ThreatNG Security

View Original

SharePoint

Threat NG Staff

SharePoint is a web-based platform developed by Microsoft that helps organizations manage content, collaborate on projects, and share information. It offers features like:

  • Document libraries and version control

  • Team sites and wikis

  • Workflow automation

  • Integration with other Microsoft Office applications

SharePoint is widely used within organizations for internal collaboration. However, organizations must identify and track all externally identifiable SharePoint implementations connected to their operations. It includes:

  • Public-Facing SharePoint Sites: Some organizations might have public-facing SharePoint sites accessible to external users or partners.

  • Subsidiaries and Affiliates: There could be separate SharePoint sites for different branches or connected companies, potentially creating data-sharing points.

  • Third-Party Vendors and Suppliers: Many vendors might use SharePoint for collaboration within their teams when working with your organization, creating potential data exchange points.

  • Shadow IT: Employees might use unauthorized personal or external SharePoint sites for work, introducing security risks.

Understanding the entire SharePoint ecosystem is critical for cybersecurity reasons:

  • Attack Surface Expansion: Every connected SharePoint site represents a potential entry point for attackers. Vulnerabilities in a third-party's SharePoint setup could be exploited to access your organization's data on the site.

  • Data Leakage: SharePoint sites often store sensitive information like project details, documents, and credentials. A compromised site can expose this data and lead to breaches.

  • Misconfigured Permissions: Improper access controls on SharePoint sites can grant unauthorized users access to sensitive information.

  • Compliance Issues: Regulations like GDPR and HIPAA have strict data security requirements. Organizations must know where their data resides and how it flows through connected SharePoint sites to ensure compliance.

By comprehensively mapping their SharePoint ecosystem, organizations can proactively manage security risks and protect their data from unauthorized access within their network and their partners.

ThreatNG fortifying your SharePoint Ecosystem

ThreatNG, with its combined EASM, DRP, and security ratings capabilities, can be valuable in securing your organization's third-party and supply chain ecosystem, particularly regarding SharePoint implementations. Here's how:

1. External SharePoint Identification:

  • ThreatNG can scan the public internet to identify all externally facing SharePoint sites connected to the organization, its subsidiaries, and its known vendors (third-party connections).

  • This includes uncovering shadow IT situations where suppliers or employees might use unauthorized personal or external SharePoint sites.

2. Risk Assessment of SharePoint Sites:

  • ThreatNG can analyze the security posture of identified SharePoint sites. It includes looking for:

    • Publicly Accessible Sites: Sites accessible to anyone online pose a significant security risk.

    • Misconfigured Permissions: Improper access controls granting unauthorized users access to sensitive data.

    • Outdated Software: Outdated versions of SharePoint may contain known vulnerabilities.

3. Continuous Monitoring:

  • ThreatNG can continuously monitor the external attack surface for changes, including new SharePoint sites or newly discovered vulnerabilities in existing ones.

4. Integration with Security solutions:

  • ThreatNG integrates with various security solutions to create a holistic security posture:

    • GRC (Governance, Risk, and Compliance): Identified risks are fed into the GRC platform, triggering pre-defined workflows for third-party risk management.

    • Risk Management Platforms: ThreatNG shares risk data to help prioritize remediation efforts based on potential impact.

    • SaaS Security Posture Management (SSPM) solutions: ThreatNG can share details about the SharePoint site with the SSPM solution, which then assesses the supplier's overall security posture.

Workflow Example:

  1. ThreatNG identifies a public SharePoint site: The organization receives an alert from ThreatNG about a publicly accessible SharePoint site where a supplier uses sensitive project documents.

  2. Risk Management & GRC Integration: The risk is fed into the risk management platform and triggers a workflow in the GRC system for third-party risk management.

  3. Communication and Remediation: The organization contacts the supplier, notifying them of the publicly accessible site and requesting that it be made private or sensitive data be removed. The risk management platform tracks progress and ensures closure.

Desired Business Outcomes:

  • Reduced Third-Party Risk: Organizations can hold suppliers accountable for maintaining secure collaboration by proactively identifying and assessing external SharePoint sites.

  • Improved Security Posture: Continuous monitoring helps identify and address vulnerabilities before they can be exploited, preventing data breaches and unauthorized access.

  • Streamlined Workflow: Integration with existing security solutions allows for a centralized view of security risks and facilitates a more efficient response process.

  • Enhanced Compliance: Improved visibility into third-party security posture helps organizations meet compliance requirements related to data protection.

ThreatNG acts as the initial line of defense, uncovering external SharePoint sites and potential security risks. It then integrates with existing security solutions to streamline the risk management process and achieve a more secure third-party and supply chain ecosystem, specifically for SharePoint collaboration platforms.