Ignite 2019 – Thoughts and Announcements Part 2

Industry views

Part 2 from Ignite 2019, Microsoft’s Worldwide Tech conference in Florida November 2019

Compliance Score

The new Microsoft compliance score is designed to help organisations understand what their compliance posture is in an easy to use user-friendly way. Scored against your choice of frameworks (GDPR, ISO27001 or NIST for example) you are presented with your current compliance level, and clear next steps to improve your position.

Much like the existing secure score the hard work has been done for you, helping you to get started by understanding where you are right now, which often the hardest part of any compliance project.

Ignite App

Microsoft is of course quick to point out they are not certifying you as compliant against these standards, but providing you a method to track and record progress, something that will prove very helpful if you need to be audited against these frameworks in future.

There really is no reason to not have a look at your score and check for any quick wins and go from there.  If you want some assistance in understanding how to improve your security and compliance posture we would love to speak to you.

Microsoft Sentinel

Sentinel is the new security information & event manager (SIEM) from Microsoft.  Designed as a cost effective monitoring and alerting system for companies of all sizes it has the potential to become a leader in the SIEM market very quickly. 

Very sensibly Microsoft has enabled the importing and storage of logs from Office 365 for free, enabling businesses of all sizes to get started.  Importing data from other systems, and retaining your data for over 30 days, will incur charges

The challenge with Sentinel lies in what to do with all this data you collect, and it is important to spend the time to plan what alerts you want to see, and more importantly how you deal with them. 

SMB companies don’t have the resources to have a dedicated team monitoring alerts and ensuring visibility of key alerts, and removing false positives is essential to gain value from the product.  It is still early days but there is already a whole community creating templates for dealing with alerts with options from automatically creating a ticket in your support system, to starting an automated workflow that contacts a user, and asks if the action was actually them and closes the ticket if its legitimate.

If you want to start understanding what is happening within your systems, the associated risks, and how to deal with them then please contact us.