Many organisations are using Microsoft Azure and in many cases they are using the default setup of the Azure environment thus making it an easy target for cyber criminals. An Azure Cyber Security Review will assess your Azure environment against industry standard CIS Controls and a report will be provided highlighting what controls have passed and any remediation / recommendations necessary.
Today’s technology is rapidly adopting cloud technology to assist organisations in moving to a cloud-based or hybrid infrastructure to provide flexible, redundant and cost-effective computing on an enterprise level.
The main issues associated with this technology is its inherent availability and default configuration, which is often exploited by attackers as they can easily access and attack these services with little risk.
Wizard Cyber audits your Azure Network to identify misconfigurations, lack of best practices and secure configurations, allowing you to remediate the vulnerabilities before they are exploited.
Our Microsoft certified security professionals will conduct a comprehensive configuration and security review to identify any misconfigurations that may have occurred during the setup or if any significant changes have been made to the Azure Environment that has introduced a security issue.
We will benchmark your Azure environment against the CIS Microsoft Azure recommendations.
CIS benchmarks are configuration baselines and best practices for securely configuring a system developed by CIS, a nonprofit entity whose mission is to ”identify, develop, validate, promote, and sustain best practice solutions for cyber defence.”
Identity and Access Management
Key recommendations include:
- Multi-factor authentication
- No guest users
- Users cannot register applications
This section focuses on making sure key alert policies (e.g., ASC Default) are configured.
Key recommendations include:
- Enabling “secure transfer required”
- Setting default network access rule to “deny”
Key recommendations include:
- “Ensuring Auditing is set to On”
- “Audit Retention is set to greater than 90 days“
- “Threat Detection types“ is set to “all“
Logging and Monitoring
A quality logging configuration is imperative to any secure IT environment. This section includes configuration checks to ensure:
- Logging for Azure Keyvault is enabled
- Activity Log Retention is set to 365 days or greater
- Log Profiles exist
A secure networking configuration is vital in a cloud environment. Some examples of CIS recommendations in this section are:
- “Ensuring that RDP/SSH access is restricted from the Internet“
- “Network Security Group Flow log retention is set to greater than 90 days“
Key recommendations include ensuring:
- Disks are encrypted
- Only approved extensions are installed
For Azure AppService, there are many recommendations to ensure the latest versions of the software are used as well as authentication and redirects are securely configured.
Other Security Considerations
Other security considerations include:
- Verifying expiration dates are set for keys and secrets
- Ensuring resource locks are used where appropriate
An experienced cyber security consultant will perform a comprehensive audit of the cyber security measures implemented in the organisation. This audit will involve on-site visits and remote access where required. Interviews with senior managers may be conducted to adequately identify and validate the relationship between the people, process and technology controls being used. A comprehensive written audit report will be delivered which documents the status of each security measure and indicates the level of cyber risk in the context of the vulnerability, threat and potential impact. The report will identify actions and recommendations that can be taken to minimise cyber risks.
We have the widest range of network devices, operating Systems (OS), databases and applications in physical, virtual and cloud infrastructures.
We support non-credentialed, remote scans, credentialed, local scans for deeper, granular analysis and offline auditing.
450+ templates available to measure against for compliance and configuration. (e.g., FFIEC, HIPAA, NERC, PCI, more) and configuration (e.g., CERT, CIS, COBIT/ITIL, DISA STIGs) auditing.
What is a cyber security review?
A cyber security review is designed to assess the key aspects of your IT security-related infrastructure, processes and technical management capabilities, and balance these against the cyber threats that are most relevant to your business
What will you find in the cyber assessment?
The results always vary massively as all customers are unique and have different levels of current security in place. We find a typical SME will put all their focus and funding towards defensive measures such as firewalls and anti-virus but have little to no response capabilities.
What does the report contain?
The report will contain the results of both vulnerability scans, the results of our CIS control interview with your chosen IT to contact as well as an overview score of your current security posture. We will also give you advice on how to improve your security posture.
I am not a customer, can you help?
Our Cyber Security Review is available for all existing and new customers as a one-off service. We always recommended a Cyber Security Review to all potential customers as it gives you and us an understanding of your current security posture.
What does the Cyber Security Review include?
A CSR is made up of a few different elements but the 3 key areas is an ‘interview’ process which involves speaking with someone in IT. There is also two vulnerability scans that are performed (inside & external). We also would require access to a standard build machine. Part of the assessment is performed onsite as well as a portion will be completed from our office.
What happens after the report?
The report will be securely sent to you and a call with your account manager will happen shortly after to talk through the key elements and what the next steps are to start improving your cybersecurity posture.