Microsoft Security Saturday – 11/21/2020

Forrester TEI study: Azure Sentinel delivers 201 percent ROI over 3 years and a payback of less than 6 monthsAs a unified, scalable, cloud-native, security information event management (SIEM), Forrester Consulting found that Azure Sentinel delivers on these needs. Providing alert detection, threat visibility, proactive hunting, and threat response across your enterprise, the commissioned study, The Total Economic Impact of Microsoft Azure Sentinel.

Gartner names Microsoft a Leader in the 2020 Magic Quadrant for Cloud Access Security BrokersWe have been building to deliver a unique perspective from which customers can leverage control and governance has been recognized with this year’s Gartner Magic Quadrant for Cloud Access Security Brokers (CASB).

Protecting your data – creating a secure and compliant Microsoft Teams environmentOrganizations are continuing to work in a remote or hybrid-remote environment which accentuates the need to protect people, devices, apps, and the data that spans across the entire landscape. An increase in online collaboration has caused an influx of data that is critical for organizations to ensure remains secure, wherever employees are collaborating from. This is supported by the 115 million daily active users on Microsoft Teams, reemphasizing the need to ensure we can protect all the information and data created from increased online collaboration.

Cyberattacks targeting health care must stopIn recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea, and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.

Using Priority Accounts in Microsoft 365Many organizations have people that are considered priority accounts for IT, such as executives, leaders, managers, and others. To help IT ensure a high quality of service and protection for these people, we have introduced capabilities in Microsoft 365 that enable an admin to tag specific users as priority accounts and then leverage app-specific features designed for them. To start with, we’ve announced two capabilities: priority account protection and premium mail flow monitoring.

MCAS Ninja: What’s a CASB and Why Do I Need One?One approach is to address these concerns with each SaaS app individually using the app’s administrative controls. However, the problem with this approach is that SaaS apps are not always centrally managed. This is critical to centralize alerting, activity visibility, common policy, dashboards/reporting, and more. This is where a Cloud Access Security Broker (CASB) comes in. 

Hunt across cloud app activities with Microsoft 365 Defender advanced huntingWe’re thrilled to share that the new CloudAppEvents table is now available as a public preview in advanced hunting for Microsoft 365 Defender.

EDR for Linux is now available in public previewWith the new Linux EDR capabilities, Defender for Endpoint customers will have the ability to detect advanced attacks that involve Linux servers, utilize rich experiences, and quickly remediate threats. This builds on the existing preventative antivirus capabilities and centralized reporting available via the Microsoft Defender Security Center.

Microsoft 365 App Compliance Program helps admins in creating a secure app ecosystemHere in our Microsoft 365 App Compliance Team, the focus is to protect our customers’ data by creating a trusted ecosystem of secure and compliant apps. Our program also helps customers like you to distinguish and filter out apps, based on their own risk tolerance. 

How to export data from Splunk to Azure SentinelIn this Blog post we want to focus more on how Azure Sentinel can consume security telemetry data directly from a 3rd Party SIEM like Splunk.

Meet the Microsoft Pluton processor – the security chip designed for the future of Windows PCsIn collaboration with leading silicon partners AMD, Intel, and Qualcomm Technologies, Inc., we are announcing the Microsoft Pluton security processor. This chip-to-cloud security technology, pioneered in Xbox and Azure Sphere, will bring even more security advancements to future Windows PCs and signals the beginning of a journey with ecosystem and OEM partners.

Recording – HLS Security Monthly w/ Scott – S01E04 – Ransomware Protection w/ Defender –  In this recorded webcast Microsoft’s Scott Murray and Tony Sims discuss how detect, protect, and respond to ransomware with the Defender stack.