Metis Security Blog

There is a spending pattern I have observed across professional services firms for the better part of a decade, and it has not changed much despite the continuous evolution of the threat landscape. Organisations will invest significant sums in security technology such as Microsoft 365...Read More

A Microsoft 365 security assessment is valuable, however governance aspects identified through and audit are just as important — JML, Ops Support & IR.Read More

Microsoft 365 security failures are often blamed on a missing control, or feature, these matter, but they are rarely the root cause - the lack of governance is!Read More

Microsoft 365 is frequently described as an “ISO 27001–aligned platform”. In isolation, that statement is not incorrect. However...Read More

Metis Security delivers professional penetration testing that combines infrastructure and web application testing (a Pen Test) to identify real-world risk.Read More

Vuln scans and pen testing are often talked about as if they are interchangeable — but they serve very different purposes.Read More

External sharing is one of Microsoft 365’s greatest strengths — and one of its most misunderstood risks. This article discuses how to reduce your exposure.Read More

The majority of Microsoft 365 compromises exploit well-known, repeatable misconfigurations that have existed quietly for months or years.Read More

Many organisations believe that because they have Microsoft Defender licensed, they are “covered”. This assumption is very dangerous.Read More

A large number of Microsoft 365 tenants remain insecure — because security is often assumed, misunderstood, or allowed to drift.Read More