What is the Cyber Security Assessment Tool?

The Cyber Security Assessment Tool examines your entire company network and your Microsoft 365 and Azure environment for possible vulnerabilities.

Among other things, the tool assesses device patch management to see if Windows is configured securely. We check administrative permissions and external users in Microsoft 365, Teams and shared documents in SharePoint. In this way, the assessment shows exactly where your security has weak spots.

The Cyber Security Assessment Tool delivers a clear action plan to improve the cyber security of your organization, exactly where it is needed. This includes clear technological and procedural measures, so that you can get started right away.

Key Benefits

	Speed: unlike some tools, CSAT has been designed to be fast, it is easy to deploy, and quick to extract results.
	Visibility: Providing a single and rationalised view of all vulnerabilities across all of your Microsoft estates, which includes the context of system impact and business risk.
	Action: Creates an immediate action plan for improvement, with business context priority to ensure you know what to do and when to deliver the most efficient risk reduction.

 

Why do you need a CSAT

Can you readily answer the question: “How secure is my Microsoft Environment?”

Breaking this question down a little further, do you know, at this moment, what your weaknesses are in relation to these threats within your MS estate:

• Ransomware,
• DDoS attacks,
• Phishing emails,
• Data loss (malicious or accidental)

It is important to check how good your cyber security is. You preferably do this periodically, because these types of cyber-attacks and malware continue to develop. Moreover, one wrong mouse click can have major consequences, which are not always immediately visible. A regime of ongoing assessment is a strategy to prevent an attack and a data breach.

What’s the difference between CSAT and Securescore?

Securescore is Microsoft’s own inbuilt security posture measurement service, with the key differences vs CSAT being:

1. CSAT includes a business impact context rating to improve priority management. Knowing what to address first, second, third... gives the best risk reduction path. This can only be achieved if the analysis incorporates the context and importance of the organisation’s information assets.
   
   
2. Securescore is list of all functions and features that are not enabled, while CSAT provides this along with best-practice benchmarks. Simply enabling every function and feature within MS is akin to using a sledgehammer to crack an egg. Instead, adopting a granular and purposeful approach, which incorporates best and accepted practice, delivers the best result.

Cyber Security Assessment Tool Explainer Video

 

Is this the same as a Penetration Test?

No, a Penetration Test cannot ethically attack and attempt to exploit MS O365 as Microsoft won’t allow this and they are the hosts of the systems. Although it’s your data, it’s only MS who can approve a pen-test and they do not support Customer pen-tests. Hence you need a tool that can examine what’s enabled, what’s missing and contrast with best practice and what is right for your business risk appetite.