Microsoft 365 Security und Azure Security, Einhaltung von Compliance-Anforderungen unter Berücksichtigung des neuen Schweizer Datenschutzgesetze, Best Practices bei der Einführung und dem Betrieb von Sicherheitslösungen
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxMatthew Levy
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.
In today's cybersecurity galaxy, the landscape has become increasingly sophisticated with cybercriminal activities. We need to work together in new ways to protect the cybersecurity of the planet.
In this session Matthew will discuss
• The threats we need to defend against
• The things in our galaxy that need protecting
• The Defender suite from Microsoft
• The Zero Trust architecture
You will learn 5 basic things you should be doing to protect yourself, and that you are not alone in this galaxy because you can leverage the Defender products from Microsoft to defend you're world.
This strategy brief outlines how the Microsoft Cyber Defense Operations Center (CDOC) brings together security experts and data scientists from across the company to form a unified and coordinated defense against the evolving threat landscape—to protect Microsoft’s cloud infrastructure and services, products and devices, and our Microsoft corporate resources.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
Microsoft 365 provides holistic security across these four aspects of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Secure identities to reach zero trust
Threat Protection
Help stop damaging attacks with integrated and automated security
Information Protection
Protect sensitive information anywhere it lives
Security Management
Strengthen your security posture with insights and guidance
This is the slide deck used on my webinar session titled " Fundamentals of Microsoft 365 security , Identity and Compliance" .You can find the recording of this webinar here : https://youtu.be/akrEnqK6Dsc
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptxMatthew Levy
Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.
In today's cybersecurity galaxy, the landscape has become increasingly sophisticated with cybercriminal activities. We need to work together in new ways to protect the cybersecurity of the planet.
In this session Matthew will discuss
• The threats we need to defend against
• The things in our galaxy that need protecting
• The Defender suite from Microsoft
• The Zero Trust architecture
You will learn 5 basic things you should be doing to protect yourself, and that you are not alone in this galaxy because you can leverage the Defender products from Microsoft to defend you're world.
This strategy brief outlines how the Microsoft Cyber Defense Operations Center (CDOC) brings together security experts and data scientists from across the company to form a unified and coordinated defense against the evolving threat landscape—to protect Microsoft’s cloud infrastructure and services, products and devices, and our Microsoft corporate resources.
Protect your hybrid workforce across the attack chainDavid J Rosenthal
Security is one of the most important considerations for SMBs. In fact, 77% of SMBs in a recent survey consider security a top feature when purchasing new PCs.1
Last year alone, 67% of SMBs experienced a security breach that cost, on average, 3.3% of their revenue.1 That’s a big risk to both profitability and reputation, and it shows how critical strong security protections are for businesses.
The good news is that 69% of SMBs in a recent survey agreed that new Windows 10 Pro devices offered better security and data protection than older devices.1
Research shows that modern devices help business owners by preventing identity attacks, minimizing phishing, and reducing the risk of malware attacks. These are all common ways that bad actors steal business data, steal personal information, or hold our devices hostage in exchange for huge amounts of ransom money.
And with modern PCs, most security functions can happen in the cloud, without interrupting worker productivity.
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
As the volume and sophistication of attacks has increased, it has become even more critical for organizations to be able to rapidly and accurately identify malicious attack vectors and payloads at time of delivery. This session will explore Microsoft’s unique approach to dealing with this problem and also how we approach tracing and deconstructing a successful attack in order to prevent its’ next iteration.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
The crown jewels of any IT environment is the valuable information you manage. This session will explore techniques and Microsoft technologies that can ensure documents are well-managed, secured, and only available to approved individuals in your organization. We will also look at advanced ediscovery and data governance approaches and technologies that can support these.
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Cloud Security Issues and Challenge.pptxinfosec train
Cloud computing has reformed the way businesses operate these days. Today, the cloud is being adopted by an increasing number of enterprises.
https://www.infosectrain.com/courses/certified-cloud-security-engineer-training-course/
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
"Evolving Cybersecurity Strategies" - Identity is the new security boundaryDean Iacovelli
As cyber attacks have matured and become more complex over the last number of years, the objective of most attacks has not changed: compromise and collect user credentials. This session will explore the changing cybersecurity landscape and how managing identity – both in the enterprise as well as across 3rd party applications - is becoming job #1 in managing your organization’s risk.
"Evolving Cybersecurity Strategies" - Threat protection and incident managmentDean Iacovelli
As the volume and sophistication of attacks has increased, it has become even more critical for organizations to be able to rapidly and accurately identify malicious attack vectors and payloads at time of delivery. This session will explore Microsoft’s unique approach to dealing with this problem and also how we approach tracing and deconstructing a successful attack in order to prevent its’ next iteration.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
Cyberspace is the new battlefield:
We’re seeing attacks on civilians and organizations from nation states. Attacks are no longer just against governments or enterprise systems directly. We’re seeing attacks against private property—the mobile devices we carry around everyday, the laptop on our desks—and public infrastructure. What started a decade-and-a-half ago as a sense that there were some teenagers in the basement hacking their way has moved far beyond that. It has morphed into sophisticated international organized crime and, worse, sophisticated nation state attacks.
Personnel and resources are limited:
According to an annual survey of 620 IT professional across North America and Western Europe from ESG, 51% respondents claim their organization had a problem of shortage of cybersecurity skills—up from 23% in 2014.1 The security landscape is getting more complicated and the stakes are rising, but many enterprises don’t have the resources they need to meet their security needs.
Virtually anything can be corrupted:
The number of connected devices in 2018 is predict to top 11 billion – not including computers and phones. As we connect virtually everything, anything can be disrupted. Everything from the cloud to the edge needs to be considered and protected
here's where Microsoft has invested, across these areas: identity and access management, apps and data security, network security, threat protection, and security management.
We’ve put a tremendous amount of investment into these areas and the way it shows up is across a pretty broad array of product areas and features.
Our Identity and Access Management tools enable you to take an identity-based approach to security, and establish truly conditional access policies
Our App and Data Security help you protect your apps and your data as it moves around—both inside and outside your organization
Azure includes a robust networking infrastructure with built-in security controls for your application and service connectivity.
Our Threat Protection capabilities are built in and fully integrated, so you can strengthen both pre-breach protection with deep capabilities across e-mail, collaboration services, and end points including hardware based protection; and post-breach detection that includes memory and kernel based protection and response with automation.
And our Security Management tools give you the visibility and more importantly the guidance to manage policy centrally
The crown jewels of any IT environment is the valuable information you manage. This session will explore techniques and Microsoft technologies that can ensure documents are well-managed, secured, and only available to approved individuals in your organization. We will also look at advanced ediscovery and data governance approaches and technologies that can support these.
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Cloud Security Issues and Challenge.pptxinfosec train
Cloud computing has reformed the way businesses operate these days. Today, the cloud is being adopted by an increasing number of enterprises.
https://www.infosectrain.com/courses/certified-cloud-security-engineer-training-course/
Cloudbrew 2019 - Threat hunting with the Microsoft CloudTom Janetscheck
With the release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to their new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
Similar to Webinar Mastering Microsoft Security von Baggenstos (20)
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
4. Themen
• Heutiges Bedrohungs-Umfeld
• Microsoft 365 Security
sowie Azure Security
(Compliance / Datenschutzgesetz)
• Best Practices bei der Einführung und
dem Betrieb von Sicherheitslösungen
• Fragen (im Chat) & Antworten
5. Durch das Webinar führen…
Martin Janisch
Partner Technology Strategist
Sven Heeb
Consulting, Projektleitung
Othmar Frey
Sales Director
6. Classified as Microsoft Confidential
Security Webinar
Martin Janisch
Partner Technology Strategist
16.08.2023
7. Classified as Microsoft Confidential
Attack surface is expanding due
to hybrid work
Rapid acceleration and increasing
sophistication of cybercrime
Rising cost of cybersecurity
risk mitigation and remediation
The increasingly
complex state
of cybersecurity
8. Relevance
Ransomware:
https://aka.ms/CISOWorkshop
Zero-days:
Breaching services on
a per job basis:
Exploit kits:
Loads (compromised device):
Spearphishing services:
Compromised accounts:
Denial of Service:
Highest average price
Most Common Passwords 2023 - Is Yours on the List? | CyberNews, based on
15.212 B from publicly leaked data breaches; last accessed on May 11th, 2023
9. Are SMB customers
subject to attacks?
“No one is interested
in my data anyhow.”
• Over 620 million ransomware attacks happened in 2021 globally. 1
• Of all ransomware attacks on enterprises in 2020, 55 percent hit
businesses with fewer than 100 employees, while an entire 75 percent
of attacks were on companies making less than $50 million in revenue. 2
• In fact, on average, victims of ransomware only recover around 65
percent of stolen data. 3
• “However, it’s safe to say that any business that uses a computer system
is at risk.” 4
• Average cost of a SMB data breach in 120K$ in 2018 5
Fact check
• Ransomware hackers might not be not interested in SMB customer data
– but the SMB customers are. If their data is encrypted/lost, they will
incur damage and cost immediately.
• Hackers are interested in money – and Ransomware-as-a-Service kits
allow for highly automized attacks of 10.000s of victims simultaneously
and easily.
• For public sector/sensitive data, data is often no longer encrypted
anymore – but rather used to threat making data public.
• Access to SMB customers cloud service accounts may allow hackers to
spin up crypto mining VMs – causing $100.000s of damage in days
Explaining the risk for SMB customers
10. The phishing threat landscape
The State of Cybercrime
710 million
phishing emails blocked
per week.
531,000
Unique phishing URLs hosted outside of
Microsoft taken down at the direction of our
Digital Crimes Unit.
1hr 12m
The median time it takes for an
attacker to access your private data if
you fall victim to a phishing email.
1hr 42m
The median time for an attacker to begin
moving laterally within your corporate
network once a device is compromised.
Phishing
emails with
Ethereum
wallet
addresses
Business email compromise themes
(January-June 2022)
Phishing page impersonating a
Microsoft login with dynamic content
11. Classified as Microsoft Confidential
Relevance
‘Time between Black Friday and Christmas favourable for Threat Actors
Threat Actors are Already Building Phishing Pages to Target Holiday Shoppers (cybersixgill.com)
‘Tis the Season for Online Shopping and Phishing Scams | Trustwave’
Evidence: >15 cases in Switzerland within the last 12 months; e.g.
2 Cryptojacking (28k in half a day, 464k in a few days in ACR)
1 Tenant Lockout
Local data shows that still, ~35 % (latest data even 47%!) of Azure Subscriptions
do not have MFA turned on for Owner / Administrator roles in Switzerland
Threat actor groups like ‘Conti’ have
company-like character
MFA activation
65%
35%
Yes
No
Avg. Secure Score
Conti ransomware leak shows group operates like a normal tech company (cnbc.com)
12. Classified as Microsoft Confidential
‘staggering 85% of 6,700 global security
practitioners say their companies do not
have a cybersecurity posture robust enough
to defend against risks relating to hybrid
work.’
13. 25.6billion
attempts to hijack enterprise
customer accounts detected
and blocked by Microsoft
from Jan – Dec 2021.
Identity & Access Management
Trends & Challenges
Identity is the New Battleground, Cyber Signals, February 2022
80% of attacks involve
identity-based techniques
14. Zero Trust
Attend a 2-day event for Partners: Security Through the Lens of Zero Trust here. The
training is also available On-demand.
Zero Trust Guidance Center | Microsoft Learn
Verify explicitly Use least privilege access Assume breach
Always authenticate
and authorize based
on all available data
points.
Limit user access with
Just-In-Time and Just-
Enough-Access (JIT/JEA),
risk-based adaptive
policies, and data
protection.
Minimize blast radius
and segment access.
Verify end-to-end
encryption and use
analytics to get
visibility, drive threat
detection, and
improve defenses.
15. Classified as Microsoft Confidential
Visibility across your entire organization
Secure your end users Secure your infrastructure
16. Classified as Microsoft Confidential
Microsoft 365 Defender Microsoft Defender for Cloud
Visibility Automation AI
Data
connectors
Security
analytics
Threat
intelligence
Modernize your SOC
with Microsoft Sentinel
Optimize security operations with cloud-native
SIEM powered by AI and automation
17. Classified as Microsoft Confidential
Microsoft Sentinel
Microsoft 365 Defender Microsoft Defender for Cloud
Endpoints Identities Cloud apps
Email Docs IoT
Protect end-user
environments with XDR
Stop attacks and coordinate
response across digital assets
18. Classified as Microsoft Confidential
Microsoft Sentinel
Microsoft 365 Defender Microsoft Defender for Cloud
SQL/Storage Server VMs Containers
Network Industrial
IoT
Azure App
Services
Secure multi-cloud
environments with XDR
Use industry-leading threat intelligence
and XDR capabilities to stop threats
19. Classified as Microsoft Confidential
8
3
18 21
7
Why is defense so difficult?
SecOps professionals must protect…
20. Classified as Microsoft Confidential
End Point
Attacks are crossing modalities
Typical human-operated ransomware campaign
Cloud apps
21. Classified as Microsoft Confidential
Protection across the entire kill chain
With Microsoft SIEM and XDR
Services stopped
and backups deleted
Files encrypted on
additional hosts
Browse to
a website
Phishing
mail
Open
attachment
Click a URL
Command
and Control
User account
is compromised
Brute force account or use
stolen account credentials
Attacker compromises
a privileged account
Domain is
compromised
Attacker exfiltrates
sensitive data
Attacker collects
reconnaissance and
configuration data
Email Endpoints Identities Workloads
Exploitation
and installation
Cloud apps
22. Classified as Microsoft Confidential
End Point
Protection across the entire kill chain
With Microsoft SIEM and XDR
Email Endpoints Identities
Cloud apps
Workloads
Malware detection
Safe links
Safe attachments
Endpoint Protection
Platform (EPP)
Endpoint Detection
and Response (EDR)
Verified ID
Permissions management
Privileged Access Management
Identity threat detection and response
Identity Protection
Workload threat protection
File share encryption
Control access
Protect data
25. Risk assurance by phases
Allows you to understand how
Microsoft security controls are
designed and operated by using
online resources such as:
• Service Trust Portal
• Compliance Manager
• Compliance Score, and
• Secure Score
All Microsoft controls have been
certified by independent third-parties
such following standards such as ISO
27001:2013, SOC 2, and FedRAMP
(NIST SP800-53).
By mapping your internal
requirements against these
frameworks, you will obtain 3rd Party
Certification over the design and
operation also of your controls.
Further confidence over the
operation of our controls may be
obtained by engaging a fully
independent third-party funded by
you as a customer.
For instance TruSight was founded
by a consortium of leading financial
service companies specifically for
this purpose.
Direct review of control evidences
is only possible through direct
audit engagements such as 1:1
and possibly group audits.
Currently, audits through the
Compliance Program are only
available to Financial Services
companies and organizations
performing privacy (GDPR)
assessments.
3rd Party
Certification
2
Service Review &
Education
1
External
Attestation
3
Direct Audit
Engagement
4
How Microsoft supports you in assessing & auditing our services
Compliance Program
Self-service Audit External
26. Microsoft Purview
Comprehensive solutions to help govern, protect and manage your data estate
Understand & govern data
Manage visibility and governance of
data assets across your environment
Safeguard data, wherever it lives
Protect sensitive data across clouds,
apps, and devices
Improve risk & compliance posture
Identify data risks and manage regulatory
compliance requirements
Microsoft ecosystem
Support for multi-cloud, hybrid, SaaS data | Third-party/partner ecosystem
32. Classified as Microsoft Confidential
140+3
Threat groups
65T4
Analyzing
Threat signals daily
50% increase
37B4
Blocking
email threats annually
Serving billions of global customers,
learning and predicting what’s next
Monitoring
40+1
Nation state-groups
Investing to improve and share
knowledge, gain insights, and
combat cybercrime
$20B1
in the next 5 years
60%
Up to savings, on
average, over
multi-vendor
security solutions
Keeping you
secure, while
saving you time
and resources
Trusted globally, protecting organizations’
multi-Cloud and multi-platform infrastructures
customers have chosen
Microsoft Security to
protect their
organizations
partners in security
ecosystem
860K4
15K1
Industry-leading security from Microsoft
1. Earnings Press Release, FY22 Q4. July 26, 2022, Microsoft Investor Relations
2. “Microsoft Digital Defense Report”. October 2021, Microsoft Security
3. Earnings Press Release, FY22 Q2. December 16, 2021, Microsoft Investor Relations
4. “Microsoft Security reaches another milestone—Comprehensive, customer-centric solutions drive results” blog – Microsoft Security
34. Best practices
• Secure Score / Messbarkeit im Unternehmen
• Vorstellung Produkte
• Defender for Servers
• Defender for Endpoint
• Defender for Office365
• Defender for Endpoint Vulnerability Management
• Beispiel Secure Score for Device / Exposure Score
• Azure Sentinel (Monitoring)
35. Secure Score Allgemein
Was ist Secure Score? (verschiedene Scores)
Microsoft Secure Score ist ein Tool, das die Sicherheit der Einrichtung und Konfiguration Ihres
Microsoft Tenant in einer einfachen Zahl ausdrückt.
• Empfehlung Microsoft 65% und höher
• Firmenziel Baggenstos 75 % bei Managed Service
Wie erreichen wir bzw. was ist unser Ziel?
• Secure Score Punkte: Absoluter Wert Abhängig von der eingesetzten Lizenzierung
• M365 Business Premium, M365 E3/E5 oder weitere Lizenzen
• Allgemeines Ziel: Technologische Weiterentwicklung fördern für Microsoft Produkte welche in der
Baggenstos Produktematrix sind.
• Doing: Wöchentlicher Abgleich (Endpoint, Messaging, Security usw.) innerhalb Core Team
Baggenstos bestehend aus Fachspezialisten (Consultants, Engineers)
• Managed Service Ziel: Technologische Weiterentwicklung der eingesetzten Produkte im Managed
Service
• Resultat: Massnahmenpakete erstellen via Ticketingsystem
• Umsetzung: Iterative Implementierung Managed Service Kunden
37. Worum geht es …
• Microsoft Defender for Servers erweitert den Schutz auf Ihre Windows- und Linux-Computer,
die in Azure, und lokal ausgeführt werden. Defender for Servers bietet weitere Features zum
Schutz vor Bedrohungen.
• Ist bereits auf jedem Server ab W2016 aktiv (Microsoft Defender Antivirus) aber aktiviert mit
maximaler Komptabilität
• Mit Defender for Server und entsprechender Konfiguration ist das Ziel maximale Security
• Sie unterscheidet sich von den typischen signaturbasierten Anti-Malware-Lösungen, die es
gibt, da sie Sensoren enthalten, um Verhaltenssignale von Betriebssystemen zu sammeln und
zu verarbeiten, und maschinelles Lernen (KI) verwendet, um verdächtiges Verhalten zu
erkennen.
• Microsoft Defender Servers ist im gleichen Zug eine zentrale Sicherheitsplattform (Portal) für
Endgeräte, die Unternehmen bei der Prävention, Erkennung, Untersuchung und Reaktion auf
fortschrittliche Bedrohungen unterstützt.
38. Defender for Servers
• Sie erhalten die Basiskonfiguration nach Baggenstos Baseline (Standard)
• Integration Azure Arc für Onboarding Onpremis Server
• Installation & Konfiguration Monitoring Agent
• Bereitstellen & Konfiguration der GPO’s für Defender Capabilities in Windows
• Onboarding (on-prem) Server in Defender for Cloud
• Exclusions für Business Applikationen setzen (bei Bedarf)
• Schulung Defender for Cloud
• Mailnotification oder Anbindung Ticketingsystem für Alerting (Azure Sentinel)
• Technische Features
• Next-generation protection (Maschine Learning / Künstliche Intelligenz)
• Attack surface reduction (Verringern der Angriffsfläche durch Regeln)
• Implementation Microsoft Defender Best Practises
• Centralized management (Security Portal)
• Security reports
• Lizenzvoraussetzungen:
• Microsoft Defender for Servers (CHF 5.– pro Monat pro Server)
40. Worum geht es …
• Analog Server, es handelt sich grundsätzlich um das gleiche Produkt. (Microsoft Defender
Antivirus)
• Unterscheidung im Onboarding der Clients
• Einfaches Onboarding via Intune Konfigurationsrichtlinen oder AD Gruppenrichtlinen
• Intuitives Security Portal für eine Übersicht aller Clients analog Server
• Alerting über Mail oder Ticketingsystem Anbindung (Azure Sentinel)
41. Defender for Endpoint
• Sie erhalten die Basiskonfiguration nach Baggenstos Baseline (Standard)
• Konfiguration & bereitstellen Intune Konfigurationsrichtlinien für Defender for Endpoint
• Onboarding mit Microsoft Endpoint Manager (Intune)
• Onboarding Clients
• Monitoring & Anpassung an ihre Systeme & Business Applikationen
• Mailnotification oder Anbindung Ticketinsystem für Alerting (Sentinel)
• Technische Features
• Er ist in Windows 10/11 eingebettet (kein zusätzlicher Agent muss bereitgestellt werden)
• Unterstützung für Windows 7/8 und Nicht-Windows-Betriebssysteme wie Linux, macOS, Android
und iOS
• Anti-Manipulation
• Endpunkt-Erkennung und -Reaktion (EDR)
• Attack Surface reduction
• Integration mit Microsoft Endpoint Manager
• Schwachstellenanalyse
• Suite-übergreifende Integrationen
• Integrierte Datentrennung und RBAC
• Tiefe Datensammlung (bis zu 6 Monate Datenspeicherung)
• Native Integration mit Azure AD Conditional Access
• Lizenzvoraussetzungen:
• Microsoft Defender for Endpoint Plan 1 oder 2, Microsoft365 Business Premium (Defender for Business)
43. Worum geht es …
Was ist Vulnerability Management? (Schwachstellenmanagement)
Das Vulnerability Management hat die Aufgaben die Verwundbarkeit in der IT-
Infrastruktur eines Unternehmens zu identifizieren und zu beheben. Das Ziel ist
die Reduzierung der Risiken für die IT-Systeme sowie die nachhaltige
Verbesserung der gesamten Sicherheitsniveaus.
Durch die Nutzung des Produktes priorisiert Defender Vulnerability Management
schnell und kontinuierlich die größten Sicherheitsrisiken für Ihre kritischsten
Ressourcen und bietet Sicherheitsempfehlungen zur Risikominderung.
• Software (Aktualität sowie Bugfixing)
• Browser Extensions
• Zertifikate
Fokus liegt auf Software Vulnerabilities sowie deren Bekämpfung.
44. Secure Score for Device / Exposure Score
Der Secure Score for Devices bzw. deren Empfehlungen kommen hauptsächlich
vom Defender for Endpoint.
Weitere Empfehlungen betreffen:
• OS, Netzwerk, Accounts, Applikationen
Secure Score for Devices Exposure Score
(Defender for Endpoint) (Vulnerability Management)
Empfohlener Wert
Microsoft 65% und
höher
Ziele Baggenstos
Microsoft 75% und
höher
Ziele Baggenstos
Microsoft 20 % und
tiefer
Empfohlener Wert
Microsoft 30 % und
tiefer
46. Worum geht es …
Microsoft Defender für Office 365 ist ein Sicherheitsdienst, der speziell für Office 365 entwickelt
wurde und Schutz vor komplexen Bedrohungen wie Phishing, Schadsoftware, Spam und
betrügerischen Business-E-Mails bietet.
• Drei Produkte
• Exchange Online Protection (Default Exchange Online)
• Microsoft Defender for Office365 P1
• Microsoft Defender for Office365 P2
Office365
47. Was bringen die einzelnen Services?
Exchange Online Protection
Defender for Office365 Plan 1 + 2
Lizenzvoraussetzungen: Microsoft Defender Office365 Plan 1 + 2, Microsoft365 Business Premium
48. Microsoft Sentinel
Sie erhalten die Basiskonfiguration für Ihr erfolgreiches Alert
Handling im Baggenstos Ticketsystem via Microsoft Sentinel
• Integrierte Defender Produkte (Baggenstos Standard)
• Microsoft Defender for Servers
• Microsoft Defender Antivirus
• Microsoft Defender Endpoint
• Microsoft Defender for Office365
49. Zusammenfassung – das Wichtigste!
Nutzen und konfigurieren Sie beim Einsatz von Microsoft
Cloud Services die lizenzierten Security Komponenten.
Überwachen und aktualisieren Sie stets die von Microsoft
erweiterten Security Funktionen.
Sensibilisieren Sie die Mitarbeitenden auf die möglichen
Bedrohungen und Schulen Sie das Verhalten bei
Unsicherheit.
What is the most typical case of fraud in the cloud?
It starts by stealing credentials, hackers target admin accounts without mfa, or breakglass accounts, sometimes breakglass accounts of a partner that gives them access to many customer subscriptions, or even mfa tokens stolen from an unmanaged device
Next step is to look for a subscription, may be production, but they even prefer test/dev subscriptions because nobody is monitoring those ones
Then they wait for the right time to start consuming resources, because they check for customer names, they analyze how to distribute the charge to get unnoticed, and then they deploy on a Friday evening so they have all the weekend to work without anyone watching them
Phishing continues to be a preferred attack method as cybercriminals can acquire significant value from successfully stealing and selling access to stolen accounts.
This year saw a significant increase in indiscriminate phishing and credential theft to gain information which is sold and used in targeted attacks such as ransomware, data exfiltration and extortion, and business email compromise, and also with attacks that will have a big impact on your side like cryptojacking: using your resources to do cryptomining activities.
To illustrate the scale of phishing and the speed of compromise, we’ve included some stats in the report.
This year we blocked an average of 710 million phishing emails per week.
In addition to the URLs blocked by Defender for Office, our Digital Crimes Unit directed the takedown of 531,000 unique phishing URLs hosted outside of Microsoft.
It takes just 1 hour and 12 minutes for an attacker to access your private data if you fall victim to a phishing email.
And one 1 hour and 42 minutes is the median time for an attacker to begin moving laterally in your corporate network once the device is compromised.
These last two data points come from Defender for Office (for malicious email/compromised identity activity), Azure Active Directory Identity Protection (for compromised identity events/alerts), Defender for Cloud Apps (for compromised identity data access events), M365D (for cross product correlation), and Defender for endpoint (for attack behavior alerts and events).
Phishing emails with Ethereum wallet addresses
Only a few days after the start of the war in Ukraine in late February 2022, the number of detected phishing emails containing Ethereum addresses encountered across enterprise customers increased dramatically. Total encounters peaked in the first week of March when half a million phishing emails contained an Ethereum wallet address. Prior to the start of the war, the number of Ethereum wallet addresses across other emails detected as phish was significantly less, averaging a few thousand emails per day.
Business email compromise:
Email phishing attacks against businesses for financial gain are collectively referred to as BEC attacks. Microsoft detects millions of BEC emails every month. BEC is the costliest financial cybercrime, with an estimated $2.4 billion USD in adjusted losses in 2021, representing more than 59 percent of the top five internet crime losses globally. BEC attackers normally attempt to start a conversation with potential victims to establish rapport. The introduction email, which we track as a BEC lure, represents close to 80 percent of detected BEC emails.
Phishing impersonating a Microsoft login with dynamic content
Microsoft accounts remain a top target for phishing operators, as evidenced by the numerous phishing landing pages which impersonate the Microsoft 365 login page. For example, phishers attempt to match the Microsoft login experience in their phish kits by generating a unique URL customized to the recipient. This URL points to a malicious webpage developed to harvest credentials, but a parameter in the URL will contain the specific recipient’s email address. Once the target navigates to the page, the phish kit will pre-populate user login data and a corporate logo customized to the email recipient, mirroring the appearance of the targeted company’s custom Microsoft 365 login page.
Let's start off with the why here and go through these trends + challenges we're seeing. [People don't own their identity data and don't really even understand where it is being used, regulations are increasing, we've already seen this with GDPR, and by next year 65% of the world will be covered by some kind of privacy regulation, and lastly the modern workplace is hybrid and we see that identity proofing processes are unsatisfactory for 82% of organizations.
Digital identity is a prime target for cybercrime and ransomware attacks. Compromised or fraudulent credentials are a very real and critical threat to public and private organizations today.
Today, your identity data is spread across countless entities and accounts, creating greater risks of fraud or breach. People once kept their valuable identity documents under lock and key. Plus, over 10 million people are stateless, and lack identity credentials.
Companies are questioning whether it’s even worth it to capture and manage personally identifiable data.
Pandemic and now hybrid work arrangements are a huge challenge to traditional identity verification process that tends to rely on the copies of physical documents (92% of orgs). Plus the Great Reshuffle - 4.5 million Americans resigned from their jobs in August 2021. 41% are considering leaving their employer.
So, how can we protect our customer subscriptions? We know that 98% of the attacks could be avoided by following the basic security hygiene. So, the first thing is protecting the identities, and one important strategy to protect them is to use Multifactor authentication. But this is not enough, we need to follow the zero trust principles. We must stop believing that everything behind our corporate firewall is safe, we always verify every request because we assume breach. And even when you have verified the request, the identity accessing a resource should only have the minimum rights to perform the task it has to do and just during the time it has to run the task, this applies to users but also to machine identities.
Zero Trust is a security strategy. It is not a product or a service, but an approach in designing and implementing these security principles.
We have special trainings for partners like this 2-day event for learning about Zero Trust, and a full Guidance Center on Microsoft learn, where you can learn all the concepts and have implementation guides for them.
Are you applying Zero Trust? Have you regular conversations and trainings with your customers about these topics?
20
21
22
Note: Per Gartner publication policy, alterations to this slide are not allowed.
Note: Per Forrester publication policy, alterations to this slide are not allowed.
Level 1
Education & learning: STP
Assess MS controls: Compliance Manager & STP (audit reports)
Evaluate Customer controls: secure score & STP (whitepapers)
Level 2: Independent Assurance
Certifications (multiple)
Level 3: External attestation
100% independent
External party has done evidence review on behalf of banks
Level 4: Directly observe control evidence
Group audit for efficiency
1:1 Audit upon request
Introducing Microsoft Purview!
To help organizations govern and protect data across their multi-cloud, multi-platform data environment, while meeting the compliance requirements they are subject to, we are announcing Microsoft Purview. Microsoft Purview is a comprehensive set of solutions to help govern, protect, and manage your data estate.
Microsoft Purview unifies information protection, data governance, risk management, and compliance solutions so that customers can manage their data all from one place. Now, they can leverage that visibility across their environment to help close exposure gaps, simplify tasks through automation, stay up-to-date with regulatory requirements, and keep their most important asset, data, safe.
With Microsoft Purview we bring together compliance and data governance
The risk and compliance portfolio joins with our unified data governance
Talk Track:
When you enable Microsoft Priva, from the Microsoft Purview compliance portal, in less than 48 hours, you start to see insights around personal data sprawl for your organization - how much personal data exists in your organization, where it lives, how it moves etc – no configuration needed. In this example, it shows that this tenant has 1.7K items with personal data found. These insights are also dynamically updated as new data comes in, helping Admin keep a pulse over time
Additionally on the dashboard, Admins can see this tile that summarizes the Privacy risks in their organization. There are 3 categories of privacy risks that are captured here, including
Data minimization risk, which identifies personal data that has not been used for a long period of time and is just sitting around in your org
Second, data overexposure risk, which identifies content with personal data that is being over shared,
Third, cross-border transfer risk, which identifies personal data that is being transferred across boundaries – regional or department data transfer.
This tile shows the total count of all such matches. Right from here Admins can drill down and inspect the violations
This view has been extremely valuable for our customers who have deployed the solution. Most of them did not have this level of visibility and insights into their personal data risks. For some organizations this amount of personal data could be pretty significant to begin with.
This view enables organizations to increase the awareness of privacy risks in their environment and take the right steps to make improvements
And it all comes together with Security Copilot at the heart of the Microsoft Security product portfolio.
Security is a defining challenge of our times.
The number of password attacks Microsoft detects has more than tripled in the last 12 months, from 1,287 per second to more than 4,000 per second
And the median time for an attacker to access your private data if you fall victim to a phishing email is only 1 hour and 12 minutes.
Defenders are simply outmatched. Attackers have more resources and don’t have to play by the same rules.
Add to that a global shortage of 3.5 million skilled cybersecurity professionals, and it’s no wonder that security incidents have become an everyday o ccurrence in organizations of every size, in every industry, and in every part of the world. So security professionals are up to huge challenge – a challenge that we believe we can help solve with Security Copilot.
Now, those are some jarring statistics. Net, net – the job is really tough. Let’s look at some specific challenges facing security analysts themselves now.
We’ve touched on this already, but one of the game changing aspects of this technology is that you can interact with it using natural language queries, the same way that you interact with your coworkers. Let’s take a look at what happens behind the scenes when you ask a natural language query because it may seem simple at face value but there is a lot of sophisticated processing and computation that’s taking place under the hood.
Here’s a very simplified look at what happens behind the scenes. After the user submits a prompt the Security Copilot planner determines the context and builds the plan using the available skills that come with Security Copilot. It then executes the plan and gathers all the necessary content and data. Next it combines that data and context, formats the data, works out the response and then delivers that response. This can happen in just seconds.
Once again this is a very simplified view, but I wanted to show you a little more on how it works. We’ve talked about the security-specific model a bit but let’s go a bit deeper there next.
Microsoft Defender for Cloud Secure score (Azure) https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Microsoft 365 Defender - Microsoft Secure Score (M365) Microsoft Secure Score | Microsoft Learn
Microsoft Secure Score for Devices (Exposure Score/Configuration Score) Microsoft Secure Score for Devices | Microsoft Learn
Microsoft Defender Exploit Guard
Kontrollierter Ordnerzugriff (schützt zum Beispiel systemordner
Reduzierung der Angriffsfläche (Sie kann zum Beispiel helfen, Office-, E-Mail- und skriptbasierte Malware zu stoppen)
Folgend die Microsoft 365 Defender Security Empfehlungen, welche durch die oben genannten Group Policies konfiguriert werden:
Microsoft Defender for Endpoint
Detect and block potentially unwanted applications (PUA)
Microsoft Defender Antivirus cloud protection
Always-on protection
Microsoft Defender SmartScreen (Wart vor verdächtigen Websites, schützt vor Phishing Websites, Führt Screening von Downloads durch
Microsoft Security Compliance Toolkit (SCT)
Plan costs, understand Microsoft Sentinel pricing and billing | Microsoft Learn
Credential Guard ist ein Schutz, um auf dem System verwendete Passwörter zu schützen, da diese ansonsten zugänglich für Schadsoftware auf dem System sich befinden. Diese Passwörter werden isoliert, sodass ausschliesslich System-Software den Zugang hat.
ASR
ASR ist eine Sammlung von Regeln, die den Microsoft Defender steuern, um das Windows System sicherer zu machen, indem es folgende Verhalten beeinflusst resp. nicht zulässt: [5]
Launching execuTabelle files and scripts that attempt to download or run files
Running obfuscated or otherwise suspicious scripts
Behaviors that apps do not usually occur during normal day-to-day work