We all want our networks to be secure, but sometimes it’s difficult to figure out how to even get started. Microsoft is promoting a free utility called Microsoft Security Assessment Tool (MSAT), which claims to analyze whether your existing network security architecture meets some of the common industry best practices. In this article, I’ll review how MSAT works and discuss whether it’s a useful tool for evaluating the potential risks to your network security.
Previously called Security Risk Self-Assessment Tool, the Microsoft Security Assessment Tool (downloadable from Microsoft’s Security Guidance site) is a .NET application and requires .NET Framework 1.1. A lot of questions about the assessment tool are answered on the tool’s FAQ page.
MSAT is designed to assess weaknesses in an organization’s security environment. The assessment can either be done by the organizations themselves, or it can be facilitated by a Microsoft Certified Partner. The security assessment is based on a series of questions on various security topics. The question session is expected to last somewhere 60–90 minutes. Upon completion of the assessment, customers receive a comprehensive report that contains recommendations specific to their business issues, based on the answers they provided during the assessment.
The assessment tool is designed for companies that have fewer than 1,000 employees. The assessment report will tell you that the assessment is designed for midsize organizations that have 50–500 desktop workstations. While you may be wondering how a company with 50–500 workstations can be considered a midsize company, what Microsoft is trying to convey here is that the tool is ideal for small organizations.