How to enhance your security posture?

Cyberwarfare is unfortunately commonplace in the current economic and political climate, and as such many of our customers have been reaching out to get confirmation on our security posture. In light of the topic, we wanted to share with all our readers what we shared with our customers. Education, vigilance, detection and protection will be the key attributes to protecting your organisations from this evolving threat.

Before we discuss how to enhance your security posture, let’s go back one step.

What is an enhanced security posture?

An enhanced cyber security posture includes reviewing and enhancing detection, mitigation and response measures.¹

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The knowledge base can help your business perform threat modelling to evaluate your organisation’s risk profile and areas that may need further examination.

What Macquarie Cloud services can be leveraged to enhance our cyber security posture?

Our ISO-27001 audited controls and systems ensure security is at the forefront of our minds. To stay vigilant, Macquarie Cloud Services perform threat modelling to ensure our internal IT systems, devices, management tools and environments are secure. We review our risks and establish internal remediation plans to ensure all the correct controls are in place and followed.

Beyond our zero-trust approach to environment security, Macquarie Cloud Services have developed the following products and services that can help you reduce your risk profile.

Managed Security Services.

24 x 7 SOC & SIEM.

Macquarie Cloud Services offer a 24×7 SOC/SIEM managed service based on Azure Sentinel that utilises advanced analytics to enable rapid detection and response to security incidents, in real-time, across your hybrid IT estate.

Our services include detection and alerting for security incidents such as unauthorised attempts to access systems and data, lateral movement, privilege escalation, insider threat, phishing, malware, DDoS or password/credential attacks. This is backed up by a dedicated team of Security Analysts who hunt for suspicious or unusual activity across your data. We also have a comprehensive reporting capability covering the MITRE ATT&CK framework, security alerts, threat intelligence, compliance, user and entity behaviour, Windows and Linux events, privileged account activity, incident overviews, network events, Office 365, Azure activity and Azure Active Directory audit logs.

Additional benefits of the Macquarie Managed Security Services include:

• New detection rules developed by Macquarie for our customers responding to events such as the recent Log4j vulnerability
• The incorporation of new threat intelligence from 3^rd party providers
• Daily hunting activities across customer environments looking for suspicious behaviour

Reach out to your nominated account team if you are present without a SOC/SIEM to instantly improve your security awareness and posture.

Launch ® Private Cloud.

Managed Firewall.

The managed firewall as part of our Launch® environments provides defence for you and your applications. The IPS engine detects intrusions by using attack signatures for known intrusion methods and detects anomalies in network traffic to identify new or unknown intrusions.

• For customers that already have IPS enabled for their Managed Firewall service, MCS can assist in setting up the IPS rule on a Fortigate policy.
• For customers that don’t have IPS enabled yet, please reach out to your nominated account team to request the IPS service.

In addition to IPS, you should regularly review your firewall logs and restrict or limit the outbound access of affected web application hosts to the Internet. The following features are available and you should reach out to your nominated account team for access to these services.

• Fortiguard Web filtering for subscribed customers
• FQDN-based/IPDB filtering

Host Security.

Our Trend Micro Server Anti-Virus product provides both real-time and on-demand protection against file-based threats, including Malware, Viruses, Trojans and spyware.

Our Trend Micro Host Security solution also has IPS rule match conditions for deviations, policy violations, or content that signals an attack. The agent handles it as a possible or confirmed attack and performs the configured action and notification. This enables automated prevention (HIPS) or detection (HIDS) against known but unpatched vulnerabilities by virtually patching (shielding) them from an unlimited number of exploits.

The Host Security product range is also available to customers leveraging Microsoft Azure.

• For customers that already have Trend Micro, reach out to us should you need help enabling IPS rules and setting the mode to protect.
• For customers not yet subscribed to the service, please reach out to your nominated account team to request the IPS module for the relevant vulnerable servers.

Hybrid Data Protection.

Our Hybrid Data Protection solutions including NAS Ransomware Defender and Data Vault are the last line of defence solutions providing a comprehensive data protection against malicious cyber activity like Ransomware.

Data Vault is a solution that bolts onto our Offsite Backup Target (OBT). A hot backup of data is always available on hot storage, and business-critical data (deemed by you) is stored in an air-gapped and immutable vault for retrieval in the case of a security incident or emergency.

NAS Ransomware Defender is a solution available to some private cloud customers that provide rapid recovery enabling an RTO of < 2 hours at petabyte scale to get unstructured data back online. An auto airgap is implemented for your data in a 3rd availability zone.

Managed Disaster Recovery, powered by Zerto, allows customers to quickly recover entire sites and applications to a state seconds before an attack, with always-on replication and dynamic journaling technology. Automated, instant, non-disruptive testing de-risks the failover and failback process, which works across public and private cloud targets.

Azure Public Cloud.

Our management plane.

Macquarie Cloud Service’s management plane for managing customer infrastructure is also audited under ISO-27001. Internally we ensure we:

• Adopt the Secure Application Model Framework
• Audit activity logs regularly for anomalous activity and high severity security issues
• Remove delegated administrative privileges (DAP) connection when not in use
• Review, audit, and minimise access privileges and delegated permissions
• Enforce multi-factor authentication (MFA) and conditional access policies for all relevant staff
• Enforce Just-in-Time access
• Enforce least privileges and RBAC

Azure Managed defaults.

Under Azure Managed, customers have access to Macquarie’s Azure security baseline:

• Multi-factor Authentication (enabled by default)
• Conditional Access Policies
• Long-term storage of logs for auditing and review of dormant actors
• Center for Internet Security (CIS) benchmarking and alerting against common misconfigurations to reduce the risk of security breaches, reputation damage and data loss
• Azure Defender for VMs enabling the detection of interactions with suspicious intent
• Detection and Prevention with Defender for Cloud for security posture management and workload protection including your servers, SQL instances, Azure Defender for Resource Manager and more
• Enable Privileged Identity Management for all privileged roles, especially Global Admin and User Access Administrator (raise an Azure Service Request should this be of interest)

Additional Azure products.

In addition, organisations leveraging Azure should evaluate the use of the following services to reduce the risk and impact of a cyber event:

• Network
  • ExpressRoute, S2S, VWAN or Private Link services for the establishment of private connections between data centres (Azure and/or on-prem)
  • Azure Firewall Premium for perimeter security with IDPS Alert & Deny mode and TLS inspection enabled
  • Application Gateway with Web Application Firewall v2 providing centralised protection for your web application from common exploits and vulnerability when in protect mode (note: detect mode logs but does not protect)
  • Azure Front Door with WAF policy enabled
• Data Protection and Resiliency
  • Azure Backup
  • Azure Site Recovery for Disaster Recovery
• Disk Encryption
• Key Vault for the secure storage of Keys, Secrets and Certificates
• Trend Micro Deep Security Suite

Who to reach out to for help and assistance.

If you have any questions, or concerns, or would like to explore how we can jointly enhance your cyber security posture, we encourage all our customers to reach out to their dedicated account teams.

For those who are not Macquarie Cloud Services‘ Customers, please do not hesitate to contact us to see how we can help you on your security and cloud journey.