Microsoft Security Saturday – 12/5/2020

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot themCryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence.

Manage, govern, and get more value out of your data with Azure PurviewAzure Purview enables you to map, catalog, understand, classify, and manage your operational and analytical data—whether on-premises, across your multicloud environment, or within SaaS applications.

Microsoft Defender for Office 365 investigation improvements coming soonFor those of you using Microsoft Defender for Office 365 automated investigations, we have several new investigation improvements rolling out this month to improve your experience in the security center.  These new features improve the clarity of Office 365 investigations, as well as improve Defender for Office 365 integration with SecOps tools in the security center.

Microsoft Endpoint DLP Lightning-RoundAs you know, M365 is a set of services for business productivity, security and compliance.  Across those services, Microsoft has interwoven an information protection ‘platform,’ which is referred to as Microsoft Information Protection, or MIP. 

MCAS Data Protection Blog Series: Box Real-Time ProtectionsWhen you are using real-time session controls, it is important to note that you can prevent uploads and downloads for files that do not have Azure Information Protection labels as well as block downloads for files that have those labels. For first example, we are going to prevent a download of a file that has sensitive information. The sensitive information types can be blocked using a custom information type or be one of the built-in information types that integrate once the Azure Information Protection integration is enabled.  

Fileless Attack Detection for Linux is now Generally AvailableFileless Attack Detection for Linux periodically scans your machine and extracts insights directly from the memory of processes.  Automated memory forensic techniques identify fileless attack toolkits, techniques, and behaviors.  This detection capability identifies attacker payloads that persist within the memory of compromised processes and perform malicious activities.

Azure AD Application Proxy now natively supports apps that use header-based authenticationToday we’re announcing the public preview of Application Proxy support for applications that use header-based authentication.

Microsoft Secure Score Across the Microsoft Security StackMicrosoft Secure Score is a measurement of an organization’s security posture, with a higher number indicating more improvement actions taken and the overall achievement is to get a lower or acceptable secure score for your environment. This Secure Score can protect your organization against a number of threats, threat vectors, CVEs (Common Vulnerabilities and Exposures), improve security configuration changes, and numerous other security modifications. By using Secure Score, you can help your organization assess the current security posture, improve your overall security posture with delivering discoverability, visibility, guidance, and control, and finally comparing with benchmarks and establishing key performance indicators (KPIs). 

Security Controls in Azure Security Center: Apply adaptive application controlThis security control contains up to 7 recommendations, depending on the resources you have deployed within your environment, and it is worth maximum of 1 point (2%) that counts towards your overall Secure Score. To understand about Azure Security Center’s secure score make sure you read this article.

Deploying DDoS Protection Standard with Azure PolicyOne of the most important questions customers ask when deploying Azure DDoS Protection Standard for the first time is how to manage the deployment at scale. A DDoS Protection Plan represents an investment in protecting the availability of resources, and this investment must be applied intentionally across an Azure environment.

What’s New: Azure Sentinel Logic Apps Connector improvements and new capabilitiesAzure Sentinel Logic Apps connector is the bridge between Sentinel and Playbooks, serving as the basis of incident automation scenarios. As we prepare for new Incident Trigger capabilities (coming soon), we have made some improvements to bring the most updated experience to playbooks users.