One of the best ways to set a baseline of how your users react to security threats, and to conduct ongoing testing and education, is to carry out mock attacks. While the tools to do this have been around, typically it has involved using different service providers to do different types of attacks. A couple of weeks ago Microsoft released their new Security and Compliance Center with a bunch of new security tools.
The Security and Compliance Center offers a number of interesting tools.
The first is a comparison tool, Microsoft Secure Score, that offers advice on what sorts of controls you need to put in place to protect your business. It looks at what services you are using and suggests security settings that are suitable for your organisation by using an AI-based tool to compare your company with other, similar ones.
The other tool is the Attack Simulator. It’s really a suite of three tools that you can use to ascertain users’ response to different types of attacks. It includes a phishing attack simulator, a password sprayer that tries to break through user accounts by guessing weak passwords and a brute force password cracker that tries to break into specific user accounts.
The results of these attacks can be used by admins to change configuration settings to further harden your network or to better target and design user education.