This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
This document provides guidance on data security best practices. It defines data and describes different data types and forms. It outlines key data security goals of confidentiality, integrity and availability that can be threatened by malware, hacking and phishing. The document recommends solutions like encryption, access controls and monitoring to protect data during usage, transit and storage. It stresses the importance of security awareness, safe behaviors like strong unique passwords and backups, and taking basic precautions.
This document discusses implementing Transparent Data Encryption (TDE) and additional compensating controls as an alternative method to encrypting primary account numbers (PANs) in a Microsoft SQL database to comply with PCI DSS version 3 requirement 3.4. TDE provides full data encryption with minimal performance impact. Additional controls like key management and access restrictions are also required. Compensating controls can meet the intent of PCI requirements if they provide similar defense and are above other requirements. TDE benefits include no schema changes and minimal performance impact, but it only encrypts data at rest and does not help secure communication. Proper key backups and access controls must be implemented for TDE.
The document discusses McAfee's MVISION security management portfolio. It highlights that MVISION provides cloud-native, insight-driven security that protects data across devices, networks, clouds, and on-premises environments. It also simplifies security management by providing modern SaaS infrastructure, streamlined workspaces, and consolidated policies. Finally, it emphasizes that MVISION allows organizations to accomplish more with less effort through tactical automation and AI guidance.
This document provides an introduction to several cybersecurity standards and regulations, including ISO 27001, FFIEC, and GDPR. It describes the purpose and key aspects of each, such as ISO 27001 focusing on establishing an information security management system, FFIEC assessing cybersecurity maturity, and GDPR strengthening data protection for EU individuals. The document also gives an overview of Mauritius' new data protection act aligned with GDPR and provides some free resources for further information.
A quick look at what you should be considering when assessing the security of a mobile application, looking at an established framework and some of the common tools to get started
An overview of why knowing programming can make you a better cyber security professional, a look at the most popular languages and some pitfalls to avoid
The document discusses Capture the Flag (CTF) competitions, which provide a safe environment for practicing hacking skills and learning about cybersecurity threats. CTF competitions involve challenges at different skill levels related to hacking, cryptography, forensics, and other IT security topics. Participants can learn about vulnerabilities and misconfigurations, practice real attacks, and improve their skills through the game-like format of CTF events. Examples of challenges described in the document include extracting a hidden image from DNS traffic and analyzing an audio file spectrogram to reveal hidden text.
This document provides guidance on data security best practices. It defines data and describes different data types and forms. It outlines key data security goals of confidentiality, integrity and availability that can be threatened by malware, hacking and phishing. The document recommends solutions like encryption, access controls and monitoring to protect data during usage, transit and storage. It stresses the importance of security awareness, safe behaviors like strong unique passwords and backups, and taking basic precautions.
This document discusses implementing Transparent Data Encryption (TDE) and additional compensating controls as an alternative method to encrypting primary account numbers (PANs) in a Microsoft SQL database to comply with PCI DSS version 3 requirement 3.4. TDE provides full data encryption with minimal performance impact. Additional controls like key management and access restrictions are also required. Compensating controls can meet the intent of PCI requirements if they provide similar defense and are above other requirements. TDE benefits include no schema changes and minimal performance impact, but it only encrypts data at rest and does not help secure communication. Proper key backups and access controls must be implemented for TDE.
The document discusses McAfee's MVISION security management portfolio. It highlights that MVISION provides cloud-native, insight-driven security that protects data across devices, networks, clouds, and on-premises environments. It also simplifies security management by providing modern SaaS infrastructure, streamlined workspaces, and consolidated policies. Finally, it emphasizes that MVISION allows organizations to accomplish more with less effort through tactical automation and AI guidance.
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Check Point provides its customers with security across a wide range of technologies through partnerships with over 160 technology providers. With the largest security ecosystem in the industry, Check Point is able to deliver the best security everywhere through solutions that include enforcement, management, threat intelligence, cloud infrastructure, mobile security, and communications security. Check Point partners help customers protect their organizations across networks, endpoints, cloud, and more.
This document summarizes 10 cyber security trend reports for 2019. Common trends identified across the reports include rises in crypto mining, state-sponsored attacks, security skills shortages, Internet of Things risks, cloud provider attacks, supply chain attacks, phishing as the primary attack vector, and increased regulations. The reports also highlight the importance of user awareness, basic IT hygiene, incident response readiness, and having adequate security resources.
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey מוטי שגיא
This document discusses network security and compares different generations (Gens) of security products. Gen V security is defined as being effective, efficient, and everywhere. Check Point is presented as providing Gen V security through real-time prevention innovations, an unparalleled sense of urgency in responding to vulnerabilities, proven security with third-party tests, no security shortcuts, and an efficient software-based architecture that allows security everywhere. Check Point is said to have the best security through these factors and fighting FUD with facts.
This document discusses strategies for organizations to get ahead of cybercrime based on EY's Global Information Security Survey 2014. It outlines a three stage process for cybersecurity maturity: Activate to establish foundations; Adapt to dynamically respond to changes; and Anticipate to proactively prepare. Many organizations still need to improve their abilities to activate foundational security, adapt quickly to changes, and anticipate future threats. The document recommends specific actions organizations can take at each stage to improve their cybersecurity posture and get ahead of cyber attackers.
1) Privileged identity, such as system administrator accounts, is the core enabler of cyber attacks according to security reports.
2) Existing security layers like firewalls and antivirus have been breached in major data breaches involving companies like Target and Home Depot.
3) A new security layer focused on privileged identity management (PIM) is needed to protect privileged accounts and help break the cyber attack kill chain.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business.
Meeting plan:
1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses.
2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget?
About the speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
About BSG
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
Organizations have difficulty changing security controls after implementation due to the time and effort required. Automation and orchestration solutions can help reduce human errors by automating security configurations. While data center segmentation can enhance security, few organizations actually implement effective segmentation due to the lack of automation and visibility across applications.
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaDejan Jeremic
This document discusses Cisco's cybersecurity solutions, including its FirePOWER next-generation firewall and network security platform. It provides an overview of FirePOWER's key capabilities such as advanced threat prevention, application control, user awareness, automated policy recommendations, and integration with other Cisco security products. The document also presents examples of how FirePOWER's contextual policies and automation features can help organizations better detect, prevent, and respond to cyber threats.
Tomorrow Starts Here - Security Everywhere Cisco Canada
The document discusses Cisco's security solutions and services. Some key points:
- Cisco conducts a large amount of threat intelligence gathering from network traffic and other sources.
- Cisco offers a range of security products including next-generation firewalls, advanced malware protection, and threat defense.
- Cisco provides managed threat defense services where security experts monitor customer networks and respond to threats.
The document appears to be a sales presentation from Check Point Software Technologies promoting their new "Infinity Total Protection" product. The summary includes:
1) Check Point is introducing a new consolidated cyber security architecture and all-inclusive consumption model called "Infinity Total Protection" that provides threat prevention across networks, cloud, and mobile from a single vendor.
2) Infinity Total Protection offers simplified per-user pricing and promises to adapt to customers' business needs with a focus on threat prevention and consolidated management.
3) The presentation outlines the various security components that would be included with Infinity Total Protection, such as network security, cloud security, endpoint security, mobile security, and security management products.
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
Hoy por hoy el tráfico que llega a las aplicaciones web de las compañías en su mayoría es tráfico SSL con lo cual tenemos diferentes opciones para abordar la problemática de visibilidad y control del tráfico cifrado; confiar en todo el tráfico SSL y dejarlo pasar sin inspeccionar o incrementar la capacidad de los dispositivos de seguridad. ¿Qué camino tomar?
No menos importante, son todos aquellos ataques que llegan a las aplicaciones Core de la compañía de actores que buscan poner en riesgo la integridad, disponibilidad y seguridad de la misma como por ejemplo Bots y ataques de DDoS.
¿Se encuentra usted protegido contra amenazas avanzadas?
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
This document provides an overview of cyber security 101 and discusses common myths. It begins with an introduction to cyber security and why it is important given how organizations are connected digitally. It then discusses some major cyber incidents that made headlines in recent years. It also outlines common cyber threats and threat actors. The document also predicts cyber security trends in the coming years. It identifies key industry verticals impacted by cyber threats. Finally, it discusses some common myths around cyber security and emphasizes the importance of going back to cyber security basics.
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
Daniel Kandel, VP of R&D at Skycure, gave a presentation reviewing mobile security trends in 2016 and predictions for 2017. In 2016, there was an increasing focus on attacking iOS devices and more targeted attack types. Various malware incidents occurred, such as Accessibility Clickjacking and HummingBad. In 2017, mobile attacks are predicted to grow more sophisticated using zero-day exploits. Mobile corporate espionage is also expected to increase. Organizations will need diversified mobile security strategies that can protect both managed and unmanaged devices from these evolving threats.
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp
This document contains the agenda and slides for a presentation on SQL Server security. The presentation covers security foundations for database administrators (DBAs), well-known risk factors from OSSTMM and OWASP, SQL Server security best practices, security enhancements in SQL Server 2014, 2016, and 2017, SQL Server security in the cloud, DBA security, and risk management for DBAs. The slides define key security concepts, categorize security realms, outline the OSSTMM and OWASP top 10 risks, and describe various SQL Server security features and configurations.
The document discusses how web application hacking occurs through examples like SQL injection. It explains the basic components of a web application like the database, server, and client. It then covers the steps an attacker may take, like using tools to find hidden content or exploiting vulnerabilities in how user input is handled to access private user data or delete database tables. The document emphasizes that these types of vulnerabilities are common and provides resources for learning about different hacking techniques as well as the company's security assessment services.
IDS are great tools for blue teams and resource for network forensics, however they can also be a great resource for the red teams and as part of a penetration testing exercise.
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Check Point provides its customers with security across a wide range of technologies through partnerships with over 160 technology providers. With the largest security ecosystem in the industry, Check Point is able to deliver the best security everywhere through solutions that include enforcement, management, threat intelligence, cloud infrastructure, mobile security, and communications security. Check Point partners help customers protect their organizations across networks, endpoints, cloud, and more.
This document summarizes 10 cyber security trend reports for 2019. Common trends identified across the reports include rises in crypto mining, state-sponsored attacks, security skills shortages, Internet of Things risks, cloud provider attacks, supply chain attacks, phishing as the primary attack vector, and increased regulations. The reports also highlight the importance of user awareness, basic IT hygiene, incident response readiness, and having adequate security resources.
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey מוטי שגיא
This document discusses network security and compares different generations (Gens) of security products. Gen V security is defined as being effective, efficient, and everywhere. Check Point is presented as providing Gen V security through real-time prevention innovations, an unparalleled sense of urgency in responding to vulnerabilities, proven security with third-party tests, no security shortcuts, and an efficient software-based architecture that allows security everywhere. Check Point is said to have the best security through these factors and fighting FUD with facts.
This document discusses strategies for organizations to get ahead of cybercrime based on EY's Global Information Security Survey 2014. It outlines a three stage process for cybersecurity maturity: Activate to establish foundations; Adapt to dynamically respond to changes; and Anticipate to proactively prepare. Many organizations still need to improve their abilities to activate foundational security, adapt quickly to changes, and anticipate future threats. The document recommends specific actions organizations can take at each stage to improve their cybersecurity posture and get ahead of cyber attackers.
1) Privileged identity, such as system administrator accounts, is the core enabler of cyber attacks according to security reports.
2) Existing security layers like firewalls and antivirus have been breached in major data breaches involving companies like Target and Home Depot.
3) A new security layer focused on privileged identity management (PIM) is needed to protect privileged accounts and help break the cyber attack kill chain.
Download the full Midyear Security Report >> http://cs.co/MSR15SL
Cisco has released its Midyear Security Report. In this report, Cisco provides industry insights and key findings taken from threat intelligence and cybersecurity trends for the first half of 2015.
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
Slides to the online event "Creating an effective cybersecurity strategy" by Berezha Security Group, where we debunked myths about cybersecurity and recommended some easy-to-use practical steps to build an effective cybersecurity strategy for your small business.
Meeting plan:
1. Widespread misconceptions about the cybersecurity of small and medium-sized businesses.
2. 10 steps to combat cyber threats. How to protect business effectively within a limited budget?
About the speakers
-Vlad Styran, CISSP CISA, Co-founder & CEO, BSG
Vlad is an internationally known cybersecurity expert with over 15+ years of experience in Penetration Testing, Social Engineering, and Security Awareness.
He is a BSG Co-founder & CEO and responsible for business and cybersecurity strategies. He could help businesses with consulting services in software security, cybersecurity awareness, strategy, and investment. Also, he acts as a speaker, blogger, podcaster in his volunteer activities.
- Andriy Varusha, CISSP, Co-founder & CSO, BSG
Andriy is an experienced top manager in IT-audit, consulting, and IT project management by leading outsourcing teams in Ukraine, Poland, and the USA. He also is keen on building customer relationships within the US, UK, and Western Europe geographies. At BSG, he leads the BSG advisory practice and consults development teams in all aspects of cybersecurity.
About BSG
Berezha Security Group (BSG) is a Ukrainian consulting company focused on application security and penetration testing. Our job is to help companies in all aspects of cybersecurity. We complete more than 50 Penetration Testing and Application Security projects yearly to know the business security vulnerabilities across the verticals. We help our customers address their future security challenges: prevent data breaches and achieve compliance.
Our contacts: hello@bsg.tech ; https://bsg.tech
Organizations have difficulty changing security controls after implementation due to the time and effort required. Automation and orchestration solutions can help reduce human errors by automating security configurations. While data center segmentation can enhance security, few organizations actually implement effective segmentation due to the lack of automation and visibility across applications.
Ict 2015 saga - cisco cybersecurity rešenja- Viktor VargaDejan Jeremic
This document discusses Cisco's cybersecurity solutions, including its FirePOWER next-generation firewall and network security platform. It provides an overview of FirePOWER's key capabilities such as advanced threat prevention, application control, user awareness, automated policy recommendations, and integration with other Cisco security products. The document also presents examples of how FirePOWER's contextual policies and automation features can help organizations better detect, prevent, and respond to cyber threats.
Tomorrow Starts Here - Security Everywhere Cisco Canada
The document discusses Cisco's security solutions and services. Some key points:
- Cisco conducts a large amount of threat intelligence gathering from network traffic and other sources.
- Cisco offers a range of security products including next-generation firewalls, advanced malware protection, and threat defense.
- Cisco provides managed threat defense services where security experts monitor customer networks and respond to threats.
The document appears to be a sales presentation from Check Point Software Technologies promoting their new "Infinity Total Protection" product. The summary includes:
1) Check Point is introducing a new consolidated cyber security architecture and all-inclusive consumption model called "Infinity Total Protection" that provides threat prevention across networks, cloud, and mobile from a single vendor.
2) Infinity Total Protection offers simplified per-user pricing and promises to adapt to customers' business needs with a focus on threat prevention and consolidated management.
3) The presentation outlines the various security components that would be included with Infinity Total Protection, such as network security, cloud security, endpoint security, mobile security, and security management products.
Porque las Amenazas avanzadas requieren de una Seguridad para Aplicaciones av...Cristian Garcia G.
Hoy por hoy el tráfico que llega a las aplicaciones web de las compañías en su mayoría es tráfico SSL con lo cual tenemos diferentes opciones para abordar la problemática de visibilidad y control del tráfico cifrado; confiar en todo el tráfico SSL y dejarlo pasar sin inspeccionar o incrementar la capacidad de los dispositivos de seguridad. ¿Qué camino tomar?
No menos importante, son todos aquellos ataques que llegan a las aplicaciones Core de la compañía de actores que buscan poner en riesgo la integridad, disponibilidad y seguridad de la misma como por ejemplo Bots y ataques de DDoS.
¿Se encuentra usted protegido contra amenazas avanzadas?
The cyber kill chain describes cyber attacks from an attacker's perspective through distinct phases: (1) reconnaissance, (2) weaponization, (3) delivery, (4) exploitation, (5) installation, (6) command and control, and (7) actions on objectives. Each phase of the kill chain can be mapped to defensive tools and actions to prevent attacks. Understanding the kill chain stages gives analysts insight into what is being attempted and how to respond appropriately. The kill chain was developed by Lockheed Martin as a method to describe intrusions and prevent advanced persistent threats by highly trained adversaries targeting sensitive information.
Cyber Security 101 - Back to Basics (HP Secure Print Event 2018)Shah Sheikh
This document provides an overview of cyber security 101 and discusses common myths. It begins with an introduction to cyber security and why it is important given how organizations are connected digitally. It then discusses some major cyber incidents that made headlines in recent years. It also outlines common cyber threats and threat actors. The document also predicts cyber security trends in the coming years. It identifies key industry verticals impacted by cyber threats. Finally, it discusses some common myths around cyber security and emphasizes the importance of going back to cyber security basics.
Mobile Security: 2016 Wrap-Up and 2017 PredictionsSkycure
Daniel Kandel, VP of R&D at Skycure, gave a presentation reviewing mobile security trends in 2016 and predictions for 2017. In 2016, there was an increasing focus on attacking iOS devices and more targeted attack types. Various malware incidents occurred, such as Accessibility Clickjacking and HummingBad. In 2017, mobile attacks are predicted to grow more sophisticated using zero-day exploits. Mobile corporate espionage is also expected to increase. Organizations will need diversified mobile security strategies that can protect both managed and unmanaged devices from these evolving threats.
ITCamp 2018 - Tobiasz Koprowski - Secure your data at rest - on demand, now!ITCamp
This document contains the agenda and slides for a presentation on SQL Server security. The presentation covers security foundations for database administrators (DBAs), well-known risk factors from OSSTMM and OWASP, SQL Server security best practices, security enhancements in SQL Server 2014, 2016, and 2017, SQL Server security in the cloud, DBA security, and risk management for DBAs. The slides define key security concepts, categorize security realms, outline the OSSTMM and OWASP top 10 risks, and describe various SQL Server security features and configurations.
The document discusses how web application hacking occurs through examples like SQL injection. It explains the basic components of a web application like the database, server, and client. It then covers the steps an attacker may take, like using tools to find hidden content or exploiting vulnerabilities in how user input is handled to access private user data or delete database tables. The document emphasizes that these types of vulnerabilities are common and provides resources for learning about different hacking techniques as well as the company's security assessment services.
Log Analytics for Distributed MicroservicesKai Wähner
This document summarizes a presentation on log analytics for distributed microservices architectures. It discusses how log analytics is needed to monitor these complex distributed systems and gain business insights. The presentation covers topics like distributed microservice log events, an introduction to log analytics, the log analytics market, and how log analytics relates to other big data components. It provides examples of scenarios where log analytics can be used and an overview of alternatives for log analytics solutions.
Microsoft Security Advice ISSA Slides.pptxMike Brannon
The document provides guidance on securing Microsoft 365 services through tools like Conditional Access policies and Zero Trust concepts. It recommends emphasizing identity security using Azure AD, enforcing multi-factor authentication, and applying Conditional Access rules. The document also provides references to security advisors and resources like books, blogs, and Twitter accounts that provide best practices for securing Microsoft 365.
This document discusses SQL Server security and provides an overview of SQL Server security best practices and enhancements in SQL Server 2014. It covers categorizing security across IT, physical, political, and SQL Server realms. It outlines best practices for authentication, securing administrator accounts, complex passwords, specific logins, administrator membership, guest access, stored procedure permissions, ports, services, and encryption. New SQL Server 2014 features discussed include transparent data encryption, encryption key management, and new permissions for connecting to any database and impersonating logins.
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
The document discusses various mobile application security vulnerabilities. It covers topics like insecure data storage, lack of encryption for network traffic, authentication issues, insecure session management, and risks from unintended data exposure. Mitigation strategies are provided for each vulnerability, which generally involve following secure coding best practices, leveraging encryption properly, validating all inputs, and deploying defenses in depth with checks on both the client and server sides.
Secure coding is the practice of developing software securely by avoiding security vulnerabilities. It involves understanding the application's attack surface and using techniques like input validation, secure authentication, access control, and encrypting sensitive data. The OWASP organization provides free tools and guidelines to help developers code securely, such as their Top 10 security risks and cheat sheets on issues like injection, authentication, and access control. Developers should use static and dynamic application security testing tools to identify vulnerabilities and continuously learn about secure coding best practices.
20171207 we are moving to the cloud what about securityArjan Cornelissen
DIWUG Presentation on security in general. What is changing when you go from an on-premises environment to a cloud environment. Also what Microsoft gives to protect against threats
Walls of Steel, Doors of Wood - Relevance of Application SecurityAbdul Jaleel
The maturity on securing network and system infrastructures has been the key focus and application security was mostly overlooked. In the slides I try to give a quick and crisp brief on why application security practices are important and how to embark on application security assurance programs
Change auditing: Determine who changed what, when and whereGiovanni Zanasca
Change auditing: Who, What, When, Where details for every change with 'before' and 'after' values
Configuration assessment: State-in-time™ reports showing configuration settings at any point in time
More than 200 predefined reports and dashboards with filtering, grouping, sorting, exporting, email subscriptions, drill-down, web access, granular permissions and ability to create custom reports
AuditArchive™: scalable two-tiered storage (file-based + SQL database) holding consolidated audit data for up to and beyond 10 years
Unified platform to audit the entire IT infrastructure (including systems that do not produce logs), as opposed to multiple hard-to-integrate standalone tools from other vendors
Behind the Curtain: Exposing Advanced ThreatsCisco Canada
Today's advanced threats hide in plain sight, patiently waiting to strike, challenging security teams to track their progress across their network and endpoints. Meanwhile, executive and board-level reporting requirements are increasing as leadership demands in-depth answers that are unavailable from today’s block/allow security tools. With 55% of organizations unable to identify the origin of their last security breach, it’s time to stop relying on tools that define security based on what they see ‘out there’ and instead hunt for threats by tracking files, file relationships, and both endpoint and network behavior ‘in here’—inside your environment. In the first part of this interactive session, learn how Cisco’s Advanced Malware Protection (AMP) solutions use big data analytics to compare a real-time, dynamic history of your environment to the global threat landscape, automatically uncovering and blocking advanced threats before they strike. Then watch workflow examples demonstrating how your security team can use this advanced visibility and control to dramatically improve their efficiency and finally deliver the business 100% confidence answers.
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
Office 365 Seguro? Sym, Cloud!
1-Estratégia de Segurança da Symantec
2-VIP & SAM for Office 365
3-DLP for Office 365
4-Email Security.cloud
Be Aware Webinar acontece todas as quartas às 10h30. Curta nossa página no Facebook e acompanhe a programação
2018 11-19 improving business agility with security policy automation finalAlgoSec
The traditional network is bursting at the seams. Good old perimeter security, enforced by traditional firewall protection, is being joined by distributed firewalls, public clouds and a shared-responsibility security model.
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
December 2019 Microsoft 365 Need to Know WebinarRobert Crane
Slides from CIAOPS December 2019 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on security. Video recording is available at www.ciaopsacademy.com
Proteja seus clientes - Gerenciamento dos Serviços de SegurançaCisco do Brasil
Hackers are generating significant revenue from cybercrime activities such as DDoS attacks, selling stolen personal and financial information, spamming, and developing malware. Cisco offers security solutions and managed security services to help protect against cyber threats across networks, endpoints, and cloud environments. These include next-generation firewalls, advanced threat protection, unified access control, and threat-focused analytics. Cisco provides options for on-premises, cloud-based, and hybrid deployment tailored for different customer needs such as service providers, enterprises, and SMBs.
This lecture was given as part of a Logicalis Security Event held in Jersey and Guernsey. The lecture introduced SIEM and it's concepts to business professionals as well as featuring live exploitation demos. The lecture also discussed the macro based anti virus evading malware.
According to the Cisco 2015 Annual Security Report, “Security is no longer a question of if a network will be compromised. Every network will, at some point, be compromised. The report also poses the question, “What will an organization do then? And if security staff knew the network was going to be compromised, would it approach security differently?”
ePlus has the answer. Provide for a Secure Perimeter and Secure Data within your data centers and cloud solutions. We work with industry-leading partners to offer solutions to both, and wrapping services for a complete solution.
The document appears to be a presentation from Splunk on security topics. It includes sections on cyber security resilience, the data-centric modern SOC, application monitoring at scale, threat modeling, security monitoring journeys, self-service Splunk infrastructure, the top 3 CISO priorities of risk based alerting, use case development, a security content repository, security PVP (posture, vision, and planning) and maturity assessment, and concludes with an overview of how Splunk can provide end-to-end visibility across an organization.
Security software products are not immune to vulnerabilities. The document discusses vulnerabilities found in Symantec Messaging Gateway, F5 BIG-IP, AppliCure dotDefender WAF, and Sophos Web Protection Appliance that allowed unauthorized access or code execution on the devices. Exploiting vulnerabilities in security software is common due to weaknesses being found in the software itself or misconfigurations of services running on the devices.
This document provides an introduction to cryptography. It defines cryptography as the science of hiding information to provide confidentiality, integrity, authentication, and non-repudiation. The document then summarizes the history of cryptography, the main types of cryptography including encryption, decryption, hashing, and steganography. It also describes symmetric and asymmetric cryptographic algorithms like AES, RSA, and hash functions like MD5 and SHA-1/2. The document concludes by emphasizing the safe use of standard algorithms and protection of private keys.
The document provides an overview of an incident response concept and framework. It discusses the benefits of incident response, common incident response structures and lifecycles. It also outlines the key steps in an incident response process including preparation, detection, analysis, containment, eradication, recovery, reporting and lessons learned. Specific approaches and activities at each step are also described for a company's incident response implementation.
This document provides an overview of data loss prevention (DLP). It discusses cyber security risks and increasing data breach statistics and costs. It defines DLP and the lifecycle of data protection. Key aspects of a DLP implementation are outlined, including defining objectives and scope, policy setup, data discovery and classification, monitoring and tuning, and reporting. The benefits of visibility, monitoring, and improved protection are highlighted.
This presentation looks at the core component of an Incident Response plan (NIST 800-61) as well as custom practical implementation framework developed by ELYSIUMSECURITY based on NIST and FIRST.
This document provides an overview of incident response procedures, including the incident response life cycle of detection, categorization, containment, investigation, remediation, reporting, and learnings. It outlines roles and responsibilities, communication processes, and generic response playbooks. Resources for incident response frameworks and standards are also referenced.
A look at what makes a Red Team special versus more traditional security services such as Vulnerability Assessment and Penetration Testing. Use case will also be provided to illustrate the points made in the presentation.
This document discusses security concerns related to cryptocurrencies. It begins by defining cryptocurrency as a digital currency created through mathematical algorithms that aims to be open, anonymous, secure and bypass traditional financial systems. It then outlines some key advantages of cryptocurrency over traditional money, such as maintaining user anonymity. However, it also identifies several security concerns with cryptocurrencies, such as selfish mining that allows miners to gain more revenue than their share of computing power, double spending of coins, and attacks on wallet software or acquiring over 50% of a cryptocurrency's computing power.
This document provides an introduction to cyber forensics. It defines key terms like forensics science, digital forensics, and cyber forensics. It also discusses cyber attack and malware trends, GDPR requirements, core principles of cyber forensics investigations, and presents an overview of the goals, actions, and scope of activities in a cyber forensics investigation. Finally, it provides a case study example of a client database leak investigation.
This document discusses the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It will apply to all companies and gives individuals new rights around accessing and deleting their personal data. It also requires companies to implement privacy by design and notify authorities within 72 hours of a data breach. The document also outlines debates around whether previous policies were sufficient, concerns about spam and data breaches, and arguments that individuals will just click through privacy notices as well as whether the EU can enforce fines. However, supporters argue that the GDPR will push companies to improve security, be more transparent about what data they hold, demand more from third parties, and give individuals better control over their personal information.
Ethical hacking involves performing authorized security testing and vulnerability assessments to evaluate an organization's security posture and help protect against cyber threats. It generally follows steps of reconnaissance, scanning systems to identify vulnerabilities, gaining access if possible, maintaining or escalating that access, and covering tracks. Ethical hackers have permission and work within legal bounds, using their skills to strengthen security rather than enable harm. The document discusses definitions, common techniques, tools used at each step, and how ethical hackers differ from malicious hackers by operating openly to help rather than secretly to enable illegal acts.
This document discusses how social media is used to gather personal data and how that data can enable cyber attacks. It notes that over 5 million records are lost or stolen daily and outlines the types of sensitive information that can be obtained from LinkedIn, Facebook, Twitter, and other online sources. The document warns that this data exposure enables personal, corporate, and marketing attacks but does not specify the nature of these threats or provide recommendations for mitigating risks.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
This document outlines a proposal for a cyber security club in Mauritius. The club aims to share information and build a cyber security community through free monthly meetings. Meetings would last 2 hours and include technical and non-technical talks on topics like password handling and penetration testing. The club seeks attendees with some IT knowledge, speakers with cyber security experience, and a few organizers to coordinate talks and venues. Future goals include expanding the number of talks per meeting, inviting external speakers, and gaining sponsors.
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfflufftailshop
When it comes to unit testing in the .NET ecosystem, developers have a wide range of options available. Among the most popular choices are NUnit, XUnit, and MSTest. These unit testing frameworks provide essential tools and features to help ensure the quality and reliability of code. However, understanding the differences between these frameworks is crucial for selecting the most suitable one for your projects.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
This presentation provides valuable insights into effective cost-saving techniques on AWS. Learn how to optimize your AWS resources by rightsizing, increasing elasticity, picking the right storage class, and choosing the best pricing model. Additionally, discover essential governance mechanisms to ensure continuous cost efficiency. Whether you are new to AWS or an experienced user, this presentation provides clear and practical tips to help you reduce your cloud costs and get the most out of your budget.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
leewayhertz.com-AI in predictive maintenance Use cases technologies benefits ...alexjohnson7307
Predictive maintenance is a proactive approach that anticipates equipment failures before they happen. At the forefront of this innovative strategy is Artificial Intelligence (AI), which brings unprecedented precision and efficiency. AI in predictive maintenance is transforming industries by reducing downtime, minimizing costs, and enhancing productivity.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
2. {elysiumsecurity}
cyber protection & response
2
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
• What is Office 365? • Misconception • Dual Factor
Authentication;
• Enable Audit Logs;
• Review Email
Protection Settings;
• Admin as a Separate
User;
• Limit Usage of Admin
Account;
• Microsoft Security
Score.
• Enforce Dual Factor
Authentication;
• Enable Advanced
Audit Logs;
• Advanced Threat
Protection;
• Create ATP Policies;
• Disable OWA by
default;
• Regular Log Reviews;
• Limitations;
• Where to start?
• What to look for?
CONTENTS
Public
3. {elysiumsecurity}
cyber protection & response
3
WHAT IS OFFICE 365
Public
EXCEL, WORD, POWERPOINT,
OUTLOOK/EMAIL
STARTED IN 2010
INTEGRATES WITH AZURE ACTIVE
DIRECTORY
MICROSOFT CLOUD OFFERING
FOR OFFICE TOOLS
Icons from the noun project unless specified otherwise
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
4. {elysiumsecurity}
cyber protection & response
4
MISCONCEPTION
Public
NO NEED FOR EXTRA SECURITY
CONFIGURATION
PHISHING ATTACKS AND
CREDENTIALS COMPROMISE ARE
NOT POSSIBLE
HOSTED MY MICROSOFT SO IT
CANNOT BE HACKED
MANY SECURITY FEATURES
TURNED OFF BY DEFAULT
RISK CAN BE REDUCED BUT NOT
REMEDIATED COMPLETELY
THERE IS NO SUCH A THING AS A
100% SECURE SYSTEM
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
5. {elysiumsecurity}
cyber protection & response
5
OVERVIEW
Public
ENABLE DUAL FACTOR
AUTHENTICATION
ENABLE AUDIT LOGS
REVIEW EMAIL PROTECTION
SETTINGS
SET YOUR ADMIN ACCOUNT AS A
SEPARATE USER
LIMIT USE OF ADMIN/ENTERPRISE
ACCOUNT
LOOK AT YOUR SECURITY SCORE
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
9. {elysiumsecurity}
cyber protection & response
9
ADMIN AS A SEPARATE USER
Public
STATUS: UNLICENSED
NO NEED FOR MAILBOX
NO NEED TO LOGON TO DOMAIN
ONLY NEED TO LOGON TO ADMIN PORTAL
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
10. {elysiumsecurity}
cyber protection & response
10
LIMIT USAGE OF ADMIN ACCOUNT
Public Images from Dreamstime
NO HUMAN RISK
NO HUMAN ERRORS =
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
11. {elysiumsecurity}
cyber protection & response
11
MICROSOFT SECURITY SCORE
Public
SECURITY COMPLIANCE HOME &
https://securescore.microsoft.com
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
12. {elysiumsecurity}
cyber protection & response
12
OVERVIEW
Public
ENFORCE DUAL FACTOR
AUTHENTICATION FOR ALL USERS
ENABLE ADVANCED AUDIT LOGS
INSTALL ADVANCED THREAT
PROTECTION
CREATE ATP POLICIES
DISABLE OUTLOOK WEB ACCESS
BY DEFAULT
REGULAR LOGS REVIEW
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
21. {elysiumsecurity}
cyber protection & response
21
REGULAR LOGS REVIEW
Public
LOOK FOR UNUSUAL ACTIVITIES AND IP SOURCE
FOR KEY USERS
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
22. {elysiumsecurity}
cyber protection & response
22
LIMITATION
Public
POTENTIAL TIMEZONE
DIFFERENCE OF THE SERVER
CLOUD ENVIRONMENT MEANS
NO FULL ACCESS TO RAW DATA
INFORMATION LIMITATION
WEB REPORTS BUGS
ENABLE AUDIT LOGS
(Not a default option!)
NO OFFLINE LOGS BACKUP
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
23. {elysiumsecurity}
cyber protection & response
23
WHERE TO START
Public
https://protection.office.com
https://portal.office.com/adminportal
https://portal.azure.com
USE A GOBAL ADMIN ACCOUNT OR
PROVIDE ENOUGH ROLES/RIGHT TO
YOUR INVESTIGATION ACCOUNT
-> SECURITY & COMPLIANCE
-> REPORT DASHBOARD
-> SEARCH & INVESTIGATION
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
24. {elysiumsecurity}
cyber protection & response
24
WHAT TO LOOK FOR?
Public
MAIL FORWARDING RULES
ADMIN CENTERS -> EXCHANGE -> MAILBOXES -> Select mailbox /
double click -> mail box feature -> mailflow -> view details
Not part of the Audit Logs!
AUDIT SEARCH FILTER INTERESTING KEYWORDS
UserLoggedIn
New-Inboxrule
Set-InboxRule
Set-Mailbox
IP ADDRESS AND IMPOSSIBLE LOGINS
SUSPICIOUS ACTIVITIES
SUSPICIOUS DATE AND TIME
FORENSICS
ADVANCED
SECURITY
BASIC SECURITYRISKSCONTEXT
25. {elysiumsecurity}
cyber protection & response
A LOT OF THE TIPS DISCUSSED TODAY COME FROM THE EXCELLENT
“FORENSIC LUNCH” SHOW:
https://www.youtube.com/watch?v=WgRxPCofIrA
Presentation starts at 15 minutes in
Devon Ackerman
“Forensically sound incident response in Microsoft’s Office 365”
HIGHLY RECOMMENDED!