Microsoft Security Saturday – 07/10/2020

Microsoft Defender ATP awarded a perfect 5-star rating by SC MediaToday, we are very proud to share that SC Media has awarded Microsoft Defender ATP a perfect 5-star rating in their 2020 Endpoint Security Review.

New study shows customers save time, resources with Microsoft Cloud App SecurityThe Forrester study shows a three-year 151% ROI and less than 3-month payback on Cloud App Security investment

Webinar series: Unleash the hunter in you!Do you want to proactively hunt for threat activity like an expert? Then don’t miss our upcoming webinar series, “Tracking the adversary”! Michael Melone, Principal Program Manager at Microsoft and resident threat hunter, will start with the basics of threat hunting and cover more advanced techniques throughout the series.

Microsoft Threat Protection advanced hunting cheat sheetRecently, several Microsoft employees and security analysts from large enterprise customers and partners came together to work on a community project to build the very first cheat sheet for advanced hunting in Microsoft Threat Protection.

Microsoft takes legal action against COVID-19-related cybercrimeToday, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world.

Inside Microsoft Threat Protection: Correlating and consolidating attacks into incidentsMicrosoft Threat Protection (MTP) addresses this critical SOC need through incidents, which empower SOC analysts by automatically fusing attack evidence and providing a consolidated view of an attack chain and affected assets, as well as a single-click remediation with easy-to-read analyst workflows.

MDATP: An update on Web Content FilteringWe have heard your feedback and are excited to share that going forward, web content filtering will be offered as part of Microsoft Defender ATP without any additional partner licensing. Now you get the benefits of web content filtering without the need for additional agents, hardware, and costs.  

Making Azure Sentinel work for youThis new white paper outlines best practice recommendations for configuring data sources for Azure Sentinel, using Azure Sentinel during incident response, and proactively hunting for threats using Azure Sentinel.

How to protect your remote workforce from application-based attacks like consent phishingToday we wanted to share one of the ways application-based attacks can target the valuable data your organization cares about, and what you can do today to stay safe.

Introducing Kernel Data Protection, a new security technology for preventing data corruptionKernel Data Protection (KDP) is a new technology that prevents data corruption attacks by protecting parts of the Windows kernel and drivers through virtualization-based security (VBS). KDP is a set of APIs that provide the ability to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. 

Announcing GA: Mark new files as “sensitive by default” in OneDrive & SharePointInstead of turning off external sharing entirely, you can address this issue by using a new PowerShell cmdlet. The cmdlet prevents guests from accessing newly added files until at least one Office DLP policy scans the content of the file.

Security Controls in Azure Security Center: Secure Management Ports In this post we will be discussing the control of “Secure management ports”.  This control is worth 8 points and is made up of 3 recommendations.

MIP: Notes from the fieldWith the rapid increase in the number of security incidents worldwide, will an appropriate information protection solution be impactful to reduce the severity of such an intrusion?

Azure Sentinel API 101Azure Sentinel has several different APIs that you can interact with, and we’ve recently released the Sentinel Management API to add another API into the mix. 

Azure Sentinel Side-by-Side with QRadarThis blog describes how Azure Sentinel can be used Side-by-Side with QRadar.

New: Per data type retention is now available for Azure SentinelThe capability to set the retention period per data type is now available for Log Analytics and Azure Sentinel. Setting per data type retention enables significant cost saving on retention cost.