Microsoft Security Framework Services
Microsoft have earnt an ambivalent reputation in relation to information security and trusted computing generally. Whilst they have either directly or indirectly been involved in some of the most severe vulnerabilities exposed in recent decades, they have also perhaps done more than any other technology vendor to provide assurance in computing. In some scenarios they both invented the problem and the solution, whilst in other areas they alone define what secure computing should be.
One thing is certain though, it is very difficult to find an enterprise that does not rely heavily in some way on Microsoft technology to pursue their mission. This is why Data Engines have defined a specialised services program targeted at helping customers better understand Microsoft security and better leverage what the vendor has made available to IT administrators to operate a secure and trusted computing environment.
The Microsoft Security Framework Services (MSFS) program is a structured consulting offering that takes customers through a cycle of analysis, design and deployment of key Microsoft security technologies relevant to that organisation’s needs. Data Engines consultants aim to help customers utilise Microsoft tools and services to meet common (and not so common) security and risk mitigation objectives. For example, it’s possible to address some of ASD’s Top 35 mitigations including all of the Top 4 and some of the Essential Eight or the SANS Critical Controls with Microsoft tools.
Some of the Microsoft technologies in scope include:
- Active Directory and Azure Active Directory Premium
- The System Center product family
- Microsoft Security Baseline Assessment
- Advanced Threat Analytics
- Windows controls like; AppLocker, BitLocker, Defender, EMET
- Office and Office365 DLP
- IIS and ForeFront
We can help organisations leverage Microsoft’s extensive security toolkit to achieve real world security outcomes and risk mitigations. Many organisations will already own or have access to these products under existing licensing arrangements. Therefore the service is focused not on cross selling the latest security ‘silver bullet’, rather on implementing demonstrably effective security controls with ongoing management and reporting capabilities.