Microsoft understands that cybersecurity is complicated. Microsoft security experts have prepared this document to provide guidance on best practices for infrastructure security and to help organizations better understand potential threats to their infrastructure.
This document includes guidance to help a variety of organizations proactively address cybersecurity protections and secure systems commonly targeted by malicious actors. It also illustrates some of the greatest infrastructure security challenges and provides guidance on how to plan for effective protections.
Identify High-Value Assets (HVAs) – Organizations need to identify the critically important business assets and their technical composition (servers, applications, data files, etc.). This inventory of HVA components is critical for recovery plans to rapidly assess, contain/isolate, and recover these critical assets during an incident that spreads through the production environment. This identification will also be useful for prioritizing protective and detective controls for these assets and identifying threats to them.
Threat detection and monitoring capabilities – Ensure access to tools and skills that allow detection of advanced attackers in an organization’s environment. These capabilities are constantly evolving, but an advanced program currently would include:
• Event correlation and analysis
• Integrated threat intelligence
• User and Entity Behavioral Analytics
• Ability to detect with both Indicators of Compromise (IOCs) for historical patterns and Indicators of Attack for evolving techniques
• Machine learning analytics.
Investigation and Forensic capabilities – Confirm access to advanced tools and skills to investigate targeted attacks that include malware analysis and attack activity analysis that can produce a comprehensive attack timeline. Organizations can get access to these capabilities by purchasing tools and hiring analysts or retain access via external entities or professional services.
You can download the document from here – White Paper – Defending Infrastructure – Cybersecurity and Best Practices
Contents of the document: