IT and Business Insights for SMB Solution Providers

New security blogs from Microsoft

 Title:Microsoft Cloud App Security User Interface Updates

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-cloud-app-security-user-interface-updates/ba-p/2083113

Overview: In the coming months, Cloud App Security will be updating its UI to provide a more consistent experience across Microsoft 365 security portals. 


Title: Protect your Box environment and Data using Microsoft Cloud App Security
URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/protect-your-box-environment-and-data-using-microsoft-cloud-app/ba-p/2080226

We have a new Microsoft Security blog for your consideration.
Title: What’s new: Dedicated clusters for Azure Sentinel
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-dedicated-clusters-for-azure-sentinel/ba-p/2072539

Overview: If you ingest over 1Tb per day into your Azure Sentinel workspace and/or have multiple Azure Sentinel workspaces in your Azure enrolment, you may want to consider migrating to a dedicated cluster, a recent addition to the deployment options for Azure Sentinel.

Title: Categorizing Microsoft alerts across data sources in Azure Sentinel
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/categorizing-microsoft-alerts-across-data-sources-in-azure/ba-p/1503367

Overview: In today’s security operation centers (SOCs), analysts have a large set of security solutions that they leverage to protect their organization and monitor activity. However, when setting up a SIEM it is challenging to prioritize what data to ingest and what protections each solution provides. SOCs must consider size and cost of ingestion, detections, and necessary use cases for each data source they would like to connect to their SIEM.  Because of these considerations, SOCs should focus on ingesting data that is critical and has a low level of overlap to reduce the probability of double ingestion


Title:Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
URL: https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/

Overview: One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?

Title: What’s new: Managed Identity for Azure Sentinel Logic Apps connector
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-managed-identity-for-azure-sentinel-logic-apps/ba-p/2068204

Overview: Now available: Grant permissions directly to a playbook to operate on Azure Sentinel, instead of creating additional identities. 

Title: Microsoft Defender for Endpoint: Automation defaults are changing

URL: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-automation-defaults-are-changing/ba-p/2068744

Overview: We are excited to announce that we are about to increase our customers’ protection by upgrading the default automation level of our Microsoft Defender for Endpoint customers who have opted into public previews from Semi - require approval for any remediationto Full – remediate threats automatically

Title:The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2
URL: https://www.microsoft.com/security/blog/2021/01/21/the-dynamic-duo-how-to-build-a-red-and-blue-team-to-strengthen-your-cybersecurity-part-2/

Overview:

In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch for and why—and offers cybersecurity guidance and best practices on how to structure and evolve red and blue teaming within your organization. 


Free Training in Azure Sentinel

 

https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310

 

About the Author

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.