Microsoft Security Saturday – 3/12/2022

Custom assessments and standards in Microsoft Defender for Cloud for GCP workloads (Preview)We recently announced that Microsoft Defender for Cloud now supports Google Cloud Platform (GCP) with its native CSPM and CWPP capabilities, without any dependencies on Google 1st party tools. Learn more about our new release from the blog here.  In order to protect your GCP based resources using Microsoft Defender for Coud, follow our step-by-step documentation here.

Certify assets in the Azure Purview data catalog As an Azure Purview data catalog grows in size, it becomes important for data consumers to understand what assets they can trust. Data consumers must know if an asset can be regarded as reliable and meets their organization’s quality standards. Azure Purview allows data stewards to manually endorse assets to indicate that they’re ready to use across an organization or business unit. 

Coming soon: Cybersecurity Architect Expert This is the first expert-level certification in our Security, Compliance, and Identity portfolio. Expert-level certifications target higher level skills than their associate-level counterparts, which may focus on your ability to implement or configure various cloud services. This certification will focus on designing elements of a cybersecurity architecture and evaluating the tradeoffs between different solutions.

Localization generally available in Azure Purview Studio Azure Purview studio is now localized in 18 languages. You can go to settings on the top bar and select one of 18 languages to use. All user experiences that are generally available will be localized to the selected language. 

Announcing expanded support and functionality for Live Response APIsFirst, Live Response API is now available in Public Preview for macOS and Linux, providing a path for real-time actions against these platforms, with built-in capabilities to upload and download files and execute scripts. Customers that are already using Live Response API for Windows 10, Windows Server 2019 and other supported OS versions will see no change in the actual API schema. Just ensure that you select the correct scripts to be executed  🙂

What’s new: Unified Microsoft SIEM & XDR GitHub communityWe are announcing our new unified GitHub community for Microsoft SIEM and XDR, enabling SOC teams to centrally discover the latest hunting queries and analytics for Microsoft Sentinel and Microsoft Defender. Furthermore, community contributors can expand their impact to multiple products with a single contribution. This community brings together Microsoft Sentinel and Microsoft 365 Defender products as part of the Microsoft SIEM and XDR threat protection story.  

Azure Purview Workflows is now in Public Preview Workflows enable Azure Purview customers to orchestrate the create, update and delete operations, validation, and approval of data entities using repeatable business processes. This results in high quality data, policy compliance, user collaboration, and change awareness across their organization.

Azure Purview adds support for SAP Business WarehouseAzure Purview data source administrators can start by registering an SAP BW source under the data map, and set up reoccurring or one-time scans. Learn more about the prerequisites and step-by-step instruction from Connect to and manage SAP Business Warehouse in Azure Purview.

Part 1: LockBit 2.0 ransomware bugs and database recovery attempts LockBit 2.0 ransomware has been one of the leading ransomware strains over the last six months. Recently, the FBI issued a flash alert outlining the technical aspects and tactics, techniques, and procedures (TTPs) associated with the LockBit 2.0 affiliate-based ransomware-as-a-service.

Part 2: LockBit 2.0 ransomware bugs and database recovery attemptsIn Part 1 of this series (which you can find here), we provided background about our analysis of the LockBit 2.0 ransomware and described our suspicions that “faulty crypto” was at play. In this post, we will outline the issues that the decryptor poses and how we simply cannot trust it and must remove it from any equation we intend on using to successfully decrypt these database files.

GeoLocation Filtering with Azure FirewallMicrosoft is committed to helping defend organizations and governments from cyberattacks. This guide provides steps Azure Firewall customers can take to secure their cloud infrastructure.

Why decentralization is the future of digital identitiesDigital identity is now on the verge of a major transformation into one that is more secure, privacy-respecting, and portable. Identity was not fundamentally built into the internet, which has resulted in companies building singular relationships with each of us.

New and improved incident queue We are thrilled to announce that the following features in the Microsoft 365 Defender incident queue are now available in public preview.