Announcing Microsoft Sentinel All-in-One v2

Microsoft Sentinel All-in-One is aimed at helping customers and partners quickly set up a full-fledged Microsoft Sentinel environment that is ready to use by customers speeding up deployment and initial configuration tasks in few clicks, saving time and simplifying Microsoft Sentinel setup.

 What’s new

This new version automates the following steps:

  • Creates resource group
  • Creates Log Analytics workspace
  • Enables Microsoft Sentinel on top of the workspace
  • Sets workspace retention, daily cap and commitment tiers if desired
  • Enables UEBA with the relevant identity providers (AAD and/or AD)
  • Enables health diagnostics for Analytics Rules, Data Connectors and Automation Rules
  • Installs Content Hub solutions from a predefined list
  • Enables Data Connectors from this list:
    • Azure Active Directory
    • Azure Active Directory Identity Protection
    • Azure Activity
    • Dynamics 365
    • Microsoft 365 Defender
    • Microsoft Defender for Cloud
    • Microsoft Insider Risk Management
    • Microsoft Power BI
    • Microsoft Project
    • Office 365
    • Threat Intelligence Platforms
  • Enables analytics rules (Scheduled and NRT) included in the selected Content Hub solutions
  • Enables analytics rules (Scheduled and NRT) that use any of the selected Data connectors

You can see a brief demo here:

Getting started

You can find this new version at http://aka.ms/sentinel-all-in-one.

The only thing you need to start using Microsoft Sentinel All-in-One, is an Azure Subscription and an account with permissions to deploy Microsoft Sentinel. Higher privileges might be required if you wish to enable UEBA and some of the supported connectors. You can find details about the required permissions here .

Source Microsoft.com

Simplified endpoint management with Microsoft Intune Suite: Adopting a long-term approach with intelligence and automation

Simplifying your endpoint management is a process, not a single event. I would identify five separate steps:

The five-step process to simplify endpoint management

  1. Refine the vision and create a plan. In this stage, work with a small team to paint a picture of the future and build buy-in to the journey. To do this, identify the key stakeholders that will benefit from the simplification, and what they need. Gain a deep understanding of their existing tool sets, processes, and, most importantly, the problems they need to solve. Bring outside experts in to talk about the journeys they have taken or plan to take. And get your team comfortable with the idea of change: Some IT admins and specialists may have invested time and effort in learning previously cutting-edge tools that you are planning to upgrade. Be cautious not to fall into the trap of replicating previous solutions with traditional approaches; instead, focus on the problem and how to best solve with a modern approach. Help the broader team get excited about the new direction, and see the benefit of evangelizing change, not blocking it.
  2. Consolidate endpoint management tools to drive more efficiency for IT and security operations teams, delivering a more unified employee experienceTo make space for new initiatives, it helps to stop doing things that unnecessarily add to your team’s workload. So, freeing up your team’s time by reducing the number of endpoint tools they have to oversee and manage will help you move towards more strategic automation. Execute against an incremental plan that shows progress along the way and puts points on the board as you go. Pick an on-ramp to get started—Windows 11 is a great opportunity to move to cloud-native Windows management; Microsoft 365 has powerful new security protections to mitigate against modern threats; and Mac and Linux devices are now ready to be brought under management with a modern cloud-native approach. These are all great on-ramps that will help progress your endpoint management consolidation journey. Most importantly, show progress and build confidence as you go.
  3. Create tight integration between your management, security, and help desk tools to drive further simplification. Simplification does not end with consolidation of your endpoint management tooling. Automate key processes such as procurement, help desk experience, software and hardware asset management, and vulnerability management by tightly integrating your management tool with your help desk and security tooling. By connecting your management tooling data directly to your help desk tool, you can simplify further with a management-powered remote help experience. Streamline your spend analysis and asset management by integrating management endpoint analytics and your service management tool. Bring your IT and security teams together by integrating Microsoft Intune and Microsoft Defender for Endpoint to automate patching and vulnerability remediation. Connecting these assets will drive further simplification with broader process automation.
  4. Make use of your data. Data is a powerful asset that is often underutilized. By simplifying and consolidating your endpoint approach you will have access to new data that can be used to understand your endpoint landscape end-to-end. Your journey to data consolidation will likely be incremental as well. Start with visibility. With endpoint analytics, gain visibility into your device estate to understand how users are interacting with your digital services. Leverage this data to understand further best practices and your areas of opportunity. Use this data to help define your incremental consolidation plan. With this data foundation in place, you can begin to explore how to best use generative AI. Begin identifying scenarios where AI can help you better understand your environment, including trends, best practices, and simplified troubleshooting.  
  5. Intelligently automate your common endpoint and security tasks. By bringing together rich data, advanced endpoint management capabilities, and dynamic orchestration, you can now radically transform your approach to delivering IT services and increasing security through rich and extensible automation. With turnkey in-product functionality, you can move away from complex scripting workloads and instead focus on creation of simplified workflows to handle cumbersome administrative tasks. Intelligent orchestration can elevate the employee lifecycle experience, optimize license or hardware spend, and increase your security posture in a world that is rapidly changing—with intelligent automation you can embrace the complexity of modern IT challenges and unlock the simplicity within.

To learn more about this on the Microsoft site go here

A Draft Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments

A Draft Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments: NIST SP 800-207A Available for Comment

The initial public draft of NIST Special Publication (SP) 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Location Environments, is now available for public comment.

Enterprise application environments consist of geographically distributed and loosely coupled microservices that span multiple cloud and on-premises environments. They are accessed by a userbase from different locations through different devices. This scenario calls for establishing trust in all enterprise access entities, data sources, and computing services through secure communication and the validation of access policies.

Zero trust architecture (ZTA) and the principles on which it is built have been accepted as the state of practice for obtaining necessary security assurances, often enabled by an integrated application service infrastructure, such as a service mesh. ZTA can only be realized through a comprehensive policy framework that dynamically governs the authentication and authorization of all entities through status assessments (e.g., user, service, and requested resource. This guidance recommends:

  • The formulation of network-tier and identity-tier policies and
  • The configuration of technology components that will enable the deployment and enforcement of different policies (e.g., gateways, infrastructure for service identities, authentication, and authorization tokens with the help of a central coordination infrastructure).

The public comment period for this initial public draft is open through June 7, 2023. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Read More

The NCCoE Buzz: Mobile Application Vetting 101

The NCCoE Buzz: Mobile Security Edition is a recurring email on timely topics in mobile device cybersecurity and privacy from the National Cybersecurity Center of Excellence’s (NCCoE’s) Mobile Device Security project team.

What is it?

Imagine you’ve found “THE” mobile application to enhance your organization’s productivity. How do you know if the benefits outweigh the potential risks of installing the mobile app?

Mobile application vetting (MAV) services are used by enterprises to scan applications for potentially unwanted behavior. Application vetting can also be used to ensure that applications meet an organization’s security and privacy requirements.

How does it work?

MAV services use a variety of static, dynamic, and behavioral analysis techniques to determine if an application demonstrates any behaviors that pose a security or privacy risk. Once analysis is complete, the MAV tool generates a comprehensive report of the application’s security and privacy characteristics.

How does it address security and privacy concerns?

MAV services provide organizations with the information necessary to make risk-based decisions when selecting/developing mobile applications for the organization. The report from the application vetting service contains various findings, such as the use of in-app purchases, insecure network communications, or exposure of sensitive personal or device information. Based on these findings, enterprises can make informed decisions on whether to block problematic applications from being installed on company devices.

What can you do?

Download our NIST SP 1800-21 and 1800-22 guides to learn more about application vetting and other mobile device security and privacy capabilities, including how these solutions can strengthen the security of your enterprise environment.

The NCCoE Mobile Device Security Team

NIST Launches New Trustworthy and Responsible AI Resource Center

NIST Launches New Trustworthy and Responsible AI Resource Center: Includes First Version of AI Risk Management Framework Playbook

The National Institute of Standards and Technology (NIST) announces the launch of the NIST Trustworthy and Responsible AI Resource Center (AIRC), a one-stop-shop for foundational content, technical documents, and toolkits to enable responsible use of Artificial Intelligence (AI). The AIRC offers industry, government, and academic stakeholders knowledge of AI standards, measurement methods and metrics, datasets, and other resources. 

The launch of the AI Resource Center was announced during the White House Summit for Democracy held this week. The AIRC is part of NIST’s continued effort to promote a shared understanding and improve communication among those seeking to operationalize trustworthy and responsible AI. 

The Resource Center will facilitate implementation of trustworthy and responsible approaches such as those described in NIST’s AI Risk Management Framework (AI RMF). That voluntary Framework articulates and offers guidance for addressing the key building blocks of trustworthy AI in order to better manage risks to individuals, organizations, and society associated with AI.

The initial version of the AIRC, which will be expanded over time based on contributions from NIST and others, includes the AI RMF 1.0 and the first complete version of the  companion playbook. Content in the AI RMF Playbook can now be filtered by AI RMF function, topic, and AI actor role so that users can quickly isolate relevant information most useful to them. 

The AIRC includes access to a standards tracker about AI standards around the globe, along with a metrics hub to assist in test, evaluation, verification, and validation of AI. 

A trustworthy and responsible AI Glossary in the AIRC is being released in beta format as a spreadsheet as approaches to visualize the relationships between and among these terms continue to advance. A final glossary will be produced at a later date based on input from the community.
In addition, the new resource center will  be a repository for NIST technical and policy documents related to the AI RMF, the NIST AI publication series, as well as NIST-funded external resources in the area of trustworthy and responsible AI. 
The AIRC Engagements and Events page will include updates on how to engage with NIST on the topic of trustworthy and responsible AI. 

Sign up to receive email notifications about NIST’s AI activities here.

NCCoE Seeks Collaborators for New Healthcare Sector Project

Become a Collaborator on the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project
The National Cybersecurity Center of Excellence (NCCoE) has issued a Federal Register Notice (FRN) inviting industry participants and other interested collaborators to participate in the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration Project.

The NCCoE Healthcare project team will build an environment that will model patients’ use of smart speakers in a telehealth ecosystem. The goal of this project is to identify and mitigate cybersecurity and privacy risks associated with these ecosystems. This project will result in a publicly available NIST Cybersecurity Practice Guide.

There are two ways to join the NCCoE for this project:

Become an NCCoE Collaborator – Collaborators are members of the project team that work alongside the NCCoE staff to build the demonstration by contributing products, services, and technical expertise.

Get Started Today – If you are interested in becoming an NCCoE collaborator for the Mitigating Cybersecurity Risk in Telehealth Smart Home Integration project, first review the requirements identified in the Federal Register Notice. To become a collaborator, visit the project page to see the final project description and request a Letter of Interest (LOI) template--you will then receive a link to download the LOI template. 

Go to the project page here

Complete the LOI template and send it to the NCCoE Healthcare team at hit_nccoe@nist.gov.

Join our Community of Interest – By joining the NCCoE Healthcare Community of Interest (COI), you will receive project updates and the opportunity to share your expertise to help guide this project. Request to join our Healthcare COI by visiting our project page.

If you have any questions, please contact our project team at hit_nccoe@nist.gov.