Share:
Ecosystem security offer
- Standardize, secure and monitor Active Directory ;
- Standardize, secure and monitor Microsoft 365 suite components such as Azure AD directory, Exchange Online, OneDrive, SharePoint Online, Teams and Yamme ;
- Classify and protect data hosted in Microsoft ;
- Detect and block intrusion or data exfiltration attempts;
- Automate the reconstruction of an information system following a computer attack.
Standardize and secure Active Directory
Active Directory directories are a prime target for attackers. Becoming an administrator of an Active Directory domain allows an attacker to become an administrator of all the workstations and servers in that domain - typically 90% of the machines in an enterprise. This is a great opportunity for an attacker to take control of the entire information system.
To prevent this, Synetis offers an Active Directory security model. This model allows the automatic deployment of a Tiering model (customizable according to the specific needs of each company and organization), new administration accounts and centralized security parameters (GPO).
The security GPOs allow, among other things, to automatically change the local administrator account password via Microsoft LAPS deployment, to disable old or dangerous protocols (DIGEST, LM, NTLM V1, LMHASH, LLMNR, NBT-NS, SMB V1, etc.), to prevent a Tier 0 administrator from logging on to a non-Tier 0 machine and to manage the administrator status of a workstation or server via the addition of AD user accounts in groups.
The application of security GPOs is filtered according to group membership. It is therefore possible to apply them very gradually on production machines.
The security model is deployed via a PowerShell script (Open Source) and its operation can be customized by editing configuration files.
Synetis offers its customers a 4-step approach to secure an AD directory.
- Validate the proper functioning and security level of the Active Directory. Synetis relies on tools developed in-house and solutions from its partners Crowdstrike, PingCastle, SentinelOne, Tenable and Varonis;
- Define a customized action plan according to the company or organization's issues to improve the security level of the Active Directory;
- Tailor the Active Directory security model to the needs of its client;
- Deploy the security model progressively by adding users or machines to groups.
Standardize and secure the components of the Microsoft 365 suite such as the Azure AD directory
Becoming a general administrator of the Azure Active Directory allows an attacker to access all Microsoft 365 data - such as Exchange Online mailboxes or files hosted in OneDrive, SharePoint Online or even Teams. This includes data encrypted and protected with Microsoft Pureview Information Protection (formerly Azure Information Protection).
To fight against this threat, Synetis offers a Microsoft 365 security model. This model allows you to deploy a fine-grained administration delegation policy to secure the Azure AD directory and to activate many optional security parameters of the Microsoft 365 suite (advanced configuration of Exchange Online Protection antispam, activation of MFA on standard accounts, configuration of Microsoft Defender antivirus, etc.).
Synetis also takes care of securing Exchange On-Premise infrastructures - the target of numerous attacks in recent years (with, for example, the ProxyLogon flaws).
Classify and protect data hosted in Microsoft environments
To effectively classify and protect sensitive data hosted on Microsoft 365, Synetis offers its customers tools such as Microsoft Purview Information (formerly Azure Information Protection), Varonis Cloud or Varonis DSP.
This type of solution prevents an attacker from exfiltrating the company's data. Indeed, each file - protected by these solutions - is encrypted and has an access control mechanism. An administrator can then, for example, remotely revoke access to a protected file even if it is hosted on a machine outside the company's network.
Detect and block intrusion or data exfiltration attempts
- Connecting to malicious URLs;
- Unusual behavior of a user account or machine (login time, unusual action);
- Unusual access or modification of files (modification of a large amount of data).
Automate the reconstruction of an information system following a computer attack
After a cyber attack, the average time to restore IT services is 3 to 7 weeks. Our information system reconstruction offer allows to reduce this delay through :
Our Infrastructure-as-Code solutions that automate the creation of the attacked company's servers and network equipment in a public cloud solution - such as Microsoft Azure ;
Our tools toautomate the configuration of an Active Directory and a Microsoft 365 Tenant.
