Security That Looks Good on Paper
Microsoft's Security Assessment Tool offers a comprehensive lesson in what security processes are working -- and not working -- in your systems.
- By Greg Shields
For such a powerful security assessment tool, Microsoft's Security Assessment Tool arrives in a nice and tidy twelve-and-a-half megabyte package. No clients here. No server-side equivalent either. The MSAT provides the small environment with a comprehensive set of test questions to answer, which can help you understand what you're doing right and what you're not doing to protect your infrastructure.
By installing the package and then taking the hour or more to run through its triple-digit number of questions, the small- or medium-sized IT environment quickly gains an understanding of what the common processes are for securing the environment, as well as which ones they are or are not following. In going through the list myself, I discovered a lot about what is missing in my network through just answering the questions.
The reason for this understanding comes from the level of detail in the questions, probing down to the point of firewall configurations, intrusion detection and even what security training programs currently are being offered to employees. Once complete, the tool wraps up your findings into a comprehensive report that measures your level of risk (BRP) related to your industry and business model, the measure of your security defenses (DiDI) and your level of security maturity.
Drilling down from that point are specific recommendations to improve your level of network security across your environment. Think of the results as a sort of task list that you'll want to cross reference with their cost to implement to find the best balance of security versus cost.
Designed with the small environment of less than 1,000 employees in mind, this tool gives the security administrator as well as the IT technical manager the fodder they need to determine exactly where the holes are in their environment. Considering Microsoft makes this tool available for no cost, it's worth an hour of your time.
Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.