Microsoft Security Saturday – 10/23/2021

Microsoft achieves a Leader placement in Forrester Wave for XDRNew Wave :Extended Detection and Response (XDR), Q4, 2021,1 receiving one of the highest scores in the strategy category. Microsoft 365 Defender was rated as “differentiated” in seven criteria including detection, investigation, and response, and remediation.

MITRE ATT&CK technique coverage with Sysmon for LinuxTo frame the conversation around how Sysmon for Linux (shortened to Sysmon from here on out) can be used to create clarity for security teams, we will walk through how Sysmon events can be used to spot a specific MITRE ATT&CK technique.

New Microsoft Sysmon report in VirusTotal improves securityToday, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal.

What’s New: Azure Sentinel Threat Intelligence WorkbookCustomers exploring threat intelligence indicators in their cloud workloads today face challenges understanding, aggregating, and actioning data across multiple sources. Threat intelligence is an advanced cybersecurity discipline requiring detailed knowledge of identifying and responding to an attacker based on observation of indicators in various stages of the attack cycle.

Azure Defender for Servers Monitoring DashboardThe workbook provides different layers of information, spread across different tabs. It depends on data coming from both, Azure Resource Graph, and the Log Analytics workspace(s) your machines are connected to. Therefore, the dashboard comes with a workspace selection drop down which allows you to select one, several, or all workspaces in your environment.

What’s New: Azure Security Benchmark Workbook (Preview)The Azure Security Benchmark (ASB) Workbook provides a single pane of glass for gathering and managing data to address ASB control requirements. The power of this workbook lies in its ability to aggregate data from 25+ Microsoft security products and to apply these insights to relevant controls in the ASB framework.

Announcing Adaptive Policy Scopes for Microsoft 365 Records ManagementWe are excited to announce adaptive policy scopes, which add a new way to deploy retention in Microsoft 365. With this new feature, we can deploy retention policies and labels to groups of users, SharePoint sites and Microsoft 365 Groups (including Microsoft Teams) dynamically using attributes and properties to determine inclusion or exclusion from the policies.

Strengthening cyber defenses for nonprofitsIn response, Microsoft is launching the Security Program for Nonprofits – a set of security offerings, built to complement Microsoft’s security suite, to provide proactive monitoring and notification in the case of a nation-state attack, assess organizational and infrastructure risk to help organizations enhance their security posture based on their environment, and streamline security training for IT professionals and end-users.

Defenders wanted—building the new cybersecurity professionalsAs part of Cybersecurity Awareness Month, we published a special blog post earlier this week featuring real-world experiences shared by cybersecurity professionals: people with diverse backgrounds in law, academia, software development, and other seemingly unrelated fields.