a cyber-security attack?’ and ‘Are we investing in the right technology to combat threats?’ are all great starting points, and we can help you learn and acquire the answers. Finchloom’s standards-based assessment provides immediately relevant, tangible answers to the questions you are already asking, and provides a clear path of next steps.
Through our Risk and Vulnerability Assessment, our team of security experts work with your company to:
- Educate you on active cybersecurity threats that are relevant to your organization
- Conduct a thorough top-to-bottom review of your environment to identify vulnerabilities that could be exploited by those threats
- Compile a list of vulnerabilities along with recommended remediations
- Create a prioritized and actionable strategic road map of tasks and initiatives to mitigate identified risks
Risk and Vulnerability assessments are designed for businesses who are looking to protect their environments before they are compromised.
Microsoft Solution Implementation
Microsoft solutions generally come with a suite of security services right out of the box, but they might not be turned on or configured properly. Businesses may already own the best-in-class security tools as part of their Microsoft licensing, and we can help make the most out of your investment by implementing and operationalizing the tools the company already owns.
We can assist in the implementation of virtually any security tool in Microsoft’s arsenal, including but not limited to:
- Azure AD
- Azure MFA
- Intune MDM
- Windows 10 endpoint hardening
- Microsoft Identity Manager
- Azure ATP
- Cloud App Security
- Azure Security Center
- Advanced Threat Analytics (ATA)
- Local Admin Password Solution (LAPS)
- O365 and AD monitoring with Splunk
If a business already owns a suite of licenses from Microsoft, chances are they already have the ability to utilize several, if not all of the above security tools.
Active Directory Security Assessment
Active Directory is often the weakest link in an organization’s security, and henceforth, a great target for malicious actors. A compromise of Active Directory generally means a compromise of ALL systems, regardless of segmentation and/or isolation.
Within our Active Directory Assessment, our security professionals will:
- Educate you on the techniques that modern adversaries use to move laterally and escalate privilege in Active Directory environments
- Review and audit your companies Active Directory environment to map out the attack paths that a real-world adversary would use and then work with the company to shut down those attack paths
- Provide your business with a report containing actionable recommendations to help prevent and detect attempts to compromise your Active Directory environment, including recommendations for AD/endpoint hardening settings and recommended prevention and detection tools
Companies need to ensure that the key to the kingdom (in this case Active Directory) is protected from any external threats that it may face; an Active Directory Security Assessment is a great start.
Red Team Assessment
Simulated techniques, tactics, and procedures (TTPs) of real-world advanced adversaries motivate businesses to make the changes necessary to improve security. Questions like ‘What would an actual attack look like on our environment? What are our weak points from the perspective of an attacker?’ and ‘How can we get management and IT staff to get serious about our defenses?’ can send a message to decision makers to institute security changes.
A Red Team Assessment simulates the above features using any non-disruptive means necessary to accomplish a jointly agreed upon set of objectives. It works like this:
- Starting with external reconnaissance, Finchloom will gain a foothold in the organization, place our backdoors, move laterally, and escalate privilege until our objectives are met
- Upon completion of objectives, we provide a summary of the attack for executives, a technical step-by-step narrative, and review tactical and strategic recommendations with the business
Businesses can see first-hand how exposed they are, and if their employees are equipped to handle live threats as they come in.
Advanced Threat Detection Assessment
Businesses need to detect threats before they become an issue. The Advanced Threat Detection assessment is all about setting the bar in regard to threats, and measuring progress around detection. Can you detect attacker activity in your environment, and can you measure your detection efforts?
Many organizations lack structure and direction in their detection efforts. Our team works with companies to measure the status and progress of in-house or outsourced detection capabilities by:
- Performing unit testing of 100+ attacker techniques from the MITRE ATT&CK Framework
- Building a heat map that shows level of visibility into different techniques
- Determining what additional data sources are needed (Sysmon, WEF, osquery, EDR, etc)
- Implementing a standard assessment procedure to measure future progress against
Knowledge of threats before they rear their heads is critical for any business with even a slight focus on security.
All in all, we at Finchloom have every base covered in terms of not only security, but the training behind a security-oriented culture as well. If your business is interested in one or more of our security services and/or solutions (like PhishPrevent), please fill out the form found here and let us know how we can help! I plan to dive a little deeper into the topic of security as we move forward with the blog, and I am thrilled to work for a company that is both secure, and knowledgeable on the processes and practices of Microsoft’s security efforts.