Microsoft Security Saturday – 10/17/2020

How Microsoft helped combat ransomware ahead of US electionsWe disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world. We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.

CISO Stressbusters: 7 tips for weathering the cybersecurity stormsI sat down to discuss some CISO Stressbuster tips with my colleague Abbas Kudrati who has worked as a CISO in many different organizations for over 20 years before joining Microsoft. Here are several things we identified as important to weathering the cybersecurity storms and in Abbas’s own words.

Microsoft’s End-to-End Security Commitments to Our CustomersI’ll start with interoperability.  Your environment will no doubt remain hybrid, with multiple providers mutually committed to supporting your digital transformation efforts.  Of all the   made at IGNITE, two are most indicative of our commitment to deliver world-class security technologies in conjunction with other market partners, in increasingly critical segments.

Security Unlocked—A new podcast exploring the people and AI that power Microsoft Security solutionsIn each episode, hosts Nic Fillingham and Natalia Godyla take a closer look at the latest in threat intelligence, security research, and data science. Our expert guests share insights into how modern security technologies are being built, how threats are evolving, and how machine learning and artificial intelligence are being used to secure the world.

Welcome to the MCAS Ninja Blog Series!I want to arm you with the knowledge you need to be successful with a CASB and ultimately be a CASB ninja to your organization! I will be sharing my knowledge and experience with you in a new blog series called MCAS Ninja. In the blogs we will discuss how the Microsoft CASB, Microsoft Cloud App Security (MCAS).

Securing Administrative Access to Microsoft Cloud App Security and Defender for IdentitiesSecurity administrators often focus on best practices for securing their company’s users, apps, services, and devices. It can be easy to forget that Security Administrators are also “users” and equally if not more important to secure within the organization. What is the best way to secure administrator accounts? This blog provides guidance on how to configure Azure AD Conditional Access to secure administrative access to Microsoft Cloud App Security (MCAS) and Defender for Identities (formerly Azure ATP).

Security Admins, MCAS, and BLOCK!Hi everyone, we are very excited to bring this blog to you on one of our most asked questions regarding Microsoft Cloud App Security (MCAS) access! These days, many customers have a constant dilemma on how to restrict accesses in line with the security best practice, least privilege. As you may know, access to MCAS can be granted through inherited roles from Azure Active Directory (AAD) or through role-based access control (RBAC) assignments from within the MCAS portal itself.

Top 10 Best Practices for Azure SecurityMark Simos, lead Cyber security architect for Microsoft, explored the lessons learned from protecting both Microsoft’s own technology environments and the responsibility we have to our customers, and shares the top 10 (+1!) recommendations for Azure security best practices.

Becoming resilient by understanding cybersecurity risks: Part 1This is the first in a series of blogs exploring how to manage challenges associated with keeping an organization resilient against cyberattacks and data breaches. This series will examine both the business and security perspectives and then look at the powerful trends shaping the future.

Azure Defender for IoT is now in public previewAnnounced at Ignite 2020, Azure Defender for IoT delivers agentless security for continuously monitoring OT networks in industrial and critical infrastructure organizations. You can deploy these capabilities fully on-premises without sending any data to Azure. Or, you can deploy in Azure-connected environments using our new native connector to integrate IoT/OT alerts into Azure Sentinel, benefiting from the scalability and cost benefits of the industry’s first cloud-native SIEM/SOAR platform.

What’s new: Watchlist is now in public preview!Azure Sentinel watchlists enables the collection of data from external data sources for correlation against the events in your Azure Sentinel environment. Once created, leverage watchlist in your search, detection rules, threat hunting and response playbooks. 

Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting QueriesAzure Sentinel Github contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats.

Aggregating Insider Risk Management Information via Azure SentinelInsider risk management uses the full breadth of service and 3rd-party indicators to help you quickly identify, triage, and act on risk activity. By using logs from Microsoft 365 and Microsoft Graph, insider risk management allows you to define specific policies to identify risk indicators.