MDS - Cybersecurity Assessment

MDS Cybersecurity Assessment Overview

The MDS Cybersecurity Assessment is designed to help organizations discover vulnerabilities in their cloud and on-premises environments. This comprehensive assessment covers two common threat scenarios: human-operated ransomware and data security risks from company insiders. By using specialized engagement tools, the assessment identifies and prioritizes vulnerabilities, providing detailed recommendations to improve the organization's cybersecurity posture.

Highlights • Human-operated Ransomware: This type of ransomware results from active attacks by cybercriminals who infiltrate an organization's IT infrastructure, elevate their privileges, and deploy ransomware to critical data. • Data Security Risks: The assessment also addresses data security risks from company insiders, which can lead to data breaches and other security incidents.

Benefits

After completing the Cybersecurity Assessment, customers will:

• Better understand, prioritize, and address cybersecurity vulnerabilities, improving their defenses against human-operated ransomware. • Gain insights into data security vulnerabilities and minimize risks from company insiders. • Have a clear set of next steps based on the assessment findings and their specific needs and objectives.

What We'll Do During the Engagement/Assessment

During the engagement, we will:

• Analyze the customer's environment and current cybersecurity maturity level based on the CIS Critical Security Controls. • Define the scope and deploy Microsoft Defender Vulnerability Management and Insider Risk Analytics in the customer's production environment. • Perform a vulnerability assessment and assist with prioritizing vulnerabilities and misconfigurations. • Conduct a data security assessment to discover and evaluate sensitive information and potential insider risks. • Plan next steps to improve the customer's cyber and data security posture and discuss future engagements.

Assessment Setup

• Engagement Setup and Scope Definition Meeting

• Define and finalize the engagement scope and required configuration settings for the engagement tools. • Change Management
• If needed, MDS will assist the customer with any required change management processes and approvals for the configuration changes as per defined scope. • General Configuration
• Configuration of the customer’s Microsoft 365 production tenant including setting up trial licenses, configuration of tenant and included Microsoft Defender XDR security products. • Microsoft Defender Vulnerability Management Configuration
• Configuration of Microsoft Defender Vulnerability Management in the customer’s production tenant including the configuration of a machine to be used to scan for vulnerabilities on-premises, if needed. • Insider Risk Analytics Configuration
• Configuration of Microsoft Purview Risk Management products in the customer’s production tenant.

Why Should Customers Request This Assessment

Customers should request this assessment to:

• Gain visibility into vulnerabilities within their Microsoft 365 cloud and on-premises environments. • Understand and address data security risks from company insiders. • Receive tailored recommendations to enhance their cybersecurity defenses and minimize risks.

Who Should Participate in This Assessment (Stakeholders)

Key stakeholders who should participate in this assessment include:

• IT and security teams responsible for managing and securing the organization's IT infrastructure, such as IT Security Architects, IT Security Administrators, IT Security Operations (SecOps) and alike. • Compliance and risk management teams to ensure alignment with regulatory requirements and internal policies. • Senior management and decision-makers to understand the strategic implications of the assessment findings and support necessary changes, i.e. CISO, CIO, CSO, CRO.

Pricing, Terms and Conditions: • Terms, conditions, and pricing can be customized to each engagement to best suite the specific needs of your organization. Contact us for more information!

Other • This engagement is also available in Spanish.