{"id":89338,"date":"2019-04-29T09:00:13","date_gmt":"2019-04-29T16:00:13","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89338"},"modified":"2023-05-15T23:11:41","modified_gmt":"2023-05-16T06:11:41","slug":"understand-improve-security-posture-microsoft-365","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/04\/29\/understand-improve-security-posture-microsoft-365\/","title":{"rendered":"Understand and improve your security posture with Microsoft 365"},"content":{"rendered":"

I kickstarted 2019 with a \u201cdry,\u201d keto January. And, as so often happens, I found a parallel between my personal life and my chosen industry, cybersecurity. In this case, it was measurement. How do you know if you\u2019re healthy? There are clear indicators when you\u2019re not healthy, such as a sore throat or a fever, but what about after the cold goes away? Many of us are lucky to feel<\/em> healthy most of the time, but how do we know if there\u2019s something lurking that hasn\u2019t yet made its presence known?<\/p>\n

One solution is to measure proxies. For example, if you can\u2019t fit into that<\/em> pair of jeans in December, you might feel compelled to engage in a cleansing diet in January (these things can happen on a quest for the perfect macaron). Fitbit never says, \u201cGood job, you officially eliminated heart attacks from your life.\u201d But it does show you when your average activity level has decreased. We measure things that research has shown are correlated with better health outcomes.<\/p>\n

The same is true in cybersecurity. Experience provides guidance about which practices will reduce the odds of a security incident, and there are tools that can measure how effectively those practices have been implemented.<\/p>\n

The fourth e-book in this series, Understand & improve your security posture<\/a>, delves into the tools available in Microsoft 365<\/a> to measure and improve enterprise security. It also shows how security professionals can use the data to instill confidence in executive teams and boards of directors, who worry about cybersecurity but may not understand all the issues. Told through the lens of Evan, a (fictitious) Chief Information Security Officer (CISO), the e-book illustrates how he uses Microsoft 365 to evaluate his company\u2019s security posture and improve protection against emerging threats.<\/p>\n

Understand your current security posture<\/h3>\n

Back to measurement: before you can improve your security posture, you need to measure it. Secure Score<\/a> gives you a score based on how you\u2019ve implemented Microsoft 365 (or third-party) products. You can compare your company score to the average, or you can benchmark yourself against your industry or companies of similar size.<\/p>\n

Protect against emerging threats<\/h3>\n

Another advantage of the Microsoft 365 suite is access to threat analytics in Microsoft Defender Advanced Threat Protection<\/a>. It provides analysis of the current and emerging threats, and it also recommends actions you can take to protect yourself. You\u2019ll learn how you can use the suite of advanced threat protection products available with Microsoft 365 Enterprise E5<\/a> to evaluate and mitigate current threats to the network.<\/p>\n

Demonstrate impact to your board of directors<\/h3>\n

The job of a CISO is often as much about educating the board and other executives as it is about securing the enterprise. Your board of directors needs to take a wide angle on risk management, so it\u2019s important to be able to demonstrate how cybersecurity complements other priorities. The score modeler in Secure Score shows specific actions you can take to improve your security, the level of effort of those actions, and how they will impact users. This data can help you make appropriate budget requests, and it helps your board understand the larger business context.<\/p>\n

Learn more<\/h3>\n

Learn more on how to start measuring your progress by downloading the first four e-books in our series:<\/p>\n