Assessment Results.

It looks like you do not currently have a Web Security strategy. There is a high probability that your workforce is remote, and as a result, the corporate network is starting to look like "the internet". The role of SaaS in the enterprise application stack means that users are accessing corporate data from anywhere in the world at any time, and businesses are starting to realise that they lack visibility into their user's web behaviour once they leave the corporate network. An effective Web Security strategy allows businesses to monitor, train and enforce correct web browsing and interaction on corporate devices to help mitigate the risks of accidental or intentional user misbehaviour.

It appears you have some of the foundational elements of an effective Web Security strategy in place. However, it does look like some key areas are missing. An optimised Web Security strategy should allow you to guide and enforce your users to a safe web browsing experience (with features such as URL filtering and sandboxing) irrespective of their location or device (mobile or laptop). Additionally, the technology should be able to monitor and enforce the correct use of your corporate data across web-based applications, including being able to differentiate corporate, personal or 3rd party instances of One Drive/DropBox. Furthermore, the Web Security solution should be forwarding event logs to a centrally managed platform to manage events in real-time by an experienced team of analysts.

It appears you are starting to build the foundations of an effective Web Security strategy. However, it looks like some key elements are missing that will cement your security posture. An optimised Web Security strategy should allow you to guide and enforce your users to a safe web browsing experience (with features such as URL filtering and sandboxing) irrespective of their location or device (mobile or laptop). Additionally, the technology should be able to monitor and enforce the correct use of your corporate data across web-based applications, including being able to differentiate corporate, personal or 3rd party instances of One Drive/DropBox. Furthermore, the Web Security solution should be forwarding event logs to a centrally managed platform to manage events in real-time by an experienced team of analysts.

Your Web Security strategy appears to be quite effective. However, there may still be some areas that you are missing that allow you to maximise your security posture. An optimised Web Security strategy should enable you to guide and enforce your users to a safe web browsing experience (with features such as URL filtering and sandboxing) irrespective of their location or device (mobile or laptop). Additionally, the technology should be able to monitor and enforce the correct use of your corporate data across web-based applications, including being able to differentiate corporate, personal or 3rd party instances of One Drive/DropBox. Furthermore, the Web Security solution should be forwarding event logs to a centrally managed platform to manage events in real-time by an experienced team of analysts.

You appear to have a comprehensive Web Security strategy. You can guide and enforce correct user behaviours (the types of content and how they interact with sites), irrespective of the user's location. The solution can also detect web-based attacks and malware through its detection capabilities or its integration with another security tool.

It looks like you do not have an Email Security strategy. Almost 85% of emails are spam which leads to email fatigue and, ultimately, user error. Email is a digital adversary's favourite exploit method, and they rely on user error to gain a foothold within their target's network. Furthermore, 94% of malware is delivered by email, so an ineffective Email Security strategy leaves you open to arguably the most significant amount of risk.

It appears you have some of the foundational elements of an effective Email Security strategy in place. However, it does look like some other key areas are missing. An optimised Email Security strategy should provide a comprehensive detection engine to block spam and bulk email and provide Advanced Threat Detection for attachment and web-based threats (attachment and URL sandboxing) plus browser isolation features for your riskiest users. Additionally, your Email Security strategy should also assure your customers that the emails they receive from your company are genuine and from approved 3rd parties only. DMARC is the most effective email authentication method, and you should be aiming to set your DMARC record to reject. In addition to assuring internal and external email recipients, implementing effective and automated remediation workflows will significantly reduce the time that threats lie dormant within your business. Integrating your email gateway with other complementary tools such as your Endpoint and Web Security solutions and your Identity and Access Management platform is a great way to automate remediation and reduce the time it takes to detect and respond to threats.

It appears you are starting to build the foundations of an effective Email Security strategy. However, it looks like some key elements are missing that will cement your security posture. An optimised Email Security strategy should provide a comprehensive detection engine to block spam and bulk email and provide advanced threat detection for attachment and web-based threats (attachment and URL sandboxing) plus browser isolation features for your riskiest users. Additionally, your Email Security strategy should also consider assuring your customers that the emails they receive from you are genuine and from approved 3rd parties only. DMARC is the most effective email authentication method, and you should be targeting to set your DMARC record to reject. In addition to assuring internal and external email recipients, implementing effective and automated remediation workflows will significantly reduce the time that threats lie dormant within your business. Integrating your email gateway with other complementary tools such as your Endpoint and Web Security solutions and your Identity and Access Management platform is a great way to automate remediation and reduce the time it takes to detect and respond to threats.

Your Email Security strategy appears to be quite effective. However, there may still be some areas that you are missing that allow you to maximise your security posture. An optimised Email Security strategy should provide a comprehensive detection engine to block spam and bulk email and provide advanced threat detection for attachment and web-based threats (attachment and URL sandboxing) plus browser isolation features for your riskiest users. Additionally, your Email Security strategy should also consider assuring your customers that the emails they receive from you are genuine and from approved 3rd parties only. DMARC is the most effective email authentication method, and you should be targeting to set your DMARC record to reject. In addition to assuring internal and external email recipients, implementing effective and automated remediation workflows will significantly reduce the time that threats lie dormant within your business. Integrating your email gateway with other complementary tools such as your Endpoint and Web Security solutions and your Identity and Access Management platform is a great way to automate remediation and reduce the time it takes to detect and respond to threats.

It looks like you have a mature Email Security strategy. Your users are protected from a wide range of email-based attacks, including malware and links diverting to malicious content and credential harvesting. Your Email Security strategy is also likely to consider the risks you pose to your supply and customer chains through effectively implemented and managed email authentication protocols. The technologies are integrated with complementary toolsets to provide automated response and remediation actions.

It looks like you do not have an Identity and Access strategy. Understanding who your users are, the assets they use and typically interact with is an essential part of any organisation. It provides a fundamental foundation to governing user behaviours and detecting malicious activity. Additionally, features such as Single Sign-On (SSO) and Multi-Factor Authentication (MFA) significantly reduce a company's attack surface whilst streamlining user experience.

It appears you have some of the foundational elements of an effective Identity and Access Management (IDAM) strategy in place. However, it does look like some other key areas are missing. An optimised IDAM strategy should provide comprehensive access controls to ensure that users only have access to the systems they need to fulfil their roles. It should streamline the user's experience for all business applications irrespective of their location (on-prem, SaaS or IaaS through the adoption of Single Sign-On (SSO) and should verify a users identity through other factors other than user name and password (MFA). Additionally, these security features should be able to distinguish between "normal" user behaviour (same ID logging on from the same location) from "abnormal" behaviour and enforce a method of "step-up authentication". Furthermore, your IDAM should integrate with your security stack as the central correlation of all user behaviour and logs should be managed by an experienced team of security analysts to identify active threats within your business.

It appears you are starting to build the foundations of an effective Identity and Access Management (IDAM) strategy. However, it looks like some key elements are missing that will cement your security posture. An optimised IDAM strategy should provide comprehensive access controls to ensure that users only have access to the systems they need to fulfil their roles. It should streamline the users experience for all business applications irrespective of their location (On-prem, SaaS or IaaS through the adoption of Single Sign-On (SSO) and should verify a users identity through other factors other than user name and password (MFA). Additionally, these security features should be able to distinguish between "normal" user behaviour (same ID logging on from the same location) from "abnormal" behaviour and enforce a method of "step-up authentication". Furthermore, your IDAM should integrate with your security stack as the central correlation of all user behaviour and logs should be managed by an experienced team of security analysts to identify active threats within your business.

Your Identity and Access Management (IDAM) strategy appears to be quite effective. However, there may still be some areas that you are missing that allow you to maximise your security posture. An optimised IDAM strategy should provide comprehensive access controls to ensure that users have access to the systems they need to fulfil their roles. It should streamline the users experience for all business applications irrespective of their location (On-prem, SaaS or IaaS through the adoption of single Sign On (SSO) and should verify a users identity through other factors other than user name and password (MFA). Additionally, these security features should be able to distinguish between "normal" user behaviour (Same ID logging on from the same location) from "abnormal" behaviour and enforce a method of "step-up authentication". Furthermore, your IDAM should integrate with your security stack as the central correlation of all user behaviour and logs should be managed by an experienced team of security analysts to identify active threats within your business.

It appears that you have a mature Identity and Access Management program. You have likely implemented controls such as Single Sign-On and MFA, which are excellent user experience and security controls. In addition, you perform regular or automated access audits to ensure that your users have access to only the information they need to do their job and good visibility and control of your software licensing requirements for corporate applications.