Prepare your company for security challenges with Microsoft Enterprise Mobility + Security (EMS)
As companies strive to stay up-to-date in a world where cloud and mobility are prioritized , security and compliance take a vitally important position.
Therefore, at the same time that mobile work becomes an integral part of the business, employees' devices and applications become the first line of defense against a large number of increasingly advanced threats. In fact, these malicious attacks are an unaffordable risk for companies both for security and legal issues , since, in addition to the serious problems associated with the leakage of confidential data, after the arrival of the GDPR, companies are faced with numerous economic sanctions and to the inherent penalty on the part of its customers and the market .
To address these security challenges, Microsoft offers Enterprise Mobility + Security (hereinafter EMS), an identity-based security platform, designed to help companies manage and protect their devices, applications and corporate data.
EMS is composed of 4 protection areas that will help you continue with the digital transformation of your organization, in a secure way:
Identity and access management
With the increasing popularity of applications in the cloud, social networks and web portals, that we use in our day to day accessing with different credentials (user) but often, reusing the same password (avoiding having to remember so many). This way of acting of users in their Personal life carries a huge risk. Why? From the outset, the number of (known) leaks of data from users of large social networks and consumer services in the last 12 months are very high ("Google Plus", "Facebook", "Movistar", "IESE", "Adidas" , "Job Talent", "Ticketmaster", "myHeritage", among many others), so thesecurity threatfor companies it is enormous since cybercriminals, once they have a personal username and password, easily find out where that person works and then try with the same password to access the sensitive information of the companies where they work, being right in many cases. In parallel, the cybercriminals also use the massive campaigns of sending false emails asking our users (to their corporate or personal email), to enter any site to be able to steal a password. And every time they do it better.
To avoid the risk that this entails, it is necessary to protect the identity of our corporate users and for this EMS includes Azure Active Directory Premium (AAD Premium) , which helps guarantee access to applications and data only to people who really are who they say they are .
In addition, it offers us the ability to apply more intelligent restrictions through three key features:
" Conditional access ": Before, companies could only ask for things like: "That users can only access from within the company!", But now ... they can ask us: "What users can access from outside the company? company, but establishing conditions as needed "(only from authorized corporate or personal devices, only from known locations, forcing to use multi-factor and / or preventing extraction of information, among other requirements). By making a simile, you can think of the conditional access of Azure AD as the security doorman of a building , as it welcomes the good neighbors while challenging others to confirm their identity and deny entry to the completely unknown, or .. Maybe I'll let them pass, telling us to go up and accompanying him.
" Identity protection ": Criminals try almost 100 million fraudulent login sessions per day and we should know if any impact us. To do this, the "Identity Protection" reports offer us intelligence to detect and inform IT of suspicious session initiations, such as those that would imply making a trip to a strange place to date or impossible for the time between a login and another (detecting the intrusion by the probability that they may actually be different people) or locating user passwords for sale over the internet. In addition, next to the " Conditional access ", it offers us the power to allow users to connect as long as there is no risk in their session (for example, if they did it from a computer with a virus or malware) or only by letting them connect your password is changed when the system knows that it has been stolen. Making a simile, this benefit would be like a lookout that observes and provides relevant information about what is happening in the environment, so that it can act accordingly.
" Management of privileged identities ": That an account is compromised is always a possibility and the best way to reduce the risk is to assume that there has been a gap or that there will be. But, if a compromised account of a user is a problem, if it has administrative privileges the situation becomes catastrophic , so it is critical to minimize the possibility that a compromised account ends up having administrative permissions without control. This tool precisely offers us to ensure that we have the minimum number of administrative users, being able to offer administrative permits on time, when required, only temporarily and even automatically (under certain circumstances). Making a simile, it would be like when a smart card is delivered to enter the hotel Spa, but once our stay is over, the card stops working.
Summary of features:
If you wish, see all the details of Azure Active Directory Premium
Protection of information
Although we are able to ensure that the person accessing our data is who they say they are and also that they do it from a secure device, the risk continues because the user can share a document with someone outside who may not be as well protected (or potentially may make an inappropriate use of the information provided).
To do this, EMS includes Azure Information Protection , a Microsoft cloud service that allows companies to protect their confidential data by encryption (whether they are local or in the cloud), ensuring that even if the document leaves the organization to an environment that does not Sure, only authorized users can access it. In addition, we can define the actions that can be carried out by authorized persons and continue to have the document (and its copies), always under our control, wherever it is, even though we do not physically have access to it.
Summary of features:
See all the details of Azure Information Protection
EMS offers visibility into everything that happens with our data in the cloud (wherever they are), threat detection and attack prevention through the solutions: Microsoft Cloud App Security , Advanced Threat Analytics (ATA) and Azure Advanced Threat Protection ( Azure ATP).
Microsoft Cloud App Security (MCAS)
What happens if an employee, correctly identified and authenticated, does something wrong with your data? It's more ... What would happen if that employee is no longer loyal or acts under duress? or .. What happens if your computer is not properly protected and a malware is reading data in your name? This is where Cloud App Security would intervene.
Microsoft Cloud App Security includes:
Microsoft Cloud App Security is, following the similes, as the bodyguard that always accompanies a person so that it does not do or suffer any harm.
Check here all the details of Microsoft Cloud App Security
Advanced Threat Analytics and Azure Advanced Threat Protection
All the lines of defense described in this article provide very effective protection for your organization. However, users' behavior (for example, falling into a phishing attack or reusing passwords on unsafe websites), potential vulnerabilities in VPNs and server infrastructure (especially domain controllers - with their local active directory) and others Creative attacks by cybercriminals provide alternative ways for them to enter the "kitchen".
The attackers, in those cases, move quickly ... and once they obtain the credentials of any user , (often through VPN's vulnerable or without authentication protected by means of multi-factor), they manage to assign themselves administrator privileges (with the help of log files, memory resident data, unencrypted files and other mechanisms), and ... we already have them inside, without being able to do anything (and for a time exceeding 140 days, on average, until they are discovered). Moreover, because many companies still have local infrastructure, unfortunately, when it comes to attacks on-premise, "network barriers / firewalls" that companies have to keep theoretically safe, actually prevent and for technical reasons, that smart cloud products (such as AAD Identity Protection, Conditional Access for Azure AD and Cloud App Security) can be used to help keep data physically hosted in your organization safe.
Your on-premise infrastructure represents the greatest risk, so having a quick response to these intrusions is the best strategy. Fortunately, Advanced Threat Analytics (ATA) and the cloud version, Azure Advanced Threat Protection (Azure ATP), allow companies to quickly detect an attempt to penetrate an on-premise infrastructure analyzing advanced attacks, mainly on our controllers Of domain. The difference between both products is that ATA (included in EMS E3) needs to be installed in local infrastructure requiring server and storage relevant to many data, while Azure ATP (included in EMS E5), stores data and operates entirely from the cloud, without need for local infrastructure.
ATA and Azure ATP offer among other features:
In the end, ATA / Azure ATP is like the guard hidden in our house, able to alert us quickly if an attacker has broken any security barrier.
If you want to know more, you can check here the details of Azure Advanced Threat Protection
Protection in mobility
Although we are sure that an identity has not been compromised and that the person who accesses our data is who they say they are, there is always the possibility that a user may download information on an insecure device (without encryption and / or without pin) or worse Still, already committed.
For example, if a user is synchronizing corporate mail on his personal phone and he does not have a PIN, anyone who picks up that phone will have full access to the company's mailbox. Or, if the user has downloaded a document with very sensitive content (contracts, payroll excel, ..) on their personal device and the laptop (or phone) is lost or stolen, those documents will fall into the wrong hands. Moreover, many devices are currently used as a security validation factor, so having them unprotected and with malware that is able to intercept the user's credentials each time they connect to a service is a great threat.
For all these reasons, as one of the points of access to corporate resources is through devices of both the company and employees (mobile phones, tablets or laptops), the management of such devices to ensure compliance with certain parameters ( as they have pin, are encrypted or have no viruses or malware), maintain control in case of loss or theft along with the ability to decide which applications can be used from them (and how and from where), is an essential part of the company's security strategy to prevent information leaks. All this is what EMS offers us within Microsoft Intune .
Microsoft Intune includes among other features:
By another analogy, you can think that Intune guarantees the integrity of our briefcase and its lock , which helps to protect the security of what is inside.
See here more details of Microsoft Intune
How is EMS licensed?
This product has two versions:
- EMS E3: Includes Azure Active Directory Premium P1, Intune, Azure Information Protection P1, Advanced Threat Analytics and rights for Windows Server CAL.
- EMS E5: Includes Azure Active Directory Premium P2, Intune, Azure Information Protection P2, Microsoft Cloud App Security, Azure Advanced Threat Protection and rights for Windows Server CAL.
Also, EMS is included in the following suites:
- MICROSOFT 365 E3: Includes EMS E3, Office 365 E3 and Windows 10 E3.
- MICROSOFT 365 E5: Includes EMS E5, Office 365 E5 and Windows 10 E5.
The crude truth is that the speed and sophistication of attacks is increasing and together with the risks derived from human errors (in passwords or sharing information), it provides the enemy with multiple ways to access our data. Yes, the enemy is out there or ... maybe already inside, so, our recommendation is to follow a strategy that assumes that we have a gap and think that no defense will be enough.
Do you want to know more about Enterprise Mobility + Security? Contact us!
Yes, I want to know more!