Microsoft Security Saturday (Sunday Edition) – 02/14/2021

A playbook for modernizing security operationsIn the latest post from our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Dave Kennedy, Founder and Chief Technology Officer at Binary Defense. Dave shares his insights on security operations—what these teams need to work effectively, best practices for maturing the security operations center (SOC), as well as the biggest security challenges in the years to come.

Microsoft Defender Antivirus: 12 reasons why you need itThe Microsoft Detection and Response Team (DART) wants to help all organizations avoid common mistakes and issues we see when handling customers’ security incidents and breaches. In this blog, we would like to share lessons learned from commonly seen gaps specific to endpoint security. Understanding this can help you prioritize your security controls and processes.

Web shell attacks continue to riseOne year ago, we reported the steady increase in the use of web shells in attacks worldwide. The latest Microsoft 365 Defender data shows that this trend not only continued, it accelerated: every month from August 2020 to January 2021, we registered an average of 140,000 encounters of these threats on servers, almost double the 77,000 monthly average we saw last year.

How Unilever embraced risk to cultivate a remote workforce – and cleaner handsThe post How Unilever embraced risk to cultivate a remote workforce – and cleaner hands appeared first on Stories.

Microsoft Defender for Endpoint Ninja Training: February 2021 updateWe have fresh Microsoft Defender for Endpoint Ninja training content. If you want to refresh your knowledge and get updated, here is what has been added since the September 2020 update.

Level up with Microsoft Certified: Azure Security Engineer AssociateThe Azure Security Engineer Associate certification validates that you have subject matter expertise implementing security controls and threat protection, managing identity and access, and protecting data, applications, and networks in cloud and hybrid environments as part of an end-to-end infrastructure. You earn this certification by passing Exam AZ-500: Microsoft Azure Security Technologies.

Automatically disable On-prem AD User using a Playbook triggered in AzureMany organizations have an on premises Active Directory infrastructure that is synced to Azure cloud. However, given that the on-prem side is the authoritative source of truth, any changes, such as disabling a user in the cloud (Azure AD), are overridden by the setting defined in the on-prem AD in the next scheduled sync. 

10 Reasons to Love Passwordless #2: NIST ComplianceThe second reason to love passwordless is it brings the highest levels of security to your organization. Passwordless multifactor authentication (MFA) eliminates the need to memorize passwords and as such makes it 99.9% harder to compromise an account. 

10 Reasons to Love Passwordless #3: Why biometrics and passwordless are a dream combinationBiometrics also provide terrific accessibility benefits, making it possible to sign in when typing in a password is not viable. It is really exciting to think about the technology in use by people or in situations where secure digital identity was previously out of reach

10 Reasons to Love Passwordless #4: Secure your digital estate, while securing your bottom lineIn a study by one of our passwordless partners, more than 12 minutes each day entering or resetting passwords—that’s almost an hour every month! Multiplying that hourly loss across an organization with 15,000 members results in more than 160,000 hours of lost productivity and thousands of support calls, all due to managing passwords. 

Azure Defender for App Service introduces dangling DNS protectionResources hosted on Azure App Service are at the forefront as attackers are constantly on the lookout for vulnerabilities in web applications. Dormant domains are a permanent resident on the checklist of both opportunistic and target-oriented attackers. To reduce potential attack surface, Azure App Service enforces domain verification when binding custom domain to an App service resource.

Bring Remediation Steps into Azure SentinelIn this blog you will learn how to bring guided remediation steps into Azure Sentinel (from Azure Defender and Microsoft Defender for Endpoint) to enhance the security posture of your organization and stop attacks.

Migrating QRadar offenses to Azure SentinelA couple of weeks ago, we started with a solution to export data from Splunk to Azure Sentinel. Highly recommended to check out the blog post by our colleague @yokhaldi (How to export data from Splunk to Azure Sentinel), a logical sequence to his blog post is a walk-through explaining how to consume security telemetry data directly from QRadar to Azure Sentinel.