cybersecurity

Security Hardening Services

Protect critical systems, servers and cloud resources. CIS-based hardening that reduces your attack surface across systems, servers, cloud and network.

EXEO delivers security hardening services across your systems, servers, cloud environments and network. We audit your configuration against Center for Internet Security (CIS) benchmarks, produce a gap analysis ranked by severity, and implement the controls with your approval. The existing detail below covers our method, the shared responsibility model and the full list of platforms and systems we harden.

What is the purpose of security hardening services?

Security hardening limits the vulnerability of systems to attacks and therefore reduces their risk. It involves specific rules associated with hardening system configuration and a set of good practices.

Once systems, servers, cloud resources or cloud tenants are hardened, their cybersecurity risk level has been decreased and the surface of attack reduced, hence security monitoring becomes more effective.

Adopting a security hardening approach helps create a secure computing environment.

Industry analysts have consistently found that the large majority of cloud security failures stem from customer-side misconfiguration, not the cloud provider.

Gartner

Security hardening: the first layer in the cybersecurity model

Preventive Services

Risk management, procedures, compliance and system hardening and protection services.

Detective Services

24x7 advanced monitoring and real time detection based on sophisticated anomaly detection.

Response Services

Isolate attacks and respond to threats in order to protect operations and maintain business uptime.

Risk identification: the first step to security hardening

Any security hardening phase begins with an audit phase. We have developed audit processes for the following environments:

  • Microsoft 365
  • Google Workspace
  • Google Cloud Platform
  • Microsoft Azure
  • AWS
  • Oracle Cloud Infrastructure (OCI)
  • Windows Server
  • RedHat Enterprise
  • Linux
  • Azure SQL, MySQL and PostgreSQL databases
  • Network segmentation, access rules and logging

For each environment, we would need a restricted Global Reader (or security auditor) access, which allows us to audit several elements that may constitute risks of vulnerabilities. Each element is classified by a level of severity. This audit results in a report detailing the risks by severity and an action plan for hardening.

What does Cybersecurity Hardening involve?

Security hardening should be carried out by trained and experienced engineers in system hardening. It involves going through an exhaustive list of controls and changing core system configurations. It is therefore essential to carefully study the use of the services before applying the hardening configurations. If this is not done properly, the configurations may affect functional services and interrupt them.

EXEO guides its customers through this process and implements a methodology based on system hardening best practices and vendor recommendations. The hardening workflow is as follows:

Cloud security hardening and the shared responsibility model

We believe that cloud is more secure than other environments because it relies on a strong underlying infrastructure which is more secure than most of the on-premise environments built in the enterprise. Furthermore, cloud environments incorporate the necessary security technologies in order to operate safely and securely.

It is the cloud provider’s responsibility to secure the underlying infrastructure (data center, network, hardware and hypervisor). However, it is the client’s responsibility to secure the environment they are leasing.

In this shared responsibility model, the responsibility is divided between the client and the cloud provider, the following illustration explains it in more details for three types of services (IAAS, PAAS & SAAS)

Cloud shared responsibility model for security hardening across IaaS, PaaS and SaaS

Table

How does EXEO harden systems and cloud?

Part of the cybersecurity services EXEO provides is to harden the client environment in order to maximize the security of the hosted services and minimize the possibility of threats.

We have built our cloud hardening procedures based on the Common Internet Security (CIS) benchmarks and controls and different standards like ISO 27001 or PCI-DSS.

Based on these industry leading security recommendations, we maintain predefined checklists of controls and have developed our own standard operating procedures in order to perform the security hardening

Hardening the environment also makes monitoring more effective at detecting threats, by focusing on the incidents that require attention. If you would like to know more about how we help our clients stay secure, you can also check our managed security service page.

Cloud Security Hardening

Security hardening standards and best practices

The system hardening exercise consists of reducing unused functionalities and closing unnecessary access. It should therefore be prepared and performed with great care.

Cloud functionalities are enriched by providers on a regular basis. Many of these functionalities are enabled by default while clients may not use them, resulting in open vulnerabilities that are unknown to the client.

In order to properly cover the entire scope of hardening, we have compiled a methodology based on the following recommendations:

  • Those of the manufacturer by following all the functionalities
  • Those of the Center for Internet Security
  • Those of the standards like ISO 27001 or PCI-DSS
  • The Cloud Security Alliance’s Cloud Control Matrix

Systems that we harden

Cloud Productivity Suites

Google Workspace
  • Accounts security
  • Email deliverability, spoofing protection
  • Logs and alerts
  • Sharing policies
  • Data leakage
Microsoft 365
  • Accounts security
  • Email deliverability, spoofing protection
  • Threat protection

Cloud PLATFORMS

Azure
  • Identity & Access Management (IAM)
  • Security Center
  • Storage Accounts
  • Database Services
  • Logging & Monitoring
  • Networking
  • Virtual Machines
  • Appservice
Google Cloud (GCP)
  • Identity & Access Management (IAM)
  • Logging & Monitoring
  • Networking
  • Virtual Machines
  • Storage
  • Cloud SQL Database Services
  • BigQuery
Oracle Cloud Infrastructure (OCI)
  • Identity and Access Management
  • Networking
  • Logging & Monitoring
  • Storage
  • Infrastructure Container Engine for Kubernetes (OKE)

Servers and operating systems

Windows Server hardening
  • 500 security controls.

RedHat Enterprise and Linux hardening
  • 300 security controls.

Database platforms

Azure SQL
  • Surface area reduction
  • Authentication & Authorization
  • Password Policies
  • Auditing & Logging
  • Application Development
  • Encryption
MySQL
  • Operating System Level Configuration
  • Installation and Planning
  • File System Permissions
  • MySQL Permissions
  • Auditing and Logging
  • Authentication
    Network
  • Replication
PostgreSQL
  • Installation and Patches
  • Directory and File Permissions
  • Logging Monitoring And Auditing
  • User Access and Authorization
  • Connection and Login
  • PostgreSQL Settings
  • Replication
  • Special Configuration Considerations

NETWORK

Network hardening

Segmentation, access rules and logging reviewed against best practice to close exposed paths between services.

cybersecurity risk assessment

BOOK A CLOUD AUDIT

Get in touch

We respond within 1 hour on weekdays
Exeo Logo White Transparent

Paris. Beirut. Dubai.

Cloud Security Audit Report

Before you go

BOOK YOUR CLOUD RISK ASSESSMENT

It takes 1 hour and supports Microsoft 365, Google Workspace, Azure, GCP, AWS and OCI.