InLigo’s Cybersecurity Framework includes Security Continuous Monitoring, providing reporting on the state of security of your environment. Our security guidelines and Microsoft 365 solutions help foster your cybersecurity posture.
Security Continuous Monitoring
Continuous audit entails ongoing monitoring with reporting on the state of security of your environment, based on any change from the state that you set with your security controls, including drift from security posture and threat detection. The tool should have the capability to deconstruct workloads, understand frameworks as they relate to identities and data, and automatically apply remediation and protection controls continuously. The solution should also provide robust reporting, communicating risk widely to security teams and auditors.
InLigo can help guild you through best practices in building out an information security continuous monitoring.
WHAT IS YOUR SECURITY SCORE?
Security Continuous Monitoring
The information system and assets are monitored at discreate intervals to identify cybersecurity events and verify the effectiveness of protective measures.
InLigo’s Discovery Questions
- How is your network being monitored?
- How often do you review data analytics of threats identified?
- Are there any policies you should modify?
- How do external users access resources at the company?
Microsoft 365 Solution
- Azure AD, Intune, Conditional Access
- Users/Groups: Who do you want to scope this policy to? Is there anyone you want to exclude?
- Applications: What applications does this policy apply to? Think of the apps that have the most sensitive data
- Devices: Are there certain device platforms you want apply this policy to? Do you not want to grant access on a device that isn’t enrolled into Intune?
- Locations: Is this user on my network?
Business Case
You do not have a periodic basis in which you review security trends in your tenant account. By reviewing the threat management dashboard on a monthly basis, you realize that you need more restrictive policies for phishing because there are users being continuously attacked.
Action Items
- Review the Threat Management Dashboard.
- Send reports of information such as email sent/received, malware prevented, sage links/sage attachments quarantined, impersonation attempts, and spoofed domains.