Title:Microsoft Cloud App Security User Interface Updates
Overview: In the coming months, Cloud App Security will be updating its UI to provide a more consistent experience across Microsoft 365 security portals.
Title: Protect your Box environment and Data using Microsoft Cloud App Security
We have a new Microsoft Security blog for your consideration.
Title: What’s new: Dedicated clusters for Azure Sentinel
Overview: If you ingest over 1Tb per day into your Azure Sentinel workspace and/or have multiple Azure Sentinel workspaces in your Azure enrolment, you may want to consider migrating to a dedicated cluster, a recent addition to the deployment options for Azure Sentinel.
Title: Categorizing Microsoft alerts across data sources in Azure Sentinel
Overview: In today’s security operation centers (SOCs), analysts have a large set of security solutions that they leverage to protect their organization and monitor activity. However, when setting up a SIEM it is challenging to prioritize what data to ingest and what protections each solution provides. SOCs must consider size and cost of ingestion, detections, and necessary use cases for each data source they would like to connect to their SIEM. Because of these considerations, SOCs should focus on ingesting data that is critical and has a low level of overlap to reduce the probability of double ingestion
Title:Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
Overview: One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?
Title: What’s new: Managed Identity for Azure Sentinel Logic Apps connector
Overview: Now available: Grant permissions directly to a playbook to operate on Azure Sentinel, instead of creating additional identities.
Title: Microsoft Defender for Endpoint: Automation defaults are changing
Overview: We are excited to announce that we are about to increase our customers’ protection by upgrading the default automation level of our Microsoft Defender for Endpoint customers who have opted into public previews from Semi - require approval for any remediationto Full – remediate threats automatically.
Title:The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2
In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch for and why—and offers cybersecurity guidance and best practices on how to structure and evolve red and blue teaming within your organization.
Free Training in Azure Sentinel