Thursday, January 21, 2021

New security blogs from Microsoft

 Title: Microsoft Cloud App Security User Interface Updates


Overview: In the coming months, Cloud App Security will be updating its UI to provide a more consistent experience across Microsoft 365 security portals. 

Title: Protect your Box environment and Data using Microsoft Cloud App Security

We have a new Microsoft Security blog for your consideration.
Title: What’s new: Dedicated clusters for Azure Sentinel

Overview: If you ingest over 1Tb per day into your Azure Sentinel workspace and/or have multiple Azure Sentinel workspaces in your Azure enrolment, you may want to consider migrating to a dedicated cluster, a recent addition to the deployment options for Azure Sentinel.

Title: Categorizing Microsoft alerts across data sources in Azure Sentinel

Overview: In today’s security operation centers (SOCs), analysts have a large set of security solutions that they leverage to protect their organization and monitor activity. However, when setting up a SIEM it is challenging to prioritize what data to ingest and what protections each solution provides. SOCs must consider size and cost of ingestion, detections, and necessary use cases for each data source they would like to connect to their SIEM.  Because of these considerations, SOCs should focus on ingesting data that is critical and has a low level of overlap to reduce the probability of double ingestion

Title: Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop

Overview: One missing link in the complex Solorigate attack chain is the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader (TEARDROP, Raindrop, and others) happen? What code gets triggered, and what indicators should defenders look for?

Title: What’s new: Managed Identity for Azure Sentinel Logic Apps connector

Overview: Now available: Grant permissions directly to a playbook to operate on Azure Sentinel, instead of creating additional identities. 

Title: Microsoft Defender for Endpoint: Automation defaults are changing


Overview: We are excited to announce that we are about to increase our customers’ protection by upgrading the default automation level of our Microsoft Defender for Endpoint customers who have opted into public previews from Semi - require approval for any remediation to Full – remediate threats automatically

Title: The dynamic duo: How to build a red and blue team to strengthen your cybersecurity, Part 2


In this blog Jake Williams, Founder of Rendition InfoSec shares his insights on the 2020 threat landscape—who to watch for and why—and offers cybersecurity guidance and best practices on how to structure and evolve red and blue teaming within your organization. 

Free Training in Azure Sentinel