Share :
Ecosystem security offer
Our SecOp MIC offer secures Microsoft :
- Standardize, secure and monitor Active Directory directories ;
- Standardize, secure and monitor Microsoft 365 suite components such as the Azure AD directory, Exchange Online, OneDrive, SharePoint Online, Teams and Yamme ;
- Classify and protect data hosted in Microsoft ;
- Detect and block intrusion or data exfiltration attempts;
- Automate the reconstruction of an information system following a computer attack.
Standardizing and securing Active Directory directories
Active Directory directories are a prime target for attackers. Becoming administrator of an Active Directory domain enables an attacker to become administrator of all the workstations and servers in this domain – typically 90% of a company’s machines. This is a fantastic opportunity for an attacker to take control of the entire information system.
To guard against this, Synetis offers an Active Directory security model. The latter automatically deploys a Tiering model (customizable to the specific needs of each company and organization), new administration accounts and centralized security settings (GPOs).
Among other things, security GPOs can be used to automatically change the password of the local administrator account by deploying Microsoft LAPS.disable old or dangerous protocols (DIGEST, LM, NTLM V1, LMHASH, LLMNR, NBT-NS, SMB V1, etc.), prevent a Tier 0 administrator from logging on to a non-Tier 0 machine, and manage the administrator status of a workstation or server by adding AD user accounts to groups.
The application of security GPOs is filtered according to group membership. They can therefore be applied very gradually to production machines.
The security model is deployed via a PowerShell script (Open Source), and its operation can be customized by editing configuration files.
Synetis offers its customers a 4-step approach to securing an AD directory.
- Validate the correct operation and security level of the Active Directory. Synetis relies on tools developed in-house and solutions from its partners Crowdstrike, PingCastle, SentinelOne, Tenable and Varonis ;
- Define a customized action plan based on the company's or organization's issues, to improve the security level of the Active Directory;
- Adapt the Active Directory security model to the needs of the customer ;
- Gradually roll out the security model by adding users or machines to groups.
Standardize and secure Microsoft 365 suite components such as the Azure AD directory
Exchange Online, OneDrive, SharePoint Online, Teams and Yammer
Becoming a general administrator of the Azure Active Directory enables an attacker to access all Microsoft 365 data – such as Exchange Online mailboxes or files hosted in OneDrive, SharePoint Online or Teams. This includes data encrypted and protected with Microsoft Pureview Information Protection (formerly Azure Information Protection).
To combat this threat, Synetis offers a Microsoft 365 security model. The latter lets you deploy a fine-grained administration delegation policy to secure the Azure AD directory, and activate numerous optional security settings in the Microsoft 365 suite (advanced configuration of Exchange Online Protection antispam, activation of MFA on standard accounts, configuration of Microsoft Defender antivirus, etc.).
Synetis also takes care of securing Exchange On-Premise infrastructures – the target of numerous attacks in recent years (with, for example, the ProxyLogon vulnerabilities).
Classify and protect data hosted in Microsoft environments
To effectively classify and protect sensitive data hosted on Microsoft 365, Synetis offers its customers tools such as Microsoft Purview Information (Ex Azure Information Protection), Varonis Cloud or Varonis DSP.
This type of solution prevents an attacker from exfiltrating company data. Every file protected by these solutions is encrypted and has an access control mechanism. An administrator can then, for example, remotely revoke access to a protected file, even if it is hosted on a machine outside the corporate network.
Detect and block intrusion or data exfiltration attempts
To block or detect intrusion or data exfiltration attempts in Microsoft environments, Synetis works with two types of solutions:
- Connecting to malicious URLs ;
- Unusual behavior of a user account or machine (login time, unusual action);
- Unusual file access or modification (modification of a large amount of data).
Automate the reconstruction of an information system following a computer attack
After a cyber-attack, the average recovery time for IT services is between 3 and 7 weeks. Our information system rebuild offer enables you to reduce this time by :
Our Infrastructure-as-Code solutions, which automate the creation of the attacked company's servers and network equipment in a public cloud solution - such as Microsoft Azure ;
Our tools forautomating Active Directory and Microsoft 365 Tenantsetup .
