The document provides an introduction to Microsoft 365 Defender, a suite of integrated security tools from Microsoft for protecting endpoints, Office 365 applications, identities, and cloud applications. It notes that while Microsoft makes these tools easy to deploy, properly configuring them to optimize operation and manage costs requires skill and effort. The document aims to provide basic, practical approaches to implementing Microsoft 365 Defender and suggestions for managing the tools to meet changing security requirements. Expert advice is solicited on transitioning to and optimizing the Microsoft 365 Defender suite.
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Microsoft Office 365 Advanced Threat Protection leverages our approach and our strengths to help customers be secure against advanced threats and recover quickly in the event they are attacked.
Protect their data
Detect compromised users
And gain the required visibility to respond to threats
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
Microsoft Office 365 Advanced Threat Protection leverages our approach and our strengths to help customers be secure against advanced threats and recover quickly in the event they are attacked.
Protect their data
Detect compromised users
And gain the required visibility to respond to threats
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected.2
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
Microsoft cloud app security or CASB is a critical component of the Microsoft cloud security stack. It provides a comprehensive solution to give organizations improved visibility into cloud activities, uncover shadow IT, assess risks, enforce polices, investigate suspicious activities and stop threats
https://blog.ahasayen.com/microsoft-cloud-app-security-casb/
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
Microsoft has given us some amazing capabilities with the Microsoft Enterprise Mobility + Security (EM+S) suite to help protect both our information and our investments in Office 365. This collection of features gives you just about everything you need in the Microsoft Cloud for security, compliance and Information Protection. With such a vast array of services, tools and features, its often challenging to understand everything this product provides or how its layered on top of existing Office 365 security controls. In this session we’ll review the capabilities available to you in Microsoft EM+S, and you'll discover which ones may best fit with your security and compliance needs. Come and join us, as we also dive deep into some of the most useful Microsoft EM+ S tools.
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
John Shaw, VP of Product management at Sophos, introduced us to the world of Project Galileo. What is Sophos doing to bring Network Security and Endpoint security together? How do we make these two pillars of IT security work together?
This session will provide a basic overview of Microsoft 365 and will then dive into how to position its benefits for customers. You'll learn how the Microsoft 365 features help resolve many common business challenges today and how you should be speaking with customers about these.
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
Microsoft cloud app security or CASB is a critical component of the Microsoft cloud security stack. It provides a comprehensive solution to give organizations improved visibility into cloud activities, uncover shadow IT, assess risks, enforce polices, investigate suspicious activities and stop threats
https://blog.ahasayen.com/microsoft-cloud-app-security-casb/
Introduction to Microsoft Enterprise Mobility + SecurityAntonioMaio2
Microsoft has given us some amazing capabilities with the Microsoft Enterprise Mobility + Security (EM+S) suite to help protect both our information and our investments in Office 365. This collection of features gives you just about everything you need in the Microsoft Cloud for security, compliance and Information Protection. With such a vast array of services, tools and features, its often challenging to understand everything this product provides or how its layered on top of existing Office 365 security controls. In this session we’ll review the capabilities available to you in Microsoft EM+S, and you'll discover which ones may best fit with your security and compliance needs. Come and join us, as we also dive deep into some of the most useful Microsoft EM+ S tools.
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
Simplify management of apps & devices
Microsoft Intune provides mobile device management, mobile application management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to corporate applications, data, and resources from virtually anywhere on almost any device, while helping to keep corporate information secure.
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
John Shaw, VP of Product management at Sophos, introduced us to the world of Project Galileo. What is Sophos doing to bring Network Security and Endpoint security together? How do we make these two pillars of IT security work together?
This session will provide a basic overview of Microsoft 365 and will then dive into how to position its benefits for customers. You'll learn how the Microsoft 365 features help resolve many common business challenges today and how you should be speaking with customers about these.
Our end-to-end, integrated portfolio of cloud solutions across Microsoft 365, Dynamics 365, and Azure is built on a foundation of security and privacy and helps every organization in every industry build resilience and improve the bottom line.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
4 Key Benefits of Managed IT Security Services – Devlabs GlobalDevLabs Global
Managed IT security services provide a proactive and comprehensive approach to protecting your organization’s digital assets. With a team of skilled professionals continuously monitoring your systems, potential vulnerabilities can be identified and addressed before they are exploited. These services employ advanced threat detection tools, real-time monitoring, and regular security updates to stay ahead of evolving cyber threats.
This strategy brief outlines how the Microsoft Cyber Defense Operations Center (CDOC) brings together security experts and data scientists from across the company to form a unified and coordinated defense against the evolving threat landscape—to protect Microsoft’s cloud infrastructure and services, products and devices, and our Microsoft corporate resources.
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...Kaspersky
A key business goal of any organization is to maintain the constant availability of data and systems that can be trusted for decision-making purposes. The evolving threat landscape has resulted in increasing focus, right to board level, on cybersecurity. IT operational and security teams should demonstrate a comprehensive, cohesive approach in their response to security incidents and data breaches.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Crucial Layers_ Exploring the Depth of Enterprise Cyber Security.pdfseoteameits
Enterprise cybersecurity is a multi-layered approach that demands continuous adaptation to the evolving threat landscape. By understanding and implementing the crucial layers discussed above, businesses can fortify their defenses against cyber threats. Choosing the right enterprise IT solutions and adopting a proactive mindset are key to maintaining a robust cybersecurity posture in the age of digital connectivity.
Whether you are already utilizing Office 365 or are planning to move, it's important to understand the ever-changing security threat landscape and how you can protect your digital estate.
Don't miss our webinar to learn how to proactively safeguard your company against threats with the help of Microsoft 365.
Int his webinar we address the security challenges we are seeing in 2020 and show you areas of Microsoft 365 that can help you:
- Protect and govern data where it lives
- Identify and remediate critical insider risks
- Investigate and respond with relevant data
Similar to 7 Experts on Implementing Microsoft 365 Defender (20)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
3. 3
New approaches to cybersecurity are needed more than ever!
The pandemic has led to exponential growth in remote employees, expanding the attack surface for companies
big and small. Security teams struggle to cobble together solutions consisting of technologies from multiple
vendors, many of which were only designed to operate in legacy environments. Integration complexities, a lack
of security resources, and unrelenting attacks from cyber criminals have made securing the organization a
seemingly unattainable goal.
So what is the solution to eliminating this pain while also providing the security your company needs in a
cloud-first world? We believe a cloud-native, fully integrated security solution is what makes the most sense. To
bring our vision to life, we partnered with Microsoft to build consulting, implementation, and managed security
services around their SIEM and XDR tools that deliver the outcomes needed by companies operating in today’s
dangerous, highly interconnected world.
This Mighty Guide, one of three in a series, was written to help you better understand how specific Microsoft
security tools are being used by companies today and help you benefit from the lessons they have learned.
Enjoy the book!
Milan Patel
Global Head of Managed Security Services
BlueVoyant
BlueVoyant is an expert-driven
cybersecurity services company
whose mission is to proactively defend
organizations of all sizes against
today’s constant, sophisticated
attackers and advanced threats.
Led by CEO - Jim Rosenthal,
BlueVoyant’s highly skilled team
includes former government cyber
officials with extensive frontline
experience in responding to advanced
cyber threats on behalf of the National
Security Agency, Federal Bureau of
Investigation, Unit 8200, and GCHQ,
together with private sector experts.
BlueVoyant services utilize large real-
time datasets with industry-leading
analytics and technologies.
Founded in 2017 by Fortune 500
executives and former Government
cyber officials and headquartered in
New York City, BlueVoyant has offices
in Maryland, Tel Aviv, San Francisco,
London, and Latin America.
FOREWORD
4.
5. OSCAR MONGE
Rabobank,
Security Solutions Architect,
pg. 15
MEET OUR EXPERTS
TOM DUGAS
Tom Dugas,
Assistant Vice President and
Chief Information Security Officer,
pg. 23
SAJED NASEEM
New Jersey Courts,
CISO,
pg. 21
JAMES P. COURTNEY II
J&M Human Capital and
Cybersecurity Consultants, LLC,
CEO/CISO,
pg. 6
REBECCA WYNN
Global CISO & Chief
Privacy Officer,
pg. 18
MAARTEN LEYMAN
delaware BeLux,
Senior Security Consultant,
pg. 12
LAWK SALIH
Independent Community
Bankers of America,
Vice President, Technology
Systems and Services,
pg. 9
6. 6
“A big advantage of Microsoft 365 Defender is its
breadth of integrated security functions combined with
the fact that you do not need to enable everything in
the suite at once.”
More Integrated Data Delivers a Bigger Security Picture
Microsoft 365 Defender (formerly Microsoft Threat Protection) is a suite made
up of four security tools:
• Microsoft Defender for Endpoint (endpoint and cloud behavioral analytics,
device risk scoring, threat intelligence, and automated investigation and
remediation)
• Microsoft Defender for Office 365 (security for email and collaboration tools)
• Microsoft Defender for Identity
• Microsoft Cloud App Security
Many of the Microsoft 365 Defender security tools work across platforms to
cover non-Windows environments, although Microsoft product integrations
make the tools easier to implement in a purely Microsoft environment. These
security applications are well suited to on-premises infrastructures and hybrid
infrastructures with cloud-based resources and applications.
A big advantage of Microsoft 365 Defender is its breadth of integrated security
functions combined with the fact that you do not need to enable everything in
James P. Courtney II is a Certified Chief
Information Security Officer with two decades
of diversified experience in cybersecurity. He
focuses on FAIR risk management; information
systems security; database security; policy;
and governance based on NIST, GDRP, FISMA,
and FedRAMP as well as maintaining a high
standard for setting benchmarks that promote
growth and a mature system security plan to
achieve strategic goals.
James P. Courtney II, J&M
Human Capital and Cybersecurity
Consultants, LLC, CEO/CISO
7. the suite at once. This flexibility gives you the opportunity to consider your current
security needs while thinking about where you want to be in the next three to five
years. Activating more security functions in the Microsoft 365 Defender suite involves
turning on the licenses for those features—no additional deployment necessary. This
design is a big advantage over piecemeal security solutions that require rolling out
agents on all your systems for each new tool. With Microsoft 365 Defender, you add
security capabilities by turning on features that then tap into the data flow already
being monitored and analyzed.
Some aspects of Microsoft 365 Defender may be challenging for those new to
the product. For instance, the tools use machine learning to analyze activity data,
but they look at more than typical endpoint detection and response features. If the
security team is not used to the way Microsoft 365 Defender receives and delivers
information for analysis and how it integrates that information into its automation
features, the learning curve could be significant because with these tools, analysts
will see information that they may not be used to seeing. As a result, you may need
to develop new policies and procedures on how your team analyzes and responds
to data. For instance, if your team has been conducting risk assessment in a certain
way as part of incident evaluation to support decisions about escalation, having more
information could affect those risk scores. Now, you must adjust that risk-scoring
process because you have access to more data than you had before.
In contrast, from a security perspective, more data is always better. If I’m getting a
view of my email, my endpoints, my identity, my apps and my overall infrastructure,
and I can see more information or more events and better correlate them than I could
before, I can react more quickly to an incident.
7
If I’m getting
a view of my email,
my endpoints, my
identity, my apps, my
overall infrastructure,
. . . I can react more
quickly to an incident.
8. 8
Having the ability and bandwidth to process all the data coming in centrally is
an important success factor. A more integrated view of what is happening in the
environment also helps you increase efficiency across the board—for your security
teams; for your security operations center investment; even for your networking
teams, which will have information to more easily spot failings in the network. If
you do not have the resources to use the additional data that the integrated tools
of Microsoft 365 Defender provides, consider working with a managed security
services provider to either gain that support or help you make that transition.
Key Points
1
2
Activating more security functions
in Microsoft 365 Defender involves
turning on the licenses for those
features—no additional deployment
necessary. This is a big advantage
over piecemeal security solutions
that require rolling out agents on all
your systems for each new tool.
Microsoft 365 Defender looks at
more data than typical endpoint
detection and response tools, which
may require developing new policies
and procedures on how you score
risk when evaluating alerts and
incidents.
8
James P. Courtney II, J&M
Human Capital and Cybersecurity
Consultants, LLC, CEO/CISO
9. 9
“A big advantage of Microsoft Defender is the amount
of visibility it provides. When an alert comes in, you
want to be able to get to your logs right away to see
what’s going on.”
Consolidation and Visibility Add Real Value
For us, implementing the Microsoft 365 Defender suite was part of a
consolidation strategy. Consolidation was, in turn, part of our digital
transformation strategies. We wanted to improve security, save money, and
reduce management overhead. It was not just about consolidating vendors:
It meant consolidating and centralizing all the logs generated from the
endpoints and infrastructure so that we could go to one dashboard for all of
our security monitoring, detection, and remediation.
When coronavirus disease 2019 (COVID-19) hit, suddenly everyone was taking
laptops home. While our devices had the endpoint protection, we could not
put any kind of protection on the employee's home routers or those similar
on corporate infrastructure. For example, in the corporate environment we
have access to a 24/7 security operations center known as SOC to monitor
unauthorized activities on the network. We wanted to monitor the exposure
level of the traffic and risk level and set alerts as necessary. Additionally, we
wanted to set controls over what was and was not authorized at the endpoint.
Cloud app and endpoint security tools in Microsoft 365 Defender enabled us
to do that with much detailed analysis into discovered apps, total throughput,
bandwidth-intensive apps, and remediation policies to protect our employees.
Lawk Salih is Vice President of Technology
Systems and Services for Independent
Community Bankers of America (ICBA). In his
role, Lawk leads cloud migration efforts, the
cybersecurity program, infrastructure, and
customer service support in alignment with the
ICBA’s strategic goals. He has more than twenty
years of experience in IT, including fifteen
years with nonprofit organizations and trade
associations.
Lawk Salih, Independent Community
Bankers of America, Vice President,
Technology Systems and Services
10. A big advantage of Microsoft Defender is the amount of visibility it provides. When
an alert comes in, you want to be able to get to your logs right away to see what’s
going on. This is what the dashboard does. It is simple to follow and it enables you
to hunt for threats and navigate around IP addresses involved in an incident; where
applicable, the incident also includes the remediation steps for your security analysts.
It’s best to use Microsoft 365 Defender with the latest version of the Windows
operating system on your endpoints, especially your virtual machines. Some of
the remediation capabilities are only available with the latest operating systems.
Some functions, such as auto-remediation, do not work on older Windows versions.
In addition to Microsoft Defender, we use Microsoft Intune for our mobile device
management on all endpoints. Whether on a laptop or a smartphone, Intune assists
us to set compliance policies and profiles to defend against security threats. Intune
can also be used as a deployment configuration tool to push apps to your employees
in an automated fashion. While we continue to work remotely, this feature has been
instrumental to our system administrators. Of course, always test your configurations
with a few machines in your environment before rolling it out across the organization.
Do all your learning at the proof-of-concept stage to avoid service disruptions and to
better manage your deployments.
Some challenges are associated with Microsoft 365 Defender that may be more
significant for smaller organizations. One is cost. There is a lot of value in these
integrated tools, but the cost may be different from what you expect. Start with those
baseline configurations, and scale up the licenses to meet your needs. Another is
learning the system. Microsoft makes a lot of good information available on the tools
it provides, but you need to own this process to understand how best to configure
them for your environment.
10
A key success
factor in any security
deployment is
monitoring the
dashboards. You
can never monitor
enough.
11. 11
Key Points
1
2
Always test your configurations on
a few machines in your environment
before rolling them out across the
organization. Do all your learning at
the proof-of-concept stage to avoid
service disruptions and to better
manage your deployments.
Microsoft has made their security
tools simple to learn, deploy, and
adopt. However, organizations that
do not have the internal skills may
find it beneficial to outsource to an
MSSP to achieve the greatest value
possible.
Lawk Salih, Independent Community
Bankers of America, Vice President,
Technology Systems and Services
A key success factor in any security deployment is monitoring the dashboards. You
can never monitor enough. You must continuously monitor and train the ML/AI if
the alerts it generates are good alerts versus false positives. This is the only way
the system will improve and stay tuned to your environment.
Many organizations outsource their security monitoring and detection controls to
managed security service providers (MSSP). Some organizations may need help
with the 24/7 monitoring and tuning necessary to keep the system optimized.
Or, they may need expertise in configuration or building playbook remediation
processes. Microsoft has made their security tools very simple to learn, deploy, and
adopt. However, some organizations may not have this skill set internally; therefore,
it may be beneficial for them to outsource to an MSSP to achieve the greatest value
possible. I always recommend building knowledge internally to be effective at using
the security tools.
12. 12
“When implementing these security tools, I suggest
beginning with those that are easiest to implement.”
When Deploying Microsoft 365 Defender, Start with the
Easiest Tools in the Suite
Microsoft 365 Defender is a set of products that includes Microsoft Defender
for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Office 365,
and Microsoft Cloud App Security. When implementing these security tools, I
suggest beginning with those that are easiest to implement. The easiest of all is
Microsoft Defender for Office 365.
Microsoft Defender for Office 365 uses features such as Safe Attachments, Safe
Links, and anti-phishing policies to protect user emails and files shared through
SharePoint, OneDrive, and Microsoft Teams. For example, when Safe Links is
enabled, Microsoft Defender for Office 365 scans links in emails, files, and email
attachments. If it detects a malicious link, it prevents anyone from opening it.
If someone tries it, Defender for Office 365 displays a message that the link is
unsafe and stops them.
Microsoft Defender for Office 365 also has an attack simulator that enables
you to target your organization with a phishing campaign using a fake link to
trick users into giving up their passwords. It’s a great tool for creating user
awareness, and it gives you insight into how users in the organization respond
Maarten Leyman is a Senior Security Consultant
with experience in the full Microsoft 365
security suite and Azure security. In 2013, he
started his career at delaware BeLux, where he
performs security assessments and conducts
workshops at customer sites to identify security
risks. He also helps fine-tune IT architecture and
implementations to increase overall security
at customer locations and mitigate possible
threats.
Maarten Leyman, delaware BeLux,
Senior Security Consultant
13. to phishing attacks. In the past, you needed separate tools to run attack simulations.
Those tools are now built into Microsoft 365 Defender.
Microsoft Defender for Office 365 is the easiest tool to start with because as an IT
administrator, you can enable it with just a few clicks. It also has no disruptive impact
on users. The only thing they might notice is that the tool rewrites URLs in emails and
documents.
The next-easiest tool is Microsoft Defender for Identity, which simply involves
installing a sensor on each domain controller. This sensor monitors user activities
and sends that data to the cloud, where the tool looks for unusual behavioral
patterns. Microsoft Defender for Identity also correlates security activity through all
the domain controllers, which you can see in a portal.
Microsoft Defender for Endpoint provides more comprehensive protection of
your entire environment. It is an endpoint detect and response (EDR), threat
and vulnerability management, and attack surface reduction solution with auto
investigation and remediation capabilities. Its implementation is a bit more complex.
It has strong integration capabilities with the other Microsoft 365 Defender features.
Some examples are:
• Integration with Cloud App Security for detection and control of shadow IT.
• Integration with Microsoft Defender for Identity to track, correlate, and map user
behaviors involving multiple machines, making it easier to understand an alert
that is occurring in the environment.
• Integration with Endpoint Manager to easily reduce the attack surface and
vulnerabilities on the devices.
13
The Microsoft 365
security center
consolidates data
from all the tools
into one view, which
makes it much easier
to detect a problem
and take correct
actions.
14. When implementing these tools, begin with a pilot involving a small group of users,
such as a security team, to make sure that everything works as it should. Then,
expand to a workgroup of real users. If everything goes well, you can scale more
widely across the organization.
In addition, use the Microsoft 365 security center. Microsoft 365 Defender solutions
have their own portals, which can become confusing when you are using multiple
tools. The Microsoft 365 security center consolidates data from all the tools into one
view, which makes it much easier to detect a problem and take corrective actions.
You should also evaluate the knowledge and expertise of your security team. When
using these tools together, it can take time to set them up and configure them
properly. They also require continuous monitoring and refinement. Every organization
is different, but many will benefit from having a managed security services provider
(MSSP) involved in deploying, monitoring, and optimizing the tools. MSSPs can speed
time to value through customized deployment templates, and they have expertise in
interpreting all the information coming out of the tools.
14
Maarten Leyman, delaware BeLux,
Senior Security Consultant
Key Points
1
2
With Microsoft Defender for Identity
enabled, you can track, correlate,
and map individual behaviors
involving multiple machines, making
it easier to understand an event that
is occurring in the environment.
Consider having an MSSP involved
in deploying, monitoring, and
optimizing Microsoft 365 Defender.
MSSPs can speed time to value
through customized deployment
templates, and they have expertise
in interpreting all the information
coming out of the tools.
15. 15
“Microsoft 365 Defender is a suite of individually
licensed products, and you have choices about which
parts of the suite to implement.”
Engage with Experts Who Can Help Optimize Your
Deployment
Whenever you adopt any new technology in an organization, you should first
go through the product documentation and become familiar with all the
features available to you. The organization needs to understand the benefits
and constraints of each license type—and not just the money. It’s about
aligning the features you require with your organization’s needs in a way that
gets you the best return on your investment. That approach is important for
successful adoption of the technology within the organization.
Whether you work with in-house subject matter experts or external
consultants, matching the technology to your requirements should be done
by someone who can act as an evangelist within the organization. This
person does not have to be someone who thinks that a particular product
is the best on the market. Rather, this person should be someone who can
review and understand the documentation, understand how to apply the
technology to meet the organization’s goals, and help roll out the technology
in an optimized manner.
Microsoft 365 Defender is a suite of individually licensed products, and you
have choices about which parts of the suite to implement. At the end of
Oscar Monge is a seasoned information
security professional with more than seventeen
years of experience. He is a Security Solutions
Architect at Rabobank, where he helps shape
security monitoring direction and technology
integration. Oscar is passionate about
technology and its alignment to IT business
needs.
Oscar Monge, Rabobank, Security
Solutions Architect
16. the day, product selection must align to the needs of the business, which means
aligning to the organization’s risk appetite, mid- and long-term security strategies,
and technical capabilities.
Microsoft makes it easy to enable and start using the products in Microsoft 365
Defender. The bigger challenge is effectively using the Microsoft 365 Defender
controls to operate the business in a more secure fashion. You must be able to
consume the data and use automation features effectively. Just turning on an
automation does not mean it will magically perform the way you want. Someone
who understands the technology must observe its function to determine if it is
doing what the organization expects or if it must be tuned. Microsoft makes it
easy to communicate with its experts, who can provide insights into problems
you may encounter with the product. It’s a good idea to use that communication
channel.
One of the great advantages of Microsoft 365 Defender is that it so easily
integrates with other Microsoft products. This is an important feature because
from a security standpoint, you typically have only one point of view of an
incident. The level of integration built into these products enables you to
evaluate a single event from different points of view. In the past, Microsoft had
separate dashboards for each security solution. Now, it has consolidated those
dashboards into a single admin center. Multiple data sources in one portal make
it easier to gain a complete picture of an observed activity. Analysts can see the
16
The level of
integration built
into these products
enables you to
evaluate a single
event from different
points of view.
17. 17
whole kill chain of an incident more quickly, and then take decisive action.
When implementing Microsoft 365 Defender, I suggest:
• Implementing all out-of-the-box controls and automations that are pertinent
to your organization;
• Monitoring the performance of those automations to make sure that you
are getting the automated responses you need and can step in when more
information and fine-tuning is required; and
• Using product and data integrations as much as possible.
Also, consider using outside expertise to help accelerate and optimize your
implementation.
17
Key Points
1
2
You need to understand the benefits
and constraints of different license
types so that you can align the
features you require with your
organization’s needs in a way that
gets you the best return on your
investment.
Microsoft makes it easy to enable
and start using the products in
Microsoft 365 Defender. The bigger
challenge is effectively using
the tool’s controls to operate the
business in a more secure fashion.
Oscar Monge, Rabobank,
Security Solutions Architect
18. 18
“The Microsoft 365 Defender tools provide a holistic
view of what is happening in the environment.”
Intelligent Security Tools Do Not Replace
Knowledgeable Security Administrators
When deciding where to begin with Microsoft 365 Defender, the primary
objective is to reduce risk as quickly and efficiently as possible. There are a
couple of ways to look at that. One is to identify what the greatest impact of
an attack would be, and then protect against that risk first. The other is to
look at where your greatest exposure is and protect that first.
Most organizations think in terms of reducing exposure first, and the best
place to start is with users. The quickest way to reduce user exposure with
the Microsoft 365 Defender tools is to begin with Microsoft Defender for
Office 365. This tool protects Microsoft Outlook email, OneDrive, SharePoint,
and Microsoft Teams—the places where most users are exposed daily.
Implementing this tool is easy, and its cost is based on the number of Office
365 licenses you have.
As you prepare to roll out these tools, first review the documentation.
Microsoft does a good job of providing online videos and documentation
about how to use the products. The documents support not only security
and compliance professionals but also administrators. Another important
Dr. Rebecca Wynn received the 2017
Cybersecurity Professional of the Year–
Cybersecurity Excellence Award, was Chief
Privacy Officer of SC Magazine, is a Global
Privacy and Security by Design International
Council member, and was 2018 Women in
Technology Business Role Model of the Year.
She is lauded as a “gifted polymath and game-
changer who is ten steps ahead in developing
and enforcing cybersecurity and privacy best
practices and policies.”
Rebecca Wynn,
Global CISO & Chief Privacy Officer
19. step is to take a thorough IT asset inventory. You need to understand the types
of systems you have, where they are, and the networking devices in use—all
elements that affect your use of the security tools. Finally, talk to the core
stakeholders in the organization’s IT systems. The success or failure of your
implementation depends on their support.
The Microsoft 365 Defender tools provide a holistic view of what is happening
in the environment. One challenge organizations have is choosing the right
person to be the security system administrator. That person needs to monitor the
dashboards, take actions when appropriate, and fine-tune the tools. This person
must have security analytical skills. The tools are excellent, and they use machine
learning to reveal issues that require action. It’s easy to forget that even if you
need few staff members looking at those dashboards because the tool is now
correlating everything for you, you still have to have people who know how to do
the work of answering difficult questions, taking critical actions, and optimizing
the tools.
An important part of tool optimization is being mindful of the data you collect.
The tools in Microsoft 365 Defender can consume enormous amounts of
data, and that can have costs and create analytical noise. Do you care about
every time in a workday a computer went to sleep and the user pressed the
spacebar to wake it back up? That’s not a mindful event. Why is a user in a
different geolocation suddenly getting locked out of his or her system? That’s an
interesting anomaly.
For some companies, it makes sense to have a managed security services
provider (MSSP) help monitor and administer these tools. Microsoft’s tools are
changing, and you no longer need an army of people staring at screens and
19
An important part of
tool optimization is
being mindful of the
data you collect.
20. 20
correlating every event. When you think about system administration needs, the
important consideration is not the number of events you are dealing with but the
number of actual items producing alerts of critical, high, or medium risk.
Microsoft 365 Defender is driving greater security process efficiency. For many
companies, the best model is not necessarily a fully managed security operations
center (SOC) but a hybrid model in which the MSSP comes in periodically to
work with the team for greater effectiveness and efficiency. One advantage of a
managed SOC is that the MSSP can typically source talent more quickly than your
in-house security team and, if that talent isn’t quite working for you, quickly make
changes.
20
Key Points
1
2
It’s easy to forget that even if you
need fewer staff members looking
at those dashboards because a tool
is now correlating everything for
you, you still need people who know
how to do the work of answering
difficult questions, taking critical
actions, and optimizing the tools.
When you think about system
administration needs, the important
consideration is not the number of
events you are dealing with but the
number of items producing alerts of
critical, high, or medium risk.
Rebecca Wynn,
Global CISO & Chief Privacy Officer
21. 21
21
“If an alert comes in through our security information
and event management tool, we can look at it, isolate
the machine, and check it out with just a few clicks.”
Microsoft 365 Defender Delivers Fast Answers If You
Know How to Interpret the Data
Microsoft 365 Defender is a product that is made up of several tools, all included
in a Microsoft 365 E5 license. The suite has significant functionality in terms
of being able to install sensors and use indicators of compromise. It also has a
networking interface so that if somebody is attacked by a particular virus, you
can easily search the entire organization for all other occurrences of that virus.
You can also access threat intelligence information to see the global extent of a
particular attack you are experiencing.
When a machine is compromised, Microsoft 365 Defender enables you to use
automation to isolate that machine quickly and prevent anyone from signing in
to it. In fact, Microsoft 365 Defender allows a lot of customization in terms of the
functions and actions you can automate.
One tool in the Microsoft 365 Defender suite is Microsoft Cloud App Security, a
cloud-based cloud access security broker that monitors all user activities with
cloud-based apps. The tool looks at IP addresses associated with user activity
and can alert you if things are happening in the network that should not be. For
example, if somebody is signed in to a computer in New York City, and then signs
in again an hour later in San Jose, the system will flag that as something that
should not be happening.
Sajed (Saj) Naseem is Chief Information
Security Officer (CISO) of New Jersey Courts,
where he focuses on cybersecurity readiness
and performance, information governance, and
network security. Sajed has more than twenty
years of experience and holds master’s degrees
from St. John’s University and Columbia
University, where he is an adjunct professor.
Sajed Naseem, New Jersey Courts,
CISO
22. 22
An important and powerful feature of Microsoft 365 Defender is its ability to track
activity in great detail. You see detailed activity and timelines for anyone working in the
environment. This information is also searchable, so if you query the system about who
clicked a particular link, that search will encompass the entire organization and provide
a detailed track of that activity. It does this quickly, which speeds alert analysis and
enables you to get fast answers to questions. If an alert comes in through our security
information and event management tool, we can look at it, isolate the machine, and
check it out with just a few clicks.
When installing Microsoft 365 Defender on endpoints, it’s important that all your
server operating systems be up-to-date. Microsoft 365 Defender will not run on older
Windows Server and Windows operating systems. For some organizations, particularly
if you have a large environment with decentralized IT groups, this can be a time-
consuming task.
Another important point to keep in mind is that Microsoft 365 Defender is different
from traditional antivirus and other siloed security solutions. Microsoft 365 Defender
integrates many different security functions. To use it effectively, your security team
needs a deeper, more holistic understanding of what is going on in your environment so
that they better interpret the alerts and information the system provides. It is important
that team members have training in these areas; depending on the depth of expertise in
the organization, you may need to consider working with a security service provider to
get the most out of Microsoft 365 Defender.
22
Key Points
1
2
Microsoft 365 Defender provides
highly searchable information. If you
query the system about who clicked
a particular link, it will search the
entire organization and provide a
detailed track of that activity. It does
this quickly, which speeds alert
analysis and enables you to get fast
answers to questions.
It is important that the security team
be trained to understand what the
system is telling them. Depending
on the depth of expertise in the
organization, you may need to
consider working with a security
service provider to get the most out
of Microsoft 365 Defender.
Sajed Naseem, New Jersey Courts,
CISO
23. 23
23
“One big advantage for us in using Microsoft Defender
for Office 365 is that it seamlessly plugged into our
existing environment.”
Rapidly Reduce Email-Based Attacks
When the Chief Information Officer brought me in to create the first-ever
Information Security Office at Duquesne University, we discovered that we were
getting inundated with email attacks related to phishing, spear phishing, spoofing,
and various scams. We actually had hundreds of compromised accounts every
year, largely because each year we had new students and new faculty who did not
know what to expect. They were unfamiliar with each other and people on campus.
Exploits typically began with email attacks on new students. Stolen student
credentials would then be used to attack faculty and staff.
To find a solution, we created a proof of concept with top vendors. We chose
Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection),
which is part of the Microsoft 365 Defender suite. Implementing that tool reduced
the number of compromised accounts on campus by 95 percent.
Note that when deploying this or any security solution, it’s important to talk to peers
and partners who have done this before and can suggest lessons they learned from
their experiences.
Tom Dugas is Assistant Vice President and
Chief Information Security Officer (CISO) of
Duquesne University, where his responsibilities
include cybersecurity, identity and access
management, and data governance. In 2019,
Tom was recognized as CISO of the Year by
the Pittsburgh Technology Council. Tom is an
alumnus of Robert Morris University, the 2009
EDUCAUSE Leading Change/Frye Leadership
Institute, and the 2006 EDUCAUSE Institute
Leadership Program.
Tom Dugas, Tom Dugas,
Assistant Vice President and Chief
Information Security Officer
24. 24
Two essential features are added when you implement Microsoft Defender for Office
365. One is Safe Links, which rewrites familiar links in your emails so that they become
long Safe Links addresses. This behavior enables the tool to check links for malicious
activity and detonate them in a sandbox to make sure there is no malware. The tool also
checks against a safe sender list to make sure that emails are sent from a reputable site.
The second feature is Safe Attachments, which inspects all attachments sent into your
community to determine whether they contain malware. The Microsoft 365 Defender
product line does a great job inspecting attachments and files to make sure that they are
safe to use.
It is important that you have the ability to decipher logs and respond to issues quickly.
You still need an incident response plan; you need to understand how to respond to
the particular malicious activities that surface; and, most importantly, you need a way
to communicate that risk to the environment in case something is happening. As you
become more comfortable with the suite, you can tune it up or down to optimize it for the
level of risk your organization can tolerate.
One big advantage for us in using Microsoft Defender for Office 365 is that it seamlessly
plugged into our existing environment. That really reduced the time we needed to get it up
and running. We were surprised at how quickly it became productive in our environment
and how much time it saved us because we were no longer chasing down so many email
attacks.
24
It is important that
you have the ability
to decipher logs and
respond to issues
quickly. You still need
an incident response
plan.
25. 25
Another nice thing about the Microsoft Defender for Office 365 is that it works across
the entire Office 365 stack. Whether you are in OneDrive, Microsoft Outlook, Microsoft
Teams, or another tool, it all seamlessly fits together in that product stack. Although we
do not have all the other products within the Microsoft family yet, I know it will be easy to
layer them in when we are ready.
25
25
Key Points
1
2
Microsoft Defender for Office 365
uses Safe Links to check links in
email and documents for malicious
activity. It uses Safe Attachments to
inspect attachments to make sure
they are safe.
Even with Microsoft Defender for
Office 365 implemented, you need
to understand how to respond to the
particular malicious activities that
surface, and—most importantly—
you need a way to communicate
that risk to the environment in case
something is happening.
Tom Dugas, Tom Dugas,
Assistant Vice President and Chief
Information Security Officer