Getting the community started

Respected Contributor

This is cool, I've been contributing to the MS Tech Community for years, but have never had the chance to be the first person to post in a new group. 


My question to everyone is, when looking for threats, which tool, platform, center do you start with and why?

4 Replies
Congratulations Dean, that's awesome! I can't remember when I was the first one posting in a modern community. I only remember the time around 1998 when I was actually the only one somewhere out there :see_no_evil_monkey::> We are happy to have you in our community, and hope you help us make it interactive!

Started with MSN 2.0 here, and don't even mention n.a.n-a.e.

 

To answer the poster's question, I would say don't initially focus on the tech. 

 

1) stay on top of news sources

2) operate an Abuse mailbox unless your helpdesk product is up to processing e-mail threats

3) if you have mail flow rules doing detection, get them to trigger action

4) ask your helpdesk to bring cases and even fixes that involved a security aspect to your attention

 

These measures are intended to help you spot the threats you don't see or have not arrived yet. We use a collection of third-party systems not germane to this question, and I tend to just use the MS tools for remediation.

@Dean Gross 

It depends on threats, platform and infrastructure. 

Windows Defender and MDATP are great tools to investigate and hunt threats.

We also create policies in place to make sure threats won't get in in first place.

In general we do security assessment based on configuration and propose best practices and design defensive techniques.

 

@Dean Gross Azure Sentinel as it simply aggregates everything into one simple screen to review but also includes advanced hunting if need be.