Jul 02 2020
07:11 AM
- last edited on
Dec 23 2021
11:02 AM
by
TechCommunityAP
Jul 02 2020
07:11 AM
- last edited on
Dec 23 2021
11:02 AM
by
TechCommunityAP
This is cool, I've been contributing to the MS Tech Community for years, but have never had the chance to be the first person to post in a new group.
My question to everyone is, when looking for threats, which tool, platform, center do you start with and why?
Jul 02 2020 12:24 PM
Jul 03 2020 05:35 AM
Started with MSN 2.0 here, and don't even mention n.a.n-a.e.
To answer the poster's question, I would say don't initially focus on the tech.
1) stay on top of news sources
2) operate an Abuse mailbox unless your helpdesk product is up to processing e-mail threats
3) if you have mail flow rules doing detection, get them to trigger action
4) ask your helpdesk to bring cases and even fixes that involved a security aspect to your attention
These measures are intended to help you spot the threats you don't see or have not arrived yet. We use a collection of third-party systems not germane to this question, and I tend to just use the MS tools for remediation.
Jul 03 2020 07:26 AM
It depends on threats, platform and infrastructure.
Windows Defender and MDATP are great tools to investigate and hunt threats.
We also create policies in place to make sure threats won't get in in first place.
In general we do security assessment based on configuration and propose best practices and design defensive techniques.
Jul 08 2020 04:13 PM
@Dean_Gross Azure Sentinel as it simply aggregates everything into one simple screen to review but also includes advanced hunting if need be.