Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SPS Baltimore 2017 - Office 365 Security Hardening with cFocus Software

135 views

Published on

Are you using Office 365’s default security configuration? Doing so unnecessarily increases your Office 365 attack surface. In this session, you will learn cFocus Software’s methodology to ‘hack proof’ Office 365. You will also learn about tools you can use to help protect your Office 365 environment, and walk away with a practical Office 365 security implementation checklist.

Published in: Internet
  • Login to see the comments

  • Be the first to like this

SPS Baltimore 2017 - Office 365 Security Hardening with cFocus Software

  1. 1. Office 365 Advanced Security Hardening with cFocus Software May 20, 2017
  2. 2. Welcome! Here’s the Agenda: • Introduction • The Best Way to Protect Your Data • WannaCry & Office 365 • Office 365 Security Overview & Configuration Recommendations • Q&A Office365AdvancedSecurityHardeningwithcFocusSoftware
  3. 3. Hi! My name is Jasson Walker, Jr. • President of cFocus Software Incorporated • I have a few certifications:  Microsoft Certified Solutions Expert (MCSE) – Cloud Platform  Microsoft Certified Professional - SharePoint  Certified Information Systems Security Professional (CISSP)  Certified Ethical Hacker (CEH)  Certified Penetration Tester (CPT) Office365AdvancedSecurityHardeningwithcFocusSoftware
  4. 4. cFocus Software Incorporated specializes in: • Microsoft Cloud Consulting Services  Office 365  SharePoint Online  Microsoft Azure • Risk Management Framework compliance Check out our blog at https://cfocussoftware.com/blog/ Office365AdvancedSecurityHardeningwithcFocusSoftware
  5. 5. Question: What’s the best way to protect your data? Office365AdvancedSecurityHardeningwithcFocusSoftware
  6. 6. Answer: Shut everything off! Office365AdvancedSecurityHardeningwithcFocusSoftware
  7. 7. Question: What’s the second best way to protect your data? Office365AdvancedSecurityHardeningwithcFocusSoftware
  8. 8. 3-Part Answer: #1: User Education #2: Defense in Breadth (not Depth) #3: Continuous Monitoring Office365AdvancedSecurityHardeningwithcFocusSoftware
  9. 9. Let’s apply these principles to mitigate WannaCry • What is WannaCry?  Ransomware, infected 230,000+ computers in 130 countries  Encrypts hard disk, demands $300 in Bitcoin  Virtually all unpatched Windows OSs are vulnerable  Microsoft released a patch for it (MS17-010)  Threat disabled on 5/15/2017, but can always resurface  Go to cFocus blog for more info: http://bit.ly/2qCkRhl Office365AdvancedSecurityHardeningwithcFocusSoftware
  10. 10. #1: User Education mitigates human vulnerabilities  Educate yourself first!  Educate user community about threats like WannaCry  User Quarterly security refresher courses  Anti-phishing simulators (SecurityIQ by InfoSec Institute which is free): https://securityiq.infosecinstitute.com  91% of cyberattacks start with a phishing email Office365AdvancedSecurityHardeningwithcFocusSoftware
  11. 11. #2: Defense In Breadth mitigates product vulnerabilities  Secure Score  Security & Compliance Center  Data Loss Prevention  Threat Management  Reporting  Advanced Security Management  Advanced Threat Protection Office365AdvancedSecurityHardeningwithcFocusSoftware
  12. 12. #3: Continuous Monitoring shortens the attack time…  Secure Score  Security & Compliance reporting  Data Loss Prevention  Threat Intelligence Because at some point, you will be attacked!  Office365AdvancedSecurityHardeningwithcFocusSoftware
  13. 13. The default Office 365 configuration is not enough. Therefore, you must configure it yourself. Office365AdvancedSecurityHardeningwithcFocusSoftware
  14. 14. OK, so here are some config. recommendations: • Secure Score  Weekly performance of activities to increase Secure Score is highly recommended  Multi-factor authentication for global/non-global admins is a must!  Recommended weekly report checks also a must  Increase the target score slider to include a few more defense in breadth activities Office365AdvancedSecurityHardeningwithcFocusSoftware
  15. 15. OK, so here are some config. recommendations: • DKIM/DMARC/SPF  Ensure that all three are enabled for the default domain not the onmicrosoft.com domain  Also, check Spoof mail report weekly (requires E5 or Advanced Threat Protection SKU) Office365AdvancedSecurityHardeningwithcFocusSoftware
  16. 16. OK, so here are some config. recommendations: • Exchange Online  Weekly checks on all mailboxes with last login date (PowerShell script)  Enable common attachments type filter & notifications for protectionmalware  Verify list of allowed/blocked IPs under protectionconnection filter  Verify block/allow list in spam filter policy Office365AdvancedSecurityHardeningwithcFocusSoftware
  17. 17. OK, so here are some config. recommendations: • Threat Management (requires E5)  Check the dashboard and individual reports weekly Office365AdvancedSecurityHardeningwithcFocusSoftware
  18. 18. OK, so here are some config. recommendations: • Advanced Security Management  Set up policies for anomaly detection, admin activity from a non-admin IP, & mass downloads by a single user  Verify App permissions  Check Activity Log Office365AdvancedSecurityHardeningwithcFocusSoftware
  19. 19. OK, so here are some config. recommendations: • Data Loss Prevention  At minimum, set up a DLP policy for mitigating access to documents that have Personally Identifiable Information (PII) Office365AdvancedSecurityHardeningwithcFocusSoftware
  20. 20. OK, so here are some config. recommendations: • SharePoint Online  Always use groups!  Produce document that lists all SharePoint users and permissions assigned to each user Office365AdvancedSecurityHardeningwithcFocusSoftware
  21. 21. Thank you! • Any Questions? Office365AdvancedSecurityHardeningwithcFocusSoftware

×