ACE Networks
ACE Networks is an Information Communication and Technology company offering B2B services. We engineer Enterprise Resilience.
Since 2005, we have helped businesses secure their future with IT consulting, cloud infrastructure, and 24/7 cybersecurity.
18/06/2026
A scan generates findings. It does not assign owners.
In most environments, vulnerability reports land in a shared inbox or a ticketing system with no routing logic. Critical findings sit next to low-severity items. No priority order. No owner. No deadline.
The pattern is consistent: the scan runs on schedule. The backlog grows faster than it clears.
This is not a tooling issue. It is a process governance issue.
Vulnerability findings are routed by asset criticality — critical CVEs on domain controllers and perimeter devices are prioritised, assigned, and tracked to verified closure.
→ Get a free consultation
18/06/2026
Most M365 accounts are not closed on the day someone leaves. They are closed when someone remembers to raise a ticket.
In environments where HR and IT run separate systems, offboarding is a manual process. The departure is processed in HR on day one. The IT ticket arrives days later. The account stays open in the meantime.
But "open account" is not just an open inbox.
One M365 identity connects to SharePoint, Teams, OneDrive, and every third-party application that authenticated against it. All of it still reachable. And conditional access does not catch it — because policies evaluate at sign-in. If the session token is already active when the account should have been closed, there is no re-evaluation. The former employee does not need to sign in again. They are already in.
The part most environments miss: in Entra ID the account shows as a completely normal active user. No flag. No alert. The only way to find it is to manually cross-reference HR records against the identity list. Most environments have no schedule for that.
When closure does happen, the order matters:
→ Disable the account first
→ Revoke all active sessions immediately after
→ Then remove licences
→ Then audit what the account could reach
Deleting before revoking leaves the active session token valid. The account is gone. The access is not.
This is not a helpdesk task. It is identity lifecycle governance — and it needs to be tied to the HR event, not a manually raised ticket.
→ Get a free consultation
https://acenetworks.eu/
18/06/2026
An unmanaged device connecting to Microsoft 365 has no enforced encryption, no remote wipe capability, and no entry in the device compliance dashboard.
In most environments, a mix of corporate-managed and personal devices access the same M365 tenant. Without Intune enrolment or equivalent MDM coverage, there is no way to confirm that a device is encrypted, patched, or screen-locked. Conditional access policies are configured, but the unmanaged device baseline is either missing or not enforced.
The device appears compliant in the admin console. It is not.
This is not a Microsoft 365 limitation. It is a device governance gap.
Device posture is assessed across the full endpoint fleet — enrolment state, compliance policy coverage, and conditional access enforcement verified and corrected across every device category accessing the environment.
→ Get a free consultation
11/06/2026
Infrastructure changes. Documentation rarely keeps up.
A server gets decommissioned. The dependency map still references it. A network segment gets reconfigured. The incident response runbook still describes the old topology. A cloud resource gets added outside the standard provisioning process. Nobody updates the asset register.
When something breaks, the team investigates based on records that no longer reflect what is running. Resolution time extends because the map and the territory stopped matching months ago.
ACE Networks builds and maintains infrastructure documentation that reflects current operational state — asset registers, dependency maps, and runbooks aligned to what is actually running.
→ Get a free consultation
08/06/2026
Vulnerability scans run on schedule. The findings sit in a report.
Qualys, Tenable, Defender Vulnerability Management — the scan runs weekly or monthly. A report generates. Critical findings get assigned. Some get patched. The rest carry forward into the next scan cycle alongside new findings from the week after.
The backlog grows faster than it clears because severity scores from the scanner do not map to business impact. A critical CVE on a test server ranks the same as one on a domain controller. Both sit in the same queue. Analyst time goes to managing the volume, not reducing the risk.
A domain controller with an unpatched critical CVE open for 90 days is not a scanning problem. The scanner found it on day one.
The gap is in the lifecycle after the scan — prioritisation tied to asset criticality, remediation workflows with tracked SLAs, and validation that findings are actually closed before they leave the queue.
ACE Networks builds vulnerability management programmes that go beyond scanning — defining prioritisation criteria tied to business impact, building remediation workflows with tracked SLAs, and validating closure before findings leave the queue.
→ Get a free consultation
https://acenetworks.eu/
04/06/2026
Copilot for M365 queries against the existing permission structure. It does not evaluate whether the querying user should see what it returns.
Access is inherited from SharePoint site permissions, OneDrive file-level access, Azure AD group membership, and nested group and folder inheritance. In environments where permission models have built up over time without a review cycle, those structures carry historical access that was never removed.
Legacy SharePoint libraries retain access configurations from projects that closed years ago. Nested group memberships extend visibility beyond what any individual role was intended to grant. Folder-level inheritance overrides create inconsistent access boundaries across document libraries. Guest accounts with accumulated permissions remain active.
A natural language query returns data based on accumulated permissions — not based on what the user's role currently requires. There is no contextual filtering layer between the query and the entitlement model underneath.
Copilot makes the permissions problem visible at scale. The permissions problem was already there.
ACE Networks audits Microsoft 365 environments at the permission model level before Copilot deployment — mapping inheritance chains, resolving group-based access expansion, and restructuring boundaries so Copilot operates against a defined and current access architecture.
→ Get a free consultation
01/06/2026
A completed risk register and a filed information security policy are not the same as a security posture.
After a compliance assessment, the documentation is usually thorough. The technical controls it describes are not always in place.
Access control policy states least privilege. RBAC assignments in Azure reflect two years of project deployments. Patch management policy specifies a 30-day remediation window. Vulnerability scans show systems outside that window. Incident escalation is defined in the policy. The monitoring platform has no automated escalation configured.
Regulators and auditors check the operational layer. Documented intent is not the same as implemented control.
ACE Networks assesses security posture at the control level — mapping documented policy against active technical enforcement and identifying the gap between what is written and what runs.
→ Get a free consultation
https://acenetworks.eu/
28/05/2026
Azure Policy Compliance can show green across a tenant while individual resource groups operate without policy coverage.
Exemptions get applied during project deployments and never reviewed. Resource groups get created outside the standard management group hierarchy — no policy attaches to them. Initiative assignments include deprecated policy definitions that no longer apply to current Azure services.
The dashboard reflects assignment state. It does not surface where enforcement actually stops.
ACE Networks audits Azure Policy environments — reviewing initiative assignments, exemption histories, and inheritance structures across management group hierarchies.
→ Get a free consultation
27/05/2026
Licence estates grow without anyone governing them.
User counts change. Acquisitions add tenants. Projects add licences. The assignments from all of that stay active long after the projects close and the headcount changes. Nobody goes back.
What builds up in practice: E5 capabilities sit assigned to users who need E3. Security add-ons have been purchased for capabilities already included in the existing tier. Duplicate assignments exist across merged tenants that were never reconciled. Legacy agreements remain active for accounts decommissioned months ago.
Licence optimisation is not a cost exercise. It determines whether security investment goes where it can do something or sits in a product nobody configured.
An over-licensed environment with under-configured security tools is expensive. It is also not secure.
ACE Networks audits Microsoft licence estates — mapping assignments against current operational requirements, identifying redundancy across tenant structures, and realigning spend to security capability that actually runs.
→ Get a free consultation
https://acenetworks.eu/
21/05/2026
The average security team runs between 10 and 15 separate tools. Each generates its own alert stream. None share a correlation layer.
Endpoint flags something. SIEM logs it separately. Network monitoring sees something adjacent. No system connects the three. The attack chain is in the data. The correlation layer is not.
Adding another tool adds another queue.
ACE Networks consolidates security environments — reducing independent alert streams and building cross-platform correlation across endpoint, identity, network, and cloud.
→ Get a free consultation
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Website
Address
191 Tseriou Avenue
Nicosia
2045
Opening Hours
| Monday | 08:30 - 17:30 |
| Tuesday | 08:30 - 17:30 |
| Wednesday | 08:30 - 17:30 |
| Thursday | 08:30 - 17:30 |
| Friday | 08:30 - 17:30 |