| title | description | ms.author | author | manager | ms.topic | ms.service | ms.date |
|---|---|---|---|---|---|---|---|
Security initiatives in Microsoft Security Exposure Management |
Catalog of security Initiatives in Microsoft Security Exposure Management. |
dlanger |
dlanger |
rayne-wiselman |
reference |
exposure-management |
11/12/2024 |
This is a catalog of security initiatives in Microsoft Security Exposure Management. Each initiative is designed to help you manage and improve the security posture of your organization.
Business email compromise (BEC) financial fraud is a social engineering attack that aims to steal money or sensitive information. The attacker tricks the target into believing they're interacting with a trusted entity to conduct either personal or professional business. After deceiving the target, the attacker persuades them to share valuable information or process a payment.
The CIS Microsoft 365 Foundations Benchmark (v3.0.0) is a set of security assessments developed by the Center for Internet Security (CIS). It provides prescriptive guidance for establishing a secure baseline configuration for Microsoft 365. The benchmark includes configuration baselines and best practices for securely configuring a system. The benchmark is internationally recognized as a security standard for defending IT systems and data against cyber attacks. This initiative contains a subset of security assessments recommended by the CIS
This initiative aims to reflect the status around cloud security coverage, ROI, health, configuration, and performance. It consists of measurements across multiple domains and disciplines to provide security managers with a high-level view into how posture is enforced in cloud ops.
Critical asset protection refers to the strategies, processes, and technologies implemented to safeguard an organization's most valuable and important assets from various threats and risks. It involves identifying, prioritizing, and applying targeted security measures to ensure the resilience and integrity of these critical assets.
Monitor the coverage and configuration of physical and virtual workstations, servers, and mobile phones.
IoT devices are often connected to endpoints, to one another or to the internet, which means they're potential targets for cyber attacks. It's imperative for businesses to monitor the security of their IoT devices, including their spread, configuration, connectivity, exposure, and behavior. This initiative provides overall visibility into the risk introduced by IoT devices in the enterprise and the resilience the organization has to mitigate it.
Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall. Attack Surface Insights are generated by leveraging vulnerability and infrastructure data to showcase the key areas of concern for your organization. This initiative requires no license and is complementary.
Identity security is the practice of protecting the digital identities of individuals and organizations. This includes protecting passwords, usernames, and other credentials that can be used to access sensitive data or systems. Identity security is essential for protecting against a wide range of cyber threats, including phishing, malware, and data breaches. By taking proactive steps, organizations can help to protect their digital identities and sensitive data from cyber threats.
Monitors and safeguards Operational Technology (OT) environments within the organization by employing network layer monitoring. This initiative identifies devices across physical sites, pinpoints their risks, and ensures comprehensive protection and security management of OT systems.
Ransomware attacks have become increasingly common in recent years, and they can have a devastating impact on organizations. Organizations can and should be proactive in managing a good security posture against ransomware. One of the first steps is to ensure that recommended controls are in place and are utilized and configured properly, hence reducing the risk of a successful ransomware attack making way into corporate networks and assets.
This initiative focuses on displaying the current state of SaaS (software as a service) security coverage, health, configuration, and performance. It consists of metrics across multiple domains and disciplines to provide security managers with a high-level view into their SaaS security posture management. To make the most of this Initiative, activate application connectors for the following: Microsoft 365, Salesforce, ServiceNow, GitHub, Okta, Citrix ShareFile, DocuSign, Dropbox, Google Workspace, NetDocuments, Workplace (preview), Zendesk, Zoom (preview), Atlassian. Learn more on connectors enablement: https://aka.ms/AAs4lmg
This initiative serves as a central hub for security managers to continuously assess and analyze vulnerabilities and misconfigurations across the organization's digital landscape. In the Vulnerability Assessment initiative users can actively identify, prioritize, track, and delegate vulnerabilities with in the IT infrastructure and the cloud. Users gain real-time visibility into the security posture of their organization, enabling data-driven decision-making for resource investment and placement. This collaborative environment ensures a holistic approach to vulnerability management, empowering stakeholders to proactively strengthen their security defenses, reduce the attack surface, and enhance overall resilience against evolving cyber threats.
Zero Trust is a security strategy that follows three principles, verify explicitly, use least privilege access, and assume breach. This initiative follows Microsoft's Zero Trust adoption framework to help you identify next steps in your Zero Trust strategy. You can learn more about the Zero Trust adoption framework here.