Let’s face it, today’s battleground for IT is in Cybersecurity. Your corporate data wisps through your servers onto unknown locations. You fight the good fight of identity security, you diligently apply your network security, you do your best to manage and protect your data (at rest and in motion), but those darn computer users take their devices into the dark recesses of public Wi-Fi. They come back to you with all sorts of infections and nefarious happenings. What if you had a tool that would help reflect your organization’s exposure associated with all the devices within your organization? Welcome to Exposure Score (ES) in Microsoft Defender Security Center!
How Exposure Score (ES) Works
Exposure Score helps you determine how vulnerable your endpoints are to threats out in the world. A low ES indicates that your endpoints are less vulnerable to exploitation than if you have a high ES. I choose the phrase “less vulnerable” over “protected” because the concept of protection can lull someone into a false security. You may think you have protection and, therefore, ignore daily vulnerabilities that expose your company to bad actors. It’s best practice to keep your score low AND maintain the other security layers you need to be fully protected. Using an Exposure Score will help you make significant headway, though. The ES incorporates a holistic collective of elements and services on an endpoint, then provides you with a numerical score for you to judge your weaknesses. Once you know your weaknesses, you can apply changes or compensating controls within Microsoft. The score includes a look at your applications, operating system, networks, accounts, and security controls. Then, with the help of Microsoft dashboards, the threat and vulnerability management system offer you recommendations in remediating those weaknesses.
Here is a likely scenario to help paint the picture of exactly how the ES and dashboard functionality can help:
Were you aware that a new malicious malware is moving about the web? Microsoft is aware of the latest threats. In fact, Microsoft just released a new revision to their Microsoft Edge browser. ES found that your organization has a number of Edge browsers implemented throughout your organization. ES has also noted that 75% of them have not been updated with the new revision they released. With this important information, you can now send an email to the organization advising everyone to go to the upper right corner of their Edge Browser and click the ellipses (3 dots), which then instructs the user to restart their browser in order to be updated. Your ES just went down by helping you to keep everyone’s software up-to-date. This includes all the software on your computer, not just Microsoft applications. Adobe Acrobat released a new update as well, and you are able to inform everyone to update their local installation of Acrobat on their computers. Suddenly, when that email comes around, with the bad .PDF attachment, your organization is protected. No ransomware for you.
More Than Just Update Notifications
ES is also watching your operating systems, your network, your accounts, as well as the security controls you have put into place already. Perhaps you hadn’t realized that you had “AutoPlay” enabled for all drives enabled. If someone found a USB drive or was given a tainted CD, that user might or might not rely on the training you gave them to not insert the items into their computers. Will they remember? You hope so, but why gamble? What if this is a new employee who missed that training? What if they are just busy and not thinking? Loading bad media in auto-play mode can be disastrous. You’ve been advised from the ES to correct items. Maybe only a handful of devices need correction. ES will reveal the16 devices which are exposed to the vulnerability so you can tackle them directly. When you add on networking (you forgot to disable SMBv1 on your network) or accounts (you left the local admin account enabled), you can begin to see the value of ES.
Now that you have the awareness of your endpoint weaknesses, you can mitigate them in way that makes sense to protect your environment Microsoft provides you with the top security recommendations which, if processed, will provide the highest exposure impact. ES reports your top events in the organization, the top software which have weaknesses, as well as the top exposed devices.
You Have Control Over Mitigation Decisions
With all that information at your fingertips, ES next provides instructions for you to remediate these faults. ES suggests the configuration changes or updates needed to protect your systems. You can open support tickets directly from ES to help track tasks and to follow up on issues. There are some cases where you may not want to correct a recommendation for some business-related reason. ES will allow you to define exceptions, as well. You may have a computer that has to run a .Net version that must not be updated for application dependency reasons. ES will honor that exemption decision and not penalize your score. Once you get going with ES you will quickly appreciate the benefits of your new intelligence partner. ES provides you with important information and you can choose the path that is right for your business. If your internal IT Team is smaller and stretched thin, you can tackle the remediations of your findings little by little. If you have a help desk, the team can set up tickets for themselves and implement protections quickly.
Systems and Vulnerabilities Need Ongoing Attention
Lastly, ES is an ongoing journey. You are never going to get to a “1” and stop. Everyday, software developers find new bugs, provide new updates, and sort out new ways to enhance the security of your business. Some days you may have critical events to attend to; other days you may have lots of little things that can wait. ES may tell you that you have problems with IE11, but you know that you are going to replace the remaining Windows 7 computers in 2 months anyway. The biggest recommendation that I would like to offer you in the ES journey is to add it to your check sheets and at least review it daily. You don’t want to find out too late that a monster weakness just ate your business because you kept forgetting to review your scores.