Console Wars - A Bit of Security for June 24, 2024
Your cybersecurity console is the hub of your incident response capability, and the anchor for your information security program. How well does your vendor listen to your requirements? Listen to this -
Let me know what you think in the comments below.
#cybersecuritytips #console #platform #securityplatform #BitofSec
https://youtu.be/NNF5HV4McM8
#securityplatform
Just Posted: Sulagna Saha's article on Gestalt IT explores Tanium's unified approach to cybersecurity with its XEM platform, advocating for its one-agent solution that offers visibility, control, and remediation across all network endpoints. #Data #Exclusive #Ransomware #Security #SecurityPlatform
https://gestaltit.com/exclusive/sulagna/a-united-security-front-with-tanium-xem-platform/
𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐀𝐏𝐈 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐃𝐚𝐬𝐡𝐛𝐨𝐚𝐫𝐝
Microsoft Defender for API plan provides amazing capabilities like
➡️visibility to business-critical managed APIs
➡️security findings to investigate and improve your API security posture
➡️sensitive-data classification (API data classification)
➡️real-time threat detection that generates alerts for suspicious activities.
➡️misconfiguration finding
➡️security recommendations
and more.
Defender for API Security Dashboard allows you to visualize the state of your API posture for the API endpoints that you have onboarded to better understand your unhealthy recommendations and the identified data classifications, authorization status, usage, and exposure of your APIs.
#azure #microsoftsecurity #microsoft #defender #xdr #api #apisecurity #soc #monitoring #cybersecurity #securityplatform #security #cloud #cloudnative #threat #threatdetection
What's new in Microsoft Defender for Cloud?
Updates in May include:
➡️New alert in Defender for Key Vault
➡️Agentless scanning now supports encrypted disks in AWS
➡️Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud
➡️Onboard selected AWS regions
➡️Multiple changes to identity recommendations
➡️Deprecation of legacy standards in compliance dashboard
➡️Two Defender for DevOps recommendations now include Azure DevOps scan findings
➡️New default setting for Defender for Servers vulnerability assessment solution
More details: https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes#may-2023
#microsoft #azure #devops #cloud #aws #compliance #gcp #defender #defenderforcloud #cnapp #cspm #cwpp #soc #cloudsecurity #multicloud #securityplatform #microsoftsecurity
Automatically disrupt adversary-in-the-middle (AiTM) attacks with Microsoft XDR
Microsoft announced expansion of automatic attack disruption to include adversary-in-the-middle attacks (AiTM) attacks, in an addition to the previously announced public preview for business email compromise (BEC) and human-operated ransomware attacks.
#microsoft #email #business #AiTM #bec #xdr #azure #soc #securityplatform #defender #defenderforidentity #defenderforcloudapps #defenderforendpoint #microsoft365defender #cloudsecurity #securityanalytst
Policy Analytics for Azure Firewall to help IT teams manage the rules in the Azure Firewall policy over time is now general availabe.
This feature provides critical insights and surfaces recommendations for optimizing Azure Firewall policies to strengthen security posture.
Key capabilities available in the Azure portal include:
- Policy insight panel: Aggregates policy insights and highlights policy recommendations.
- Firewall flow logs: Displays all traffic flowing through the Azure Firewall alongside hit rate and network and application rule match.
- Rule analytics: Displays traffic flows mapped to destination network address translation (DNAT), network, and application rules.
- Single-rule analysis: It analyzes traffic flows matching the selected rule and recommends optimizations based on those observed traffic flows.
#azure #azurefirewall #firewall #cloud #cloudnetworking #azurenetwork #azurenetworksecurity #flow #flowlogs #policyanalytics #microsoft #soc #secops #securityplatform
Microsoft Defender Threat Intelligence (Defender TI) is now available to licensed customers within the Microsoft 365 Defender (M365 Defender) portal, placing its powerful threat intelligence side-by-side with the advanced XDR functionality of M365 Defender.
Use Cases
➡ Advanced hunting with Defender TI IOCs against the logs and Events within Microsoft 365 Defender
➡Upload IOC to a storage account\public GitHub
➡Using KQL Externaldata operator as correlation source and proactive hunting and enabling custom detection on M365 Defender
➡M365 Defender Raw Event Detection
➡M365D Raw events flow into Sentinel with the M365 Defender Data connector
➡MDTI Feeds flow into Sentinel with MDTI Data connector
➡Manual TI correlation rule
#DefenderTI #TI #threatintelligence #MicrosoftDefenderThreatIntelligence #xdr #soc #securityplatform #securityanalytst #m365defender #microsoft365defender #microsoft #azure #intelligence #ioc #threathunting #ttp
Discovering internet-facing devices using Microsoft Defender for Endpoint
MDE is expanding device discovery capabilities through our existing network telemetry and RiskIQ integration.
Find out how to discover your internet-facing devices through Microsoft 365 Defender portal and Advanced Hunting.
#mde #edr #xdr #discovery #easm #riskiq #microsoftsecurity #microsoft365defender #advancedhunting #hunting #kql #soc #securityplatform #secops #network #discovery #microsoft #cloudsecurity
@justaq meh, depends on the defender's knowledge and scope of interest. At the SMB level, 100% - they need a lot of help but can't usually afford the tools/personnel necessary. At the mid-large enterprise level, we should be in a place where we are using #AI to complement our efforts, with well-established policies and monitoring capabilities. Using AI against AI is the only way to be successful and keep up with trends. If you don't have some sort of #ML or #AI integrated with your #SecurityPlatform, then yeah - you're in serious trouble. #Hackers are using #AI and #RaaS (which may have a ML backend) already - and that is #ScaryAsFuck
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst