Microsoft Security Saturday – 5/5/2021

Tom Burt: More must be done to defend against, deter cybertattacksLast week, Microsoft announced that Nobelium, a skilled hacking group associated with the Russian SVR and behind the SolarWinds attack last year, was engaged in phishing attacks targeting thousands of accounts at hundreds of government and human rights agencies. Today, we’re providing an update on our continued investigation into these attacks and sharing some important context as we’ve all had a chance to learn more.

Microsoft acquires ReFirm Labs to enhance IoT securityThis is where ReFirm Labs comes in. Microsoft believes that firmware is not a future threat, but an imperative to secure now as more devices flood the market and expand the available attack surface. We are committed to helping customers protect from these sophisticated threats now and in the future, which is why we’re announcing that we have acquired ReFirm Labs.

Understanding the threat landscape and risks of OT environmentsIn the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in Mandiant’s ICS/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of supervisory control and data acquisition (SCADA) systems. In this blog, Chris introduces operational technology (OT) security and shares the unique challenges and security risks to OT.

Announcing pricing changes to Azure Sentinel and Azure Monitor Log Analytics to help you save costsThe 2020 commissioned Forrester Consulting Total Economic Impact™ of Microsoft Azure Sentinel study, for example, found that Azure Sentinel delivered a 48% reduction in costs compared to legacy SIEMs, saving on expenses like licensing, storage, and infrastructure costs. Today, we are pleased to announce changes to the pricing of Azure Sentinel and Azure Monitor Log Analytics that will offer you additional cost savings. These changes take effect on June 2.

Announcing Microsoft 365 Defender Streaming API Public PreviewThe Microsoft 365 Defender team is happy to announce the Microsoft 365 Defender Streaming API is now available in Public Preview.
Microsoft 365 Defender Streaming API lets you export events to your Azure Event Hubs or your Azure Storage account and from there to your location of choice.

How to migrate advanced hunting to Microsoft 365 DefenderWith advanced hunting, customers can continue using the powerful Kusto-based query interface to hunt across a device-optimized schema for Microsoft Defender for Endpoint. They can also switch to the Microsoft 365 security center, where we’ve surfaced additional email, identity, and app data consolidated under Microsoft 365 Defender. 

Video Tutorial: Endpoint Protection Part 8 – Windows Defender Application Control (WDAC) PoliciesThis tutorial focuses on how Configuration Manager integrates with Windows Defender Application Control and how it can be used to enforce Windows Defender Application Control settings.  The session begins with a review of what Windows Defender Application Control is and why it is a critical security component for protecting devices in your enterprise.

Using Microsoft Defender for Identity Data to Make Powerful Advanced Hunting QueriesIt’s been a while since we last talked about the events captured by Microsoft Defender for Identity. We last published a blog in August last year and so we thought it would be a good opportunity to give you an update with the latest events you can use to hunt for threats on your domain controllers using advanced hunting in Microsoft 365 Defender.

Defender for Endpoint for Linux is coming soon to Azure DefenderEarlier this year, Microsoft Defender for Endpoint (MDE) for Linux was announced generally available. Now, Azure Defender is about to augment its existing integration with MDE and support the Linux version as well – so your Linux servers can be natively protected against advanced threats.

Automated Detection and Response for Azure Firewall with the New Logic App Connector and PlaybooksIn this blog, we will discuss the new Azure Firewall Logic App Connector and Playbook Templates which provide deeper integration for Azure Firewall with Azure Sentinel.  With this integration, you can automate response to Azure Sentinel incidents which contains IP addresses (IP entity), in Azure Firewall.

What’s new: Detect credential leaks using built-in Azure Sentinel notebooks!In this blog post, I’m going to walk you through three cool and easy-to-use Azure Sentinel notebooks that can scan logs across your entire Azure Sentinel workspace, Azure Blog storage, and Azure Data Explorer environment to detect credential leaks (which can save you from some serious potential cyberattacks!). These are the built-in templates that you can instantly use without writing any line of code!

Automate and manage Azure AD tasks at scale with the Microsoft Graph PowerShell SDKIf you’re using the Azure AD PowerShell or MSOnline PowerShell modules to manage Azure AD, we encourage you to try the Microsoft Graph PowerShell SDK. The Microsoft Graph PowerShell SDK is where all our current and future investments are being made.