With some many new security programs in the industry popping up every day, it can be difficult to know what matters and what is hype. Also, so many businesses are moving to Office 365 which introduces an entirely new set of security threats. So, we decided to write a simple Q&A blog to address the most common questions being asked daily. We hope this will help you sift through the sea of security uncertainty.
What fundamental building blocks should an advanced, multi-layer security program provide?
Working with a managed security team, like Blue Fox Group provides the advantage of an advanced security team that has the proper certifications, is always a step ahead of the latest security threat and monitors, predicts, prevents, detects and responds to threats around the clock.
For many businesses hiring and retaining seasoned security staff is expensive and possibly not a viable option. The cost of a managed security provider is often half of what it would cost to hire an in-house security expert and comes with a team of security experts, known as a SOC (Security Operations Center) that is working to keep your data safe 24/7.
What areas of security does Blue Fox Security Defender addresses?
The Blue Fox Security Defender Program addresses four major areas of security defense in your business. They are the following:
- PREDICT: Using global and community threat intelligence, we anticipate new attack types to proactively prioritize and address security exposure. This intelligence is then used to feed back into the preventive and detective capabilities, thus closing the loop on the entire process.
- PREVENT: The goal here is to raise the bar for attackers by reducing attack surface areas and blocking them. The Security Defender team looks at how things are configured as compared against how the vendor or regulatory bodies recommend, they should be configured. Additionally, we then prioritize what is scanned, monitored and remediated to ensure we are always focused on the most important parts of your business.
- DETECT: Detection capabilities are critical because every business has been targeted, probably multiple times. Using normal patterns to pinpoint unusual behavior and isolating that behavior to prevent lateral movement within your network - that could compromise your system – is the foundation of detection. We look for attacks that have evaded the preventive category and seek to reduce the dwell time of threats. Thus, the potential damage they can cause.
If you were attacked or have been attacked in this past, we would respond. This is the process of investigating and remediating issues discovered by detective activities, forensic analysis, and root cause analysis that will help us recommend the new preventive measure to avoid future incidents. Working with your team, we ask ourselves these types of questions:
- How did the hacker gain a foothold?
- Was an unknown or unpatched vulnerability exploited?
- What file or executable contained the attack?
- How many systems were impacted?
- What specifically was exfiltrated? And using this information, we create solutions and processes to make sure it does not happen again.
If I am using Office 365, what should we monitor?
Great question and one that is often an afterthought of the cloud era. Microsoft has invested millions of dollars in the security of Office 365, but like every cloud product, there are areas of vulnerability, that if not monitored, are just that, vulnerable to attack. Many security programs only focus on the network. They ignore line of business applications and devices and only addresses these items when the attack is introduced through one of these items. But not us at Blue Fox Defender.
The Security Defender Program applies the same Predict - Prevent – Detect – Respond methodology to Office 365. Security Defender will prioritize and assign meaning to incoming data, allowing users to make sense of high-volume log messages related to alerts, reports, and dashboards. Administrators can easily audit compliance with organizational policies to proactively identify security risks, unused licenses, and analyze how Office 365 services are being used over the long term. Security Defender will also retrieve and analyze generated logs to identify spammers, trace messages, as well as monitor license usage, user behavior, administrative activity, and mailbox activity.
The benefit to the organization is 3-fold:
- Gain insight and analytics into how people in the organization are using Office 365 services
- Identify security risks and cost savings
- Maintain visibility of changes in your environment
Does Event Tracker monitor activity on my device also?
Sure does! Security Defender monitors and tracks activity across all devices, wherever your staff may go. In a world of blended personal and business device usage, security is a must across the board.
What are the steps to getting started with a security program like Blue Fox Security Defender?
It’s as simple as starting a conversation. Your business needs, your business goals and the security of your system is unique to you. We ask a lot of questions and propose a security solution that fits what you need to protect and what you want to accomplish. Let us know how we can help.