53.2 F
Washington D.C.
Monday, December 9, 2024

CISA’s ScubaGear Tool Improves Security for Organizations Using M365 and Hits Major Milestone

ScubaGeara tool developed by the Cybersecurity and Infrastructure Security Agency (CISA) to automatically assess Microsoft 365 (M365) configurations for security gaps, hit a major milestone: more than 30,000 downloads since its debut in October 2022. In fact, downloads significantly increased with the recent release of ScubaGear version 1.3.0 in June 2024.

Security misconfigurations of settings within Software-as-a-Service (SaaS) tenants can leave the system exposed to exploitation. During the first half of 2024, a major cloud vendor reported that these misconfigurations were found to be the initial access point for 30% of all cloud environment attacks. This is a significant jump from the second half of 2023, which traced 17% of attacks back to these misconfigurations. Avoidable misconfiguration vulnerabilities, such as not enabling multifactor authentication, could result in breaches, compromised data, and damaged customer trust.

ScubaGear rapidly and thoroughly analyzes an organization’s M365 tenant configuration. It then delivers actionable security change insights and recommendations that allow the tenant administrator to close security gaps and attain a stronger defense within their M365 environment.

The private sector, critical infrastructure and federal, state, local, tribal, and territorial governments use ScubaGear. The tool’s user-friendly reports map a course of corrective action that organizations can use to quickly identify and mitigate known configuration vulnerabilities, reducing the risk of costly breaches. One ScubaGear user from the Surface Transportation Board noted the assessment tool provided “excellent diagnostics, and the remediation steps outlined in the report were very clear and easy to understand.”

ScubaGear has been updated nine times since its launch in 2022. Recent enhancements have made it more accessible and user-friendly. The tool is now available on PowerShell Gallery, which eases installation and lowers the user’s required technical skill to install and operate the tool.

Additionally, the Secure Cloud Business Applications (SCuBA) shared service launched a specific M365 FCEB Slack channel to provide support to federal civilian executive branch (FCEB) agencies, enabling direct communications and real-time assistance.

The original announcement can be found here.

Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles