New security blogs from Microsoft

Microsoft Cloud App Security User Interface Updates


Overview: In the coming months, Cloud App Security will be updating its UI to provide a more consistent experience across Microsoft 365 security portals. 

Title: Protect your Box
environment and Data using Microsoft Cloud App Security

We have a new Microsoft Security blog for your consideration.
Title: What’s new:
Dedicated clusters for Azure Sentinel


Overview: If you ingest over 1Tb per day into your Azure Sentinel workspace and/or
have multiple Azure Sentinel workspaces in your Azure enrolment, you may want
to consider migrating to a dedicated cluster, a recent addition to the
deployment options for Azure Sentinel.

Title: Categorizing
Microsoft alerts across data sources in Azure Sentinel


Overview: In today’s security operation centers (SOCs),
analysts have a large set of security solutions that they leverage to protect
their organization and monitor activity. However, when setting up a SIEM it is
challenging to prioritize what data to ingest and what protections each
solution provides. SOCs must consider size and cost of ingestion, detections,
and necessary use cases for each data source they would like to connect to
their SIEM.  Because of these considerations, SOCs should focus on
ingesting data that is critical and has a low level of overlap to reduce the
probability of double ingestion

Deep dive into the Solorigate second-stage activation: From SUNBURST to
TEARDROP and Raindrop

Overview: One missing link in the complex Solorigate attack chain is the handover from
the Solorigate DLL backdoor to the Cobalt Strike loader. How exactly does the
jump from the Solorigate backdoor (SUNBURST) to the Cobalt Strike loader
(TEARDROP, Raindrop, and others) happen? What code gets triggered, and what
indicators should defenders look for?

Title: What’s new:
Managed Identity for Azure Sentinel Logic Apps connector


Overview: Now available: Grant permissions
directly to a playbook to 
operate on Azure Sentinel, instead of creating additional identities

Title: Microsoft
Defender for Endpoint: Automation defaults are changing


Overview: We are excited to announce that we are about to increase our customers’
protection by upgrading the default automation level of our Microsoft Defender
for Endpoint customers who have opted into public previews from Semi – require approval for any remediation
to Full – remediate
threats automatically

The dynamic duo: How to build a red and blue team to strengthen your
cybersecurity, Part 2


In this blog Jake Williams, Founder of Rendition InfoSec shares his insights
on the 2020 threat landscape—who to watch for and why—and offers cybersecurity
guidance and best practices on how to structure and evolve red and blue teaming
within your organization. 

Free Training in Azure Sentinel