SMB – Azured
=
Book a call with us
Access Management in the cloud, backed up by Gartner.?

Microsoft has been named a Leader in Gartner’s Magic Quadrant for Access Management, 2020.

Partnering with best-in-breed tech innovators like Microsoft means that when they’re recognised for doing all the cool things we know and love them for, we feel it’s only right that we celebrate, too. Probably not in quite the same way…but by gosh are we there in spirit. This is the fourth time Microsoft have taken home the accolade. And for folk like us who keep our ears to the ground and our noses in the air, it came as no surprise.

Getting the Gartner seal of approval says a lot. As the world’s leading research and advisory company, Gartner provide valuable insights to enable teams to make the right decisions and stay ahead of the curve. So it really is a big deal.

Identity and access management solutions in the cloud

And for this regal recognition as a Leader in Gartner’s Magic Quadrant for Access Management, we have to thank the almighty Azure Active Directory – or Azure AD, as it’s affectionately known in the biz. It’s a complete identity and access management solution with integrated security. And it’s big…connecting a whopping 425 million people to their apps, devices and data, every month.

When configured and deployed correctly, great things can happen:

But it’s not just Azure AD that has helped Microsoft earn their stripes. Technologies like CASB, endpoint management and threat detection are all up there, keeping their adrenals pumped, their eyebrows furrowed and their chests puffed…ready to leap in to action as soon as they’re needed.

You’ve got it. But have you got IT right?

According to CrowdStrike’s Cyber Front Lines Report, of the organisations with antivirus solutions, 30% had them either incorrectly configured with weak prevention settings or they hadn’t been fully deployed.  

So it goes to say that of course, you can have all the security bells and whistles in the Microsoft armoury. But, if they’re not properly configured or deployed (say, things were set up quickly in the midst of a global pandemic, for example), business processes won’t be quite as easy – and they definitely won’t be as secure. But in our world, everything is fixable…with the help of your IT team, anyway.

The National Cyber Security Centre recommends the following:

  1. Develop appropriate identity and access management policies and processes.
  2. Consider using multi-factor authentication for all user accounts.
  3. Use MFA and other mitigations for privileged accounts.
  4. Implement security monitoring to detect potential malicious behaviour.
Want to know more about improving your cloud security?

If you’d like to find out more about how we can help support your IT team to deliver secure cloud-based access and information protection solutions, book a quick call with us.

Interested but not quite ready to talk? Sign up for updates using our super-simple form.

Why cybersecurity is our only hope for the digital age.?

Eyes often glaze over at the very mention of cybercrime. Seriously, try it next time you’re having a round of crazy golf. But it’s really important. And when the world’s most common password is 123456, it’s easy to see that information and knowledge sharing key to survival in this fast-paced digital world.

When we talk about exposure to cyberattacks, there are three primary types of attack to consider:

Identity based attacks

Phishing and spear-phishing

Phishing is where an attacker takes on the role of a trusted identity and tricks employees into opening emails, texts or instant messages. With spear-phishing, as the name suggests, things are a bit more serious. An attacker will use unique information, specific to the user, to construct a more plausible phishing attack. These are notably harder to spot.

Secure your business against phishing attacks:

• Protect against spam malware and other email threats with Exchange Online Protection.
• Co-ordinate detection, prevention, investigation and response across endpoints, identities and email with Microsoft 365 Defender.
• Protect against phishing or malware websites and applications with Microsoft Defender SmartScreen.

Password spray

In a scenario like this, attackers will try a large list of possible passwords for a given account (or set of accounts). It’s doubtful that anyone reading this will find themselves in this camp but research by CyberNews, which looked at 15.2 billion passwords, has revealed the five most common passwords of 2021…and the results are staggering:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345

Solutions to help secure your business against password attacks:

• Discover leaked credentials and detect password spray attacks with Azure AD Identity Protection.
• Enforce minimum requirement, dynamically ban common passwords and force resets for leaked passwords with Azure AD Password Protection.
• Look out for malicious actors that gain access by guessing your password or using brute-force method using Azure AD Smart Lockout.

Device based attacks

Device-based attacks occur when malware is installed on your device in the form of viruses, spyware, ransomware or other unwanted software that’s installed without your knowledge or consent. Of course, if a device is lost or stolen, a whole new set of challenges arise. If you’re only responsible for one or two devices, nothing seems that tricky. But with an estate running in to the hundreds (or more), the impact of device-based attacks is huge.

Cloud solutions to protect your business against device based attacks:

• Prevent, detect, investigate and respond to advanced threats with Microsoft 365 Defender for Endpoint, with full visibility, protection, and detection across a wide variety of platforms, including macOS, Android, and iOS.
• Define trusted websites, cloud resources and internal networks with Microsoft Defender Application Guard, helping to protect devices from advanced attacks by opening untrusted websites in an isolated Microsoft Edge browsing window.
• If a device is lost or stolen, Microsoft InTune mobile device management (MDM) enforces password and/or pin requirements – and wipes the device completely after a specific number of failed attempts.

Network based attacks

Network based attacks are carried out using vulnerabilities within the network or application and include:

Secure your business against network based attacks:

If you’d like to understand what you can do to help protect your business from cybercriminals, book a quick discovery call with us.

Interested but not quite ready to talk? Sign up for updates using our super-simple form.