Microsoft Purview

Protect and manage data wherever it resides within your organization by implementing Microsoft Purview for information protection and data loss prevention.

A Data Governance Approach to Microsoft Purview

Why Microsoft Purview with Bridewell?

  • Implementing Microsoft Purview for Effective Data Governance and Compliance: Our approach to implementing and deploying Microsoft Purview is driven by data governance, with a focus on ensuring your organization is compliant with relevant data privacy regulations. Our Microsoft, Cloud, and Data Privacy experts will work alongside you to understand regulatory risks within your environments and remediate them through Purview’s data, compliance, and governance capabilities.
  • Expertise in Cloud Security and Threat Protection with Microsoft Purview: As one of Microsoft’s leading cybersecurity partners, our team are designated solution partners for Security. We hold specialisms in Cloud Security and Threat Protection and have extensive experience in deploying Purview for some of the UK’s largest and most highly regulated organizations.


Purview Blog 680 x 400px Thumbnail

The Benefits of Purview

Our team will help you deploy Microsoft Purview quickly and effectively, so you enjoy the following benefits. 

 

 

card icon

Identify Risks to Your Data

Assess your current data privacy programme for any ongoing risks.

card icon

Identify Risky User Behaviour

Identify any user behaviour that risks non-compliance or a data breach.

card icon

Achieve Best Practice for Data Protection

Meet relevant requirements for regulatory compliance and industry best practice.

card icon

Ease the Pressure on Your Security Team

Our SOC team will take on responsibilities from your in-house security team, allowing them to dedicate time and resources to other activities.

A large financial organization engaged Bridewell to provide a testing scenario that could simulate a real-world attack scenario. The organization placed a large focus and pride on the security of their network perimeter, providing a significant amount of confidence to their board that they would be protected from any form of external cyber-attacks.

The Challenge

The Bridewell team and security consultants held several meetings to fully understand the client’s requirements, agree time scales and identify the core scope and objectives of the assessment. These were identified as:

A real-world approach would be taken, simulating attacks from all possible vectors and without scope limitations with the exception of ‘denial of service attacks’.

Attack vectors could include social engineering, physical access attempts, active reconnaissance and full suite of technical penetration testing techniques such as infrastructure, web applications, mobile applications and controlled forms of malware deployment. 

Bridewell agreed that the engagement would be undertaken over the period of 3 months and from the point of contract signature and go-live, there would be no further contact between the parties (with the exception of any validation of testing vs real-life attacks taking place).

Engagement Milestones

In addition to the detailed scoping requirements, Bridewell agreed an overview of the key milestones with the client. The key milestones of the assessment were:

  • Identify scope, objectives of the assessment, the client and safeguards.
  • Agree start date and end dates.
  • Conduct multi-faceted testing techniques.
  • Conclude testing
  • Presenting findings to the clients Executive Board
  • Getting to Work

Following on from the agreement of the engagement milestones Bridewell assembled their internal team. This consisted of various employees across the company, each with different skill sets that ranged across technical capability, physical entre and social engineering. It is key that multiple attack vectors are effective, and this requires various skills and people.

 

Reconnaissance is Key

Bridewell’s team of consultants devised a detailed plan and storylines for the assessment, which commenced with a reconnaissance phase to build a detailed picture of the client. It is imperative that the Bridewell team understands and discover any weaknesses in order to ensure that any attacks were credible. These areas consisted of:

Physical – Bridewell’s consultants performed reconnaissance on several client sites across the country which consisted of assessing the physical security controls, dress code as well as lanyards, company culture in terms behavior such as tailgating and also whether any wireless signals were broadcasting from nearside building locations.

Online – Bridewell carried out reviews of the client’s website, job descriptions, social media accounts and Open Source Intelligence (OSINT).

Technical Vulnerabilities – The Bridewell team performed checks against the client’s external infrastructure to ascertain any entry points or open ports that can be utilized against the client.

Relationship Building – Several LinkedIn profiles were created and Bridewell started building relationships with the employees of the client, enquiring about roles within the company over the telephone and email.

Attack Paths to Success

Following the reconnaissance phase the Bridewell team utilized several attack methods to obtain a foothold, which were focused around physical access to enable remote access into the network and social engineering to deliver malware payloads.

Gaining Physical & Remote Access

Bridewell developed a remote access device using a Raspberry Pi. The Bridewell team were able to ascertain that there was a seven second delay between an access card being swiped and cloned the client’s badge to obtain physical access. Following successful entry into the building, the Bridewell team plugged in a remote access device and were able to successfully connect into the client network. The bridewell team started assessing the internal infrastructure where they were able to exploit a known vulnerability, which provide local access to a server and associated credential from within the server memory. Following the account compromise Bridewell accessed other services until eventually gaining Domain administrator privileges. Bridewell pivoted further into various network segments and managed to gain access to the client’s main customer database, which consisted of approximately 5 million customer records.

 

Social Engineering & Malware Deployment

Bridewell had built several relationships with individuals across the client’s various departments but decided to focus around the Human Resources (HR) area, applying for a role within their IT teams.  This was done by creating fake LinkedIn profiles, CV’s and contacting the department via telephone to discuss the various roles.  Bridewell had also developed their own malware, which if successfully executed, would provide our consultants with remote access onto the infected user device.  The malware was tested in a mock environment to maximize the chances of successfully bypassing the client’s mail filters. Following further assessment of the client’s external infrastructure and liaising with the HR Department, the Bridewell team also discovered that the client was using a very well-known email filtering product.  However, on further analysis Bridewell discovered a configuration within the implementation of the product that was available for Bridewell to exploit in order to bypass the mail filtering completely.

Bridewell were subsequently able to send email attachments to the client and successfully deploy the malware onto the client’s laptops, which provided Bridewell Consultants remote access to a large set of personal data files, which were screen shot for evidence gathering.

 

Presenting the Key Outcomes and Findings

On completion of the red team engagement, the Bridewell team met with the Executive Board to present the full details of the assessment approach and their findings. The assessment began with Bridewell Consultants having no knowledge or access of the client’s systems or premises and concluded with Bridewell having the highest levels of access to the client’s network and the highest levels of access to their key customer database – containing approximately five million records.

Bridewell walked the board members through each phase of the engagement, explaining some of the complex aspects of the test in a way that could be understood by some of the non-technical audience. The client thanked Bridewell for the assessment but also for the professional, proportionate approach in presenting the findings to the board. Following the assessment, the client requested to continue to work with Bridewell in order to help them improve their internal security architecture, to identify and prevent similar attack scenarios and a layered approach to security.

 

For information on reducing risk with Red Teaming, please click here.

Start your Microsoft Purview Journey with Bridewell

Speak with one of our consultants to see how we can support your organization with Microsoft Purview.

man staring at code

How it Works

Data governance isn’t just about technology, but how organizations use, process and secure data. Our Purview deployments prioritize understanding how your employees handle data so we can implement policies that support their ways of working.

 

Data Discovery 

Our cloud security and data privacy teams will hold discovery workshops to understand:

  • Your current approach to data classification, retention and data loss
  • Any challenges with how your users access and share data
  • Your goals with Purview

Our team will review your current approach against applicable data protection legislation and best practice standards.

Any areas of non-compliance or data risk will be highlighted immediately.

 

Design and Implementation

Based on our findings, we will recommend updates to relevant policies and provide a test deployment of our proposed labelling solution to address these shortcomings.

This test deployment ensures there is no risk to your current operations and allows our team to optimize your Purview deployment before it is moved to a live environment.

Why Us?

card icon

180+ Security Specialists

Our team have diverse experience across sectors and disciplines, and hold accreditations from numerous industry bodies.

card icon

Certifications

Our people and services are highly accredited by leading industry bodies including CREST, the NCSC, and more. Our SOC holds extensive accreditations from CREST (including for CSIR and SOC2) and works closely with our cyber consultancy services.

card icon

Partnerships

As a Microsoft Partner, we also hold advanced specialisms in Cloud Security and Threat Protection. We’ve also implemented some of the UK’s largest deployments of the Microsoft Security stack, inc. Sentinel, Defender, Purview and more.

Accreditations and Certifications

Our cybersecurity consultants and services are globally recognized for meeting the highest standards of accreditation and have leading industry certifications.

Accreditations - Other