Lanrex identifies “big gaps” in Australian businesses' cybersecurity

Australian organisations are vulnerable to cybersecurity attackers taking advantage of single points of failure, lack of continuous monitoring and insufficient adoption of security, says local managed IT service provider and Microsoft partner Lanrex.

David Reid, Lanrex.

Lanrex Head of Operations, David Reid, highlighted these issues at the recent CyberSecure Summit in Sydney, hosted by Microsoft and Australian technology distributor Dicker Data. He explained that many businesses have adequate security postures but fail to implement a comprehensive strategy to support ongoing security adoption and monitoring.

“We see a big gap with cohesive security strategy across clients. Clients have a very good posture towards security, but don't necessarily put the strategy in place around how that security is adopted,” Reid said. 

“We also see there's a lack of continuous monitoring and an ability to have a genuine identification and response to any threats that emerge within the environment. We also see a single point of failure within organisations.”

To combat this, Lanrex – which has more than 30 years of history and has a team of 40 looking after clients in Australia and New Zealand – provides a continuous improvement program that includes a dedicated virtual CIO and CISO. It also provides standards and policy implementation for Microsoft-aligned CIS Critical Security Controls Version 8, covering implementation groups 1, 2 and 3.

“Clients often have a solid security posture, but they don't necessarily have a strategy in place around how that security is adopted.” – David Reid, Lanrex

Lanrex’s tiered approach is tailored for businesses of all sizes and maturity levels, giving them an end-to-end technology solution with managed support and account management.

The first tier includes Microsoft Defender for servers, endpoints and Office 365, as well as Microsoft 365 Business Premium, which includes enforced multi-factor authentication (MFA), geo-location blocks, application whitelisting and conditional access policies.

Other key elements in the first tier include personally identifiable information (PII) security training, scheduled phishing campaigns, dark web scanning, mobile application management, patch management and an annual security assessment. The tier also standardises device provisioning and enrolment processes.

The second tier builds upon the first with enhanced alerting and remediation capabilities, targeting risks identified in Office 365 (including SharePoint, Teams Files, OneDrive and Azure AD) and Microsoft Defender for endpoint suspicious behaviour.

It also adds service encryption policies, compliance policies for endpoints on trusted network resources, and management of the Microsoft Secure Score to maintain a score above 50%.

Closing security gaps with Microsoft products

Bolstering this protection is Lanrex’s alignment with Microsoft, which has named Lanrex an official Solutions Partner in Infrastructure Azure and Modern Work, with additional designations in progress.

Karen Negus, Microsoft’s Director SMB Security, Asia, said that as “the largest security vendor in the world,” Microsoft had to start securing its own software applications, which subsequently morphed into customers asking to use the company’s tools to protect their own networks.

“We now have more than 1 million corporations globally using our security products, along with countless end users,” she said.

“Security is embedded in every part of our business, and due to the number of access points we have in networks around the world, we’re also in a unique position where we can collect more data and observe more attempted breaches than probably any other organisation in the world.” 

“Everything we do is underpinned by zero trust - the principles are always ‘assume a breach, explicitly verify every user and device and grant the least privilege required’.” 

Negus said SMBs often approach security in silos, with separate teams working on different aspects like operations, data and identities. “Whilst businesses are often thinking in silos, attackers are very much thinking across the attack chain,” she said. 

“Security has to be end-to-end, and Microsoft is constantly reviewing and refining our SMB offerings to provide more comprehensive solutions.”

In March, Microsoft announced that its 365 E5 Security is now available as an add-on to Microsoft 365 Business Premium, providing SMBs with a cost-effective solution for advanced security capabilities.

Building on Business Premium’s core security features, the E5 add-on includes advanced security and governance features through Microsoft Entra ID Plan 2, enabling real-time risk-based conditional access and identity protection using behavioural analytics and machine learning.

The package also introduces Extended Detection and Response (XDR), which consolidates multiple security solutions to provide unified incident-level visibility across the attack lifecycle.

For device security, Microsoft Defender for Endpoint Plan 2 enhances Defender for Business capabilities with advanced hunting and six months of data retention, along with endpoint security for IoT devices. Email and collaboration security comes through Defender for Office 365 Plan 2, which adds cyber-attack simulation training to help employees recognise phishing attempts and automated response capabilities and post-breach investigations.

Additionally, Microsoft Defender for Cloud Apps helps IT teams identify and manage shadow IT, ensuring only approved applications are used while protecting against sophisticated SaaS-based attacks.

Microsoft said that purchasing E5 Security can save organisations 57% compared to buying the individual products separately, making advanced cybersecurity more accessible for smaller businesses.

Talk to Lanrex about a continuous security improvement program that bridges your organisations’ cybersecurity gaps. Customers can contact David Reid on david.reid@lanrex.com.au or 1300 526 739.