Mandiant Security for Azure: 4-Wk Assessment


Attackers are changing their TTPs to target cloud platforms like Microsoft Azure. Evaluate your Azure security controls and receive hardening guidance to optimize protection and visibility of assets.


The Mandiant Security Assessment for Azure helps you understand the threats and security controls unique to your specific Azure environment, hardens that environment against targeted threats, and improves your ability to detect, investigate and respond to attacker activity across all phases of the attack lifecycle.

The assessment includes staff interviews, remote workshops, and configuration & documentation analysis while focusing on six core areas:

  • Governance, Risk and Compliance
  • Security Architecture and Networking
  • Identity and Access Management
  • Secrets and Data Protection
  • DevOps
  • Threat Detection and Response

Mandiant does this with a deep understanding of threat actors and their rapidly changing TTPs from leveraging our combined adversary, machine and victim intelligence from the frontlines, since 2004.

Our Approach

The assessment typically takes four weeks, during which Mandiant experts map your existing Azure environment and determine how your current security program works to protect it:

Week 1: Initial Document Review: A remote review of migration strategies, architecture diagrams, hardening documentation, access management policies and standards, SOPs/playbooks and logging standards, conducted remotely in collaboration with key client stakeholders.

Week 2: Remote Workshops: A remote review to explore your Azure environment, current security model in place, and potential security concepts and controls to implement in the future to meet your needs.

Weeks 3-4: Configuration Review and Reporting : A thorough configuration review from the Azure platform to ensure security controls are implemented effectively and confirm learnings from the remote workshops to identify potential weaknesses that could be exploited by attackers. Mandiant prepares a report that details practical technical recommendations to harden the cloud environment, enhance visibility and detection and improve processes to reduce the risk of compromise.