Wednesday, December 16, 2020

More Microsoft Security Blogs

Title: Microsoft Information Protection and Microsoft Azure Purview: Better Together

URL: https://techcommunity.microsoft.com/t5/microsoft-security-and/microsoft-information-protection-and-microsoft-azure-purview/ba-p/1957481
Overview: Data is growing exponentially. Organizations are under pressure to turn that data into insights, while also meeting regulatory compliance requirements. But to truly get the insights you need – while keeping up with compliance requirements like the General Data Protection Requirement (GDPR) – you need to know what data you have, where it resides, and how to govern it. For most organizations, this creates arduous ongoing challenges. 

Title: Deliver productive and seamless users experiences with Azure Active Directory
URL: https://www.microsoft.com/security/blog/2020/12/07/deliver-productive-and-seamless-users-experiences-with-azure-active-directory/
Overview: Learn how identity has become the new security perimeter and how an identity-based framework reduces risk and improves productivity.

Title: Microsoft Defender for Endpoint on iOS is generally available
URL: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-on-ios-is-generally-available/ba-p/1962420
Overview: Today, we’re excited to announce that Microsoft has reached a new milestone in our cross-platform security commitment with the general availability of our iOS offering for Microsoft Defender for Endpoint, which adds to the already existing Defender offerings on macOS, Linux, and Android.

Title: What's New: 80 out of the box hunting queries!
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-80-out-of-the-box-hunting-queries/ba-p/1892067
Overview: Threat hunting is a powerful way for the SOC to reduce organizational risk, but it’s commonly portrayed and seen as a complex and mysterious art form for deep experts only, which can be counterproductive. Sophisticated cybercriminals burrow their way into network caverns, avoiding detection for weeks or even months, as they gather information and escalate privileges. If you wait until these advanced persistent threats (APT) become visible, it can be costly and time-consuming to address. In today’s cybersecurity landscape, SOC analysts need controls and integrated toolsets to search, filter, and pivot through their telemetry to derive relevant insights faster. 

Title: Digital Defense integrates with Microsoft to detect attacks missed by traditional endpoint security
URL: https://www.microsoft.com/security/blog/2020/12/08/digital-defense-integrates-with-microsoft-to-detect-attacks-missed-by-traditional-endpoint-security/
Overview: Cybercriminals have ramped up their initial compromises through phishing and pharming attacks using a variety of tools and tactics that, while numerous, are simple and can often go undetected.

Title: How to setup a Canarytoken and receive incident alerts on Azure Sentinel
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-setup-a-canarytoken-and-receive-incident-alerts-on-azure/ba-p/1964076
Overview: With Azure Sentinel you can receive all sorts of security telemetry, events, alerts, and incidents from many different and unique sources. Those sources can be firewall logs, security events, audit logs from identity and cloud platforms. In addition, you can create digital trip wires and send that data to Azure Sentinel. Ross Bevington first explained this concept for Azure Sentinel in “Creating digital tripwires with custom threat intelligence feeds for Azure Sentinel”. Today you can walkthrough and expand your threat detection capabilities in Azure Sentinel using Honey Tokens or in this case Canarytokens.

Title: Bring threat intelligence from Sixgill using TAXII Data Connector
URL: https://techcommunity.microsoft.com/t5/azure-sentinel/bring-threat-intelligence-from-sixgill-using-taxii-data/ba-p/1965440
Overview: As discussed in the blog Bring your threat intelligence to Azure Sentinel, Azure Sentinel provides various ways to import threat intelligence into the ThreatIntelligenceIndicator log analytics table from where it can be used in various parts of the product like hunting, investigation, analytics, workbooks etc.