Consulting with a Conscience™

A cruciallogics blog

Written by Amol Joshi
on June 01, 2021

When the Covid-19 crisis is “moved the world toward increased technological innovation and online collaboration,” according to the U.N, “cybercrime also rose with a 600% increase in malicious emails.” In a recent Statista survey of global online fraud examiners, 60% predicted a significant increase in cybercrime. Now, more than ever before, companies need to test their IT security.

 

A penetration test (pentest) is an authorized hack of your IT systems, designed to mimic a cyberattack in a controlled environment. It is usually conducted once a year to evaluate the security of your IT infrastructure, identify vulnerabilities in your systems and find solutions to resolve identified risks. Often, companies rely on an annual pentest as their sole method of assessing the integrity of their IT infrastructure.

 

The problem with a pentest is that you’re only getting a snapshot of the gaps in your perimeter security and not a complete evaluation of your security architecture. Pentests look for known and unknown vulnerabilities in your IT systems and assess if they could cause potential harm to your IT infrastructure. They don’t always point out security gaps that arise from misconfiguration or lack of configuration.

 

Some of the security issues that a pentest will not uncover include: 

  • Improperly configured Microsoft 365 authentication rules
  • Lack of alerting on your sign-in logs and permissions settings
  • Already compromised user and rogue forwarding rules 
  • Misaligned attachment scanning protocols and spam filters
  • Improperly set up MFA (Multi-Factor Authentication) 
  • Unsecure PIM (Privilege Identity Management) and self-service password settings
  • Incorrect Active Synch, POP3, and IMAP settings 
  • Disabled anti-spam and anti-phishing policies in EOP (Exchange Online Protection) or exception rules that may introduce new vulnerabilities 
  • Misconfigured DKIM (Domain Key Identified Mail) protocols  
  • Unmonitored credential phishing activities  
  • Improperly set up conditional access protocols 
  • Unsecure email forwarding protocols, including automatically forwarding incoming emails using keywords, and email forwarding rules set to permit the forwarding of personal emails

 

This is not an exhaustive list, and it is far from a complete IT systems evaluation. At CrucialLogics, we can help you improve your IT security infrastructure and extend the functionality of your annual pentest with a comprehensive Microsoft 365 assessment, including:

 

  • Microsoft 365 Configuration Assessment

CrucialLogics can evaluate the efficiency of your security controls used in the configuration and deployment of your Azure and Microsoft 365 configurations, authenticate the default settings and identify improvement opportunities. We can also assess how your overall IT infrastructure and user bases align with your IT security architecture and best practices.

 

  • Microsoft 365 Security Design and Compliance Assessment

We can assess your security architecture and design with your Microsoft 365 and Azure platforms to identify opportunities for improvement. Advanced system configurations, company processes, and user accountability will be addressed following best practices to meet company policy and regulatory compliance requirements, including NIST 800-53, ISO 27001, GDPR, and HIPPA. Read more about managing your compliance in our recent blog here.

 

  • Cloud Security Assessment

CrucialLogics can collaborate with you to assess your cloud security protocols, including identity protection, data integrity, access control, threat management, and governance. Based on the assessment results, we will design a cloud security solution that can be integrated across diverse cloud technologies and platforms, including AWS, Azure, and Google.

 

  • Microsoft 365 Remediation

Using Defender for Microsoft 365, we can identify suspicious or malicious files on a user’s endpoint device, including credential phishing viruses, and take remedial action. Our team of experts will then combine the results of all the assessments undertaken to compile a detailed report and work with you to develop an appropriate remediation plan. 

 

If you are looking for a complete IT security evaluation, including a comprehensive overview of your current Microsoft 365 security environment and insight into your IT protocols and tools, we can help. We also perform security updates on OneDrive, SharePoint, Exchange, and Azure Active Directory platforms. 

 

Companies like yours turn to us to improve their security posture in line with best practices. Let us conduct a comprehensive Microsoft 365 assessment. We will give you a complete picture of the status of your IT infrastructure security and a safety measures roadmap for the future. Reach out to our team today.

You may also like:

Security Data Security Cloud Security

A Guide to Cloud Security Monitoring & Benefits (+best practices)

Modern technologies bring solutions, but sometimes they come with pain points that, if ignored, lead to failure. Compani...

Security Migration

Cloud Migration Security Risks (+ Checklist & Strategy)

As more companies migrate their operations to the cloud, cyber security becomes an increasingly prevalent concern.

Security Data Security Cybercrime

The Importance of Penetration Testing and 6 Reasons Why It Should Be Outsourced

Cybercrime cost the global economy $6 trillion in 2021, up from $3 trillion in 2015. This dramatic increase in cybercrim...