Spectra Alliance Assessment Tool

5 Step Assessment

The cyber security threat landscape is evolving with cyber criminals shifting their focus to your people rather than your IT Infrastructure. To help address the new security risks, we’ve developed an assessment tool that puts your security controls to the test. This quick and interactive tool assesses your Endpoint, Cloud, Web, Identity and Email security to evaluate your security posture. We provide guidance on how to make impactful improvements to your security controls to thwart future cyber attacks on your dispersed workforce.

In our 5 step assessment you are here:

Question of

Endpoint Detection & Response (EDR)

What is your current Endpoint Security deployment model?

We don't have an Endpoint Security solution.

Our Endpoint Security solution is on-prem.

Our Endpoint Security solution is cloud-based.

Our Endpoint Security solution is hybrid and/or provides visibility of devices inside and outside the office.

What is the efficacy and coverage of your current Endpoint solution? Do you have the correct skills to manage the solution?

Our solution is currently deployed however, we do not have the skills to manage the solution.

Our solution is not currently deployed on all operating systems due to incompatibility (Linux, MacIOS) or on corporate mobiles.

Our solution is deployed on all corporate desktops, laptops and services (Windows, Linux and Mac) but not on all corporate mobiles.

Yes, the solution is deployed on all corporate endpoints and mobiles and has coverage for Windows, Linux and MACOS.

Does your Endpoint Security solution have these basic features? Are you utilising them?

Yes, it has signature-based protection.

Yes, it has signature-based protection and behavioural malware detection.

Yes, it has signature protection, behavioural malware detection and ransomware blocking and recovery.

Does your Endpoint Security solution have these advanced features? Are you utilising them?

Our Endpoint Security solution doesn't have these features, or we don't currently utilise them effectively.

Yes, it has machine learning capabilities for malware identification.

Yes, it has machine learning capabilities and sandboxing capabilities.

Yes, it has machine learning capabilities, sandboxing and native Endpoint Detection & Response (EDR) capabilities.

Does your Endpoint Security solution natively integrate with your other security solutions?

There are no current known integrations, or we are not currently integrating our Endpoint Detection & Response (EDR) solution with any other technologies.

Yes, our EDR currently sends events to our Security Information and Event Management (SIEM) or Centralised Log Aggregator.

Yes, our EDR is integrated with our SIEM and provides some basic response functions such as asset quarantining, application deletion etc.

Yes, our EDR currently integrates with our SIEM and other technologies such as Secure Email Gateway (SEG), Secure Web Gateway (SWG) and Identity and Access Management (IAM) to provide end to end response/remediation capabilities through manual playbooks.

Yes, our EDR currently integrates with our SIEM and other technologies such as SEG, SWG and IAM to provide fully automated response playbooks for response and remediation activities.

Question of

Web Security

Can you describe your current web gateway solution and its configuration? How does it contribute to your overall security strategy, particularly in terms of threat prevention and user activity monitoring?

We don't have a SWG or Web Proxy solution.

We have On-Prem Web Proxies and/or we are using some basic NGFW URL filtering.

We have a cloud-based Secure Web Gateway deployed that provides visibility into our users web activity both in the office and while working remotely.

We have a hybrid solution that comprises of On-Prem Web Proxies for Applications and SWG for end users in the office and while working remotely.

How do you handle sensitive data within your organisation, especially when it comes to monitoring and preventing unauthorised access or sharing? Can you provide insights into your data classification and protection policies?

Our data protection measures are limited. Sensitive data handling and classification are not standardised, and monitoring for unauthorised access or sharing is minimal. Access controls are inconsistently applied.

We have basic measures for data protection. Data classification is in its early stages, and monitoring for unauthorised access or sharing needs improvement. Access controls are in place, but not consistently enforced.

We have established data handling procedures. While sensitive data is classified, there's room for improvement in monitoring. Access controls are in place, but periodic assessments for potential unauthorised access need enhancement.

We have a robust data protection strategy in place. Sensitive data is classified, and access is strictly controlled. Regular monitoring and audits ensure unauthorised access or sharing is promptly identified and addressed.

What steps have you taken, or are planning to take, in modernising your security infrastructure and reducing reliance on VPNs? Are there specific technologies or strategies you're considering to achieve this shift?

We have made limited progress in modernising our security infrastructure. Concrete steps or technologies have not yet been identified. We're actively seeking guidance and exploring potential strategies.

We're in the early stages of exploring modernisation options for our security infrastructure. We plan to reduce VPN reliance, specific technologies and strategies are under consideration. This includes evaluating SASE, ZTNA, and software-defined perimeter solutions.

We're in the process of modernising our security infrastructure. This includes the exploration of Secure Access Service Edge (SASE), as well as evaluating the feasibility of implementing ZTNA and a software defined perimeter. We have plans in flight to reduce/eradicate the need for legacy VPN.

We've proactively undertaken advanced steps to modernise our security infrastructure. Our strategy involves the adoption of cloud-native security solutions, Zero Trust Network Access (ZTNA), and Software-Defined Perimeters (SDP). Legacy VPN usage has been retired or is in the process of doing so.

How easily could you outline your incident response plan and how it's adapted for web and cloud-related security incidents? How do you monitor and analyse network traffic for potential threats or anomalies?

Our incident response plan and monitoring efforts are minimal and need significant improvement in both areas. We acknowledge the importance of incident response and network monitoring, specific measures and strategies are not yet fully in place.

We have basic incident response measures, though adaptation for web and cloud-related incidents is limited. The incident response plan is general and needs refinement for specific incident types. Network traffic is monitored, but primarily for standard patterns. Enhanced threat detection capabilities are identified as an area for improvement.

We have an established incident response plan that includes considerations for web and cloud-related incidents. We have a plan but there's room for improvement in its adaptation to specific incident types. Network traffic is monitored, but primarily for standard threats. More advanced threat detection capabilities are being explored.

We have a well-defined incident response plan tailored for web and cloud-related security incidents. It includes clear steps for identification, containment, eradication, recovery, and lessons learned. Network traffic is continuously monitored using advanced tools, providing real-time alerts for potential threats or anomalies.

Do your web and application security solutions natively integrate with your other security solutions and do those integrations support the sharing of telemetry data for proactive threat detection and response?

Web and application security solutions operate independently with limited integration with our broader security ecosystem. Telemetry data sharing for proactive threat detection and response is minimal to non-existent. Significant attention and enhancement is needed.

There is limited integration between our web and application security solutions and other security tools. We have minimal telemetry data sharing for proactive threat detection and response.

We have some integration between our web and application security solutions and other security tools. However, the level of integration is not comprehensive. Telemetry data sharing is limited, but we have plans to improve this aspect of our security infrastructure.

Our web and application security solutions are seamlessly integrated with our broader security ecosystem. These integrations enable the sharing of telemetry data for proactive threat detection and response, and automate processes to enable my security team to operate effectively.

Question of

Cloud Security

What is your current Cloud Security & Compliance operating model?

We don't have a Cloud Security solution.

We use only native Cloud Security available in some of our SaaS, IaaS and PaaS subscriptions.

We have various disparate security technologies that protect our cloud workloads and environments.

We use native Cloud Security features and have a dedicated Cloud Security product that conducts real-time scanning and compliance audits of SaaS, IaaS and PaaS configurations.

What is the efficacy and coverage of your current Cloud Security solution? Do you have the correct skills to manage the solution?

We don't currently utilise any Cloud Security solutions.

Our solution is deployed however, we do not have the skills to manage the solution.

Native Cloud Security is implemented, but we are only using basic features and it does not cover all SaaS, IaaS and PaaS access methods, including browsers, mobile apps, desktop apps and sync clients.

Our dedicated Cloud Security solution partially covers SaaS, IaaS and PaaS access methods, including browsers, mobile apps, desktop apps and sync clients.

Our dedicated Cloud Security solution completely covers SaaS, IaaS and PaaS access methods, including browsers, mobile apps, desktop apps and sync clients.

Does your Cloud Security solution have these basic features? Are you utilising them?

Our solution either does not have these functions, or we are not currently utilising them.

Our solution has API integrations with all of our corporate / sanctioned applications and IaaS.

Our solution has API integrations and provides API-enabled controls such as alerting, change ownership, encrypt, quarantine, legal hold, restrict access, whitelisting and black listing of domains.

Our solution has API integrations and provides API-enabled controls such as alerting, change ownership, encrypt, quarantine, legal hold, restrict access, whitelisting and black listing of domains and provides basic visibility and activities of users and devices, cloud applications and IaaS.

Does your Cloud Security solution have advanced features? Are you utilising them?

Our solution either does not have these functions, or we are not currently utilising them.

Our solution provides advanced threat protection, including detecting and block threats such as malware, cyptomining and phishing.

Our solution provides advanced threat protection and advanced data protection for SaaS and IaaS, including OCR, true file type inspection and machine learning detection.

Our solution provides advanced threat protection and advanced data protection for SaaS and IaaS, including OCR, true file type inspection and machine learning detection, on both managed and unmanaged devices.

Our solution provides advanced threat protection and advanced data protection for SaaS and IaaS OCR, true file type inspection and machine learning detection, and has behavioural analytics to identify insider threats, data exfiltration and compromised accounts.

Does your Cloud Security solution natively integrate with your other security solutions?

There are no current known integrations, or we are not currently integrating our Cloud Security solution with any other technologies.

Yes, our Cloud Security currently sends events to our SIEM or Centralised Log Aggregator.

Yes, our Cloud Security solution is integrated with our SIEM and provides some basic response functionality such as User Session Blocking, DLP Block Rules etc

Yes, our Cloud Security solution currently integrates with our SIEM and other technologies such as Secure Web & Email Gateway, EDR and IAM to provide end to end response/remediation capabilities through manual playbooks.

Yes, our Cloud Security currently integrates with our SIEM and other technologies such as Secure Web & Email Gateway, EDR and IAM to provide fully automated response playbooks for response and remediation activities.

Question of

Email Security

What is your current Secure Email Gateway (SEG) deployment model?

We don't have an Email Security solution.

Our Email Security solution is on-prem.

Our Email Security solution is cloud-based, using native security features in cloud services such as O365 and G Suite.

Our dedicated Email Security Solution is deployed alongside O365 and/or G Suite and provides an additional layer of protection covering users in the workplace and remotely on both their workstations and mobile devices.

What is the efficacy and coverage of your current Secure Email Gateway (SEG) solution? Do you have the correct skills to manage the solution?

We don't currently utilise any Email Security solutions or features.

We utilise some basic spam and junk mail filtering; however, we do not have the skills to implement more advanced features.

The solution provides coverage for all Users and Devices, and we have implemented basic features such as spam filtering, attachment scanning, URL scanning, and end user reporting buttons.

The solution provides coverage for all Users and Devices, and we have implemented advanced features such as attachment protection & sandboxing, URL rewriting & browser isolation, integrated Threat Intelligence and & automated mail extraction/quarantining from mailboxes based on IOCs.

Does your Email Security solution have these basic features? Are you utilising them?

Yes, we have enabled spam filtering and bulk email filtering.

Yes, it has spam filtering, bulk email filtering and anti-malware (including blocking) capabilities.

Yes, it has spam filtering, bulk email filtering and anti-malware (including blocking) capabilities and sandboxing capabilities.

Yes, it has spam filtering, bulk email filtering and anti-malware, sandboxing, URL scanning and rewriting capabilities.

Does your Email Security solution have these advanced features? Are you utilising them?

No.

Yes, it allows the use of encryption for internal and external routing email alongside impersonation/spoofing and Business Email Compromises (BEC) detection capabilities.

Yes, it allows encryption for internal and external routing & email coupled with fully implemented DMARC authentication mechanisms and threat analytics identifying your most at risk users.

Yes, it allows encryption for internal and external routing & email coupled with fully implemented DMARC authentication mechanisms and threat analytics identifying your most at risk users. It also performs automated remediation and extraction of suspicious emails from mailboxes across the organisation.

Does your Secure Email Gateway (SEG) solution natively integrate with your other security solutions?

There are no current known integrations, or we are not currently integrating our SEG solution with any other technologies.

Yes, our SEG currently sends events to our SIEM or Centralised Log Aggregator.

Yes, our SEG is integrated with our SIEM, and provides some basic response functionality such as mailbox signature scanning, suspicious URL detections etc.

Yes, our SEG currently integrates with our SIEM and other technologies such as SWG, EDR and IAM to provide end to end response/remediation capabilities through manual playbooks.

Yes, our SEG currently integrates with our SIEM and other technologies such as SWG, EDR and IAM to provide fully automated response playbooks for response and remediation activities.

Question of

Identity & Access Management (IAM)

What is your current Identity & Access Management (IAM) solution deployment model?

We currently don't have a solution.

Our solution is on-prem.

Our solution is cloud-based.

Our solution is hybrid (on-prem and cloud).

What is the efficacy and coverage of your current IAM solution? Do you have the correct skills to manage the solution?

The system is not currently deployed due to a lack of skill, user complaints and/or we don't have an IAM solution.

Our solution is deployed to some systems and users only due to incompatibility or product limitations.

Our solution is deployed for all users on all internal business systems, and has MFA, SSO and Lifecycle Management (LCM) features.

Our solution is deployed for all systems, users and 3rd parties accessing corporate systems and applications and has MFA, SSO and LCM.

Does your IAM solution have these basic features? Are you utilising them?

No, it does not.

Yes, it has MFA and SSO.

Yes, it has MFA, SSO and User Directory Services to federate all user identities.

Yes, it has MFA, SSO, Universal Directory and Automated Lifecycle Management.

Does your IAM solution have these advanced features? Are you utilising them?

Our solution either does not have these functions, or they are not being utilised.

Yes, it utilises risk-based / contextual approaches to reduce MFA prompts.

Yes, it utilises risk-based / contextual approaches to reduce MFA prompts and has contextual policy capabilities based on user, device posture, location, URL, category, destination country, activity, and content and streamlines password management by allowing customize group-based password policies, enforcement of AD and LDAP password policies, and enablement of self-serve password resets to relieve the burden to your IT helpdesk.

Does your Identity solution natively integrate with your other security solutions?

There are no current known integrations, or we are not currently integrating our IAM solution with any other technologies.

Yes, our IAM solution currently sends events to our SIEM or Centralised Log Aggregator.

Yes, our IAM solution currently sends events to our SIEM or Centralised Log Aggregator. This integration also provides Organisational Context Enrichment to SIEM Alerts and User Timelines.

Yes, our IAM solution currently sends events and organisational context data to our SIEM or Centralised Log Aggregator. The solution does integrate with our selected EDR, SEG and SWG, however, we rely on manual playbooks to provide end to end responses to alerts and incidents.

Yes, our IAM solution currently sends events and organisational context data to our SIEM or Centralised Log Aggregator. The solution is fully integrated with our selected EDR, SEG and SWG and we have developed automated playbooks to provide end to end responses to alerts and incidents.

Get your results

Thanks for filling in our Workforce Assessment Tool; please fill in your details so we can guide you on how to make impactful improvements to your security controls to thwart future cyber attacks on your dispersed workforce.

First name *

Last name *

Company name *

Email *

Phone number *