Microsoft Security Saturday – 1/25/20

Announcing the public preview of Insider Risk ManagementAt Ignite last November, we announced Microsoft 365 Insider Risk Management and began a private preview. Since then, we’ve been hard at work developing the ability to scale and deliver a solution that leverages AI and automation to quickly identify and investigate insider risks.

Block Access to Unsanctioned Apps with Microsoft Defender ATP & Cloud App SecurityIn a modern workplace where the average enterprise is using over 1,500 different cloud apps, and more than 80 gigabytes of data is being uploaded monthly to risky apps from business endpoint devices, the ability of IT and compliance administrators to manage and monitor shadow IT becomes an (almost) impossible mission. It is not only about the ability to assess the potential risk that cloud apps pose to the company, but also about the tools IT has (or doesn’t have) to control and manage access to these apps.

Cyber threats are on the rise; here’s how companies can ensure their safeguards are primed and readyWith high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any company could be a potential target for a cyberattack. 

Extending Azure Sentinel: APIs, Integration and management automationOne of the biggest advantages of the cloud in general and Azure Sentinel, in particular, is being API focused. SIEM products are integration savvy, whether with telemetry sources or with other management platforms. The cloud makes automating this integration critical to tackling the ephemeral nature of resources. In this evolving blog post, we will cover Azure Sentinel integration and automation capabilities.

Azure ATP investigation of brute force and account enumeration attacks made over the NTLM protocolSecurity research shows most successful enumeration and brute force attacks use either NTLM or Kerberos authentication protocols for entry. In fact, they’re the most popular discovery-phase attacks Azure ATP observed in the past 12 months.

Azure Secure Score simplifiedThe secure score controls feature of Azure Security Center is now available in preview. It groups multiple recommendations focusing on a specific attack surface (for example, restrict access to management ports). This provides a more reliable method for calculating the scores and gives you better visibility into how they’re calculated.

What’s New with Apps in Azure AD | Jan 2020Over the last few months, we announced a set of new capabilities to make it easy to move more apps to Azure AD and reinforce the security of your application ecosystem. In addition, as we continue to partner deeply with independent software vendors (ISVs), we keep adding more and more pre-integrated apps in our App gallery that support federated single sign-on (SSO) and/or automated user provisioning. Since our last update, we have added 108 new applications!

sLoad launches version 2.0, StarslordsLoad has launched version 2.0. With the new version, sLoad, which is a PowerShell-based Trojan downloader notable for its almost exclusive use of the Windows BITS service for malicious activities, has added an anti-analysis trick and the ability to track the stage of infection for every affected machine.

Microsoft and Zscaler help organizations implement the Zero Trust modelMicrosoft has built deep integrations with Zscaler—a cloud-native, multitenant security platform—to help organizations with their Zero Trust journey.

Azure Security Benchmark—90 security and compliance best practices for your workloads in AzureAzure Security Benchmark offers a collection of over 90 security best practices and recommendations you can employ to increase the overall security and compliance of all your workloads in Azure.