Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.
Designing a Robust Defense for Operational Technology Using Azure Defender for IoT
Operational Technology presents many special challenges from a security perspective. The most effective way to improve security is to monitor and analyze network traffic. Since this can be done non-intrusively in most circumstances, it flies 'below the radar' of the OT traffic and can provide valuable insights into network design, assets, machine configuration and potential threats. As a control system engineer, I designed, commissioned and refined complex Distributed Control and Programmable Logic control systems used in power production for many years. Gradually my role transitioned to one of securing these systems from cyber attack. In a large public utility, I developed the strategy and implemented the changes necessary to make this possible. I hope you find my insights valuable and actionable. I would love to hear from you, e-mail me at v-henrysierk@microsoft.comAzure Defender for IoT Raw-Data and ICS MITRE ATT&CK Matrix Mapping via Azure Sentinel
A series of major cyberattacks across industries served as a wake-up call that the traditional “air-gapped” model for OT cybersecurity had become outdated in the era of IT/OT convergence and initiatives such as Smart Manufacturing and Smart Buildings. And the IoT and Industrial Internet of things (IIoT) are only getting bigger. Analysts predict we’ll have billions of IoT devices connected worldwide in a few years, drastically increasing the surface area for attacks. By incorporating agentless technology from Microsoft, Azure Defender for IoT enables IT and OT teams to identify critical vulnerabilities and detect threats using IoT/OT-aware behavioral analytics and machine learning— all without impacting availability or performance, we will detail in this blog post how to ingest Azure Defender for IoT Raw-Data to Azure Sentinel and cover the ICS MITRE ATT&CK matrix via analytics rules!Monthly news - May 2024
Microsoft Defender XDR Monthly news May 2024 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from April 2024.Monthly news - November 2023
Microsoft 365 Defender Monthly news November 2023 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from October 2023.Monthly news - December 2023
Microsoft Defender XDR Monthly news December 2023 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from November 2023.
Section 52 Releases an Open Source Forensics Tool for Siemens PLCs
The ICS domain has few open-source tools that allow non-experts to investigate their PLCs. Open-source tools are becoming an important diagnostic instrument, and may prevent attackers from succeeding by providing security intelligence to response teams. Microsoft’s Defender for IoT’s security research team, Section 52 is committed to ensuring that our customers are empowered to secure their networks, down to the PLC level, and to developing open-source tools alongside our research efforts. Last month at Security Week’s Industrial Control Systems (ICS) Cyber Security Conference held in Atlanta, Georgia, senior researcher Maayan Shaul presented a lecture, “Deep Dive into PLC Ladder Logic Forensics” on how to use our newly released open-source tool to perform proactive incident response in a real-life environment.
