Getting started with Identity security can often seem like a daunting task, especially for modern organizations wrangling hybrid, multi-domain environments. Minor misconfigurations can lead to unnecessary stress on Identity infrastructure or worse, blind spots in protection. Over the past few months our team has been working hard streamlining deployment and this new PowerShell module is […]

It is great to see that more and more repositories, blogs and other sources share security related KQL content. Therefore this post provides an updated list of KQL Security Sources to start the new year. These sources can help you to kickstart your KQL knowledge for the upcoming year, by providing learning material, detection rules, hunting queries […]

Silobreaker produces a reputation score for indicators of compromise (IOCs) based on a variety of open and commercial intelligence sources. Silobreaker users can now also access MDTI’s rich reputation scoring against IOCs, specifically IP addresses and domains, using Silobreaker’s 360 Search. MDTI’s reputation feature combines the power of its raw and finished threat intelligence, which […]

When a user updates an asset in Microsoft Purview, data map history logs that change and makes the information available in the Microsoft Purview portal. Information about who added or edited an asset, what edits were made, and when the edit happened, is stored for reference later. This information helps data auditors and business owners […]

Microsoft has released playbooks for security incident scenarios of Compromised and malicious applications investigation but also App consent grant investigation. In case of a true positive alert, the workload identity should be blocked for further malicious activity. In general, there are two different options to stop further sign-in activity by using Portal UI or Microsoft […]

Scanning is a key function that captures metadata from data sources and brings it to Microsoft Purview. In Microsoft Purview Data Map terminology, there are three different levels of scanning based on the metadata scope and functionalities: L1 scan: Extracts basic information and metadata like file name, size, and fully qualified name L2 scan: Extracts […]

Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect attackers early in the kill chain and disrupt advanced attacks. Deception is a new feature for Microsoft Defender for Endpoint part of Defender XDR and is now in public preview. The new feature […]

In the ever-evolving realm of cybersecurity, where threats often lurk unseen, the role of defenders is increasingly becoming proactive. It’s a shift from merely guarding to actively hunting – seeking out the elusive adversaries before they strike. Enter MDI, which empowers security teams to transform into vigilant hunters. With cyber threats becoming more sophisticated, the […]

Over the past three years, a notable shift has unfolded in the realm of cloud security. Increasingly, security vendors are introducing agentless scanning solutions to enhance the protection of their customers. These solutions empower users with visibility into their security posture and the ability to detect threats — all achieved without the need to install […]

By default, users in your organisation can create new app registrations in Microsoft Entra. This means that, if configured, they can also request an admin to consent permissions to said application to meet the needs of the business. When permissions are consented to the applications, and the application is functioning as expected, it is often […]

During Ignite 2023, Microsoft announced many different incarnations of Copilot. Perhaps you’ve missed this, but it was very hard to do so. With these new functions, Microsoft also introduced information on several security and compliance features. Two important aspects of this blog (in my opinion) were the introduction of the AI Hub, but also the […]

Today, Microsoft is excited to announce their latest addition: agentless malware scanning for servers. This marks an important step in our trajectory towards hybrid VM security, where we combine agent-based and agentless protection to ensure comprehensive coverage across Azure, AWS, and GCP environments. Agentless malware scanning seamlessly incorporates into our agentless scanning platform, now also […]

This blog covers Defender for Identity, how to install it, and not the full configuration!

Microsoft Defender for Identity leverages Secure Score with fourteen recommended actions. This one in the series of blogs goes about the “Stop clear text credentials exposure” recommended action.

One of the challenges of managing Sentinel instances in multi-tenant scenarios is ensuring consistent and secure deployment of Sentinel resources (connectors, analytics rules, playbooks, workbooks, etc.) across different Sentinel instances. Manually configuring these components for each tenant can be time-consuming, error-prone, and difficult to scale. Using Azure DevOps to automate and streamline the deployment and […]

In recent years, software supply chain vulnerabilities and related supply chain attacks have become a major concern for security teams across industries. As software systems become increasingly complex and software developers rely more on open-source software packages and commercial third-party software components, it has become difficult for security teams to keep track of and mitigate new […]

“How do we steer clear of the data leak quicksand that comes with employees using personal software like Dropbox, Google Drive, and ChatGPT, while still keeping corporate data and productivity flowing smoothly?”