User Profile
AshleyMartin
Former Employee
Joined 5 years ago
User Widgets
Recent Discussions
New Blog Post | Vulnerable SDK components lead to supply chain risks in IoT and OT environments
Read the full article here: Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Security Blog Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply chains, like Log4J and SolarWinds, have highlighted the importance of visibility across device components and proactively securing networks. A report published by Recorded Future in April 2022 detailed suspected electrical grid intrusion activity and implicated common IoT devices as the vector used to gain a foothold into operational technology (OT) networks and deploy malicious payloads. While investigating the attack activity, Microsoft researchers identified a vulnerable component on all the IP addresses published as IOCs and found evidence of a supply chain risk that may affect millions of organizations and devices. Original Post: New Blog Post | Vulnerable SDK components lead to supply chain risks in IoT and OT environments - Microsoft Community HubNew Blog Post | Investigating an Alert Using Defender for IoT and Wireshark
Investigating an Alert Using Defender for IoT and Wireshark - Microsoft Tech Community This blog will be one in a series of blogs to discuss the above topic. We will take specific Microsoft Defender for IoT alerts and try to understand what initiated the alert and if the issue is one needing further investigation or remediation or not. We will follow a basic sequence to start the analysis. This initial sequence will be used for all the investigations. As the blog progresses, if you have an alert of concern and you are willing to provide a pcap, we can follow this process for your alert. Any examples used would be scrubbed and addresses anonymized. Original Post: New Blog Post | Investigating an Alert Using Defender for IoT and Wireshark - Microsoft Tech CommunityVideo | Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution
Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution Presenters: Dolev Zemer & Tiander Turpijn This webinar reviews how Microsoft Sentinel and Microsoft Defender for IoT are driving together a convergence of OT and Corporate cybersecurity disciplines in defense of critical infrastructure. This unified solution provides the foundation for building a SOC geared towards IoT/ OT monitoring. and is globally applicable for organizations defending both IT/OT-based networks. All past webinars are available at: https://www.youtube.com/MicrosoftSecurityCommunity Original Post: Video | Better together: Microsoft Sentinel: IT/OT Threat Monitoring with Defender for IoT Solution - Microsoft Tech CommunityPublic Preview of the Defender for IoT Alerts page is now available via Azure Portal
We are very excited to announce the Public Preview of the Defender for IoT Alerts page is now available via Azure Portal! The Defender for IoT alerts page lets you enhance the security and operation of your IoT/OT network by aggregating real-time threats detected by your sensors. Use the Alerts page to: Investigate alerts by reviewing an extensive range of information, including MITRE ATT&CK framework for ICS Manage alerts by taking remediation steps on devices, network processes, or changing the device status or severity Stream alerts into Microsoft Sentinel to empower your SOC team https://ms.portal.azure.com/#blade/Microsoft_Azure_IoT_Defender/IoTDefenderDashboard/Alerts Additional information can be found here: documentation Original Post: Public Preview of the Defender for IoT Alerts page is now available via Azure Portal - Microsoft Tech CommunityNew Blog Post | Microsoft Defender for IoT - General Release Update
Microsoft Defender for IoT - General Release Update - Microsoft Tech Community In addition to our December announcement for the recent version of Microsoft Defender for IoT. Today we are excited to announce that our first General Availability (GA) release, version 22.1, is now available with additional Public Preview features via Azure portal to scale large environments and control the security components from a single pane of glass. In this release, the Defender for IoT sensor console has been re-designed to create a unified Microsoft Azure experience and enhanced and simplified workflows. Microsoft Defender for IoT's OT Sensor is a key component for deep packet inspection and OT environment analysis. The latest release emphasizes accessibility and reduces time to value by minimizing installation times for faster and more efficient deployment. Lastly, we have leveraged our detection capabilities to get broader security coverage, with an emphasis on customizing the alert engine to detect even the most minor changes in your business-critical environments. With this release we are introducing revamped unified user experience on both the sensor console as well as the Azure portal when performing detailed incident investigation and response. Original Post: New Blog Post | Microsoft Defender for IoT - General Release Update - Microsoft Tech CommunityDefender for IoT public webinars
These webinars will be held at 08:00-09:00 AM, PST. Sign-up at the links below! FEB 23 Microsoft Defender for IoT | Cloud Capabilities and Security Advantages In this session we will discuss the benefits of connecting Defender for IoT for OT/ICS environments to the cloud. Covering both security and manageability aspects and features and cross platform integrations MAR 24 Better Together | Microsoft Sentinel - IT/OT Threat Monitoring with Defender for IoT Solution In this session we will discuss how Microsoft Sentinel and Microsoft Defender for IoT are driving together a convergence of OT and Corporate cybersecurity disciplines in defense of critical infrastructure. This solution provides the foundation for building a SOC geared towards IoT/ OT monitoring. and is globally applicable for organizations defending both IT/OT-based networks APR 6 Microsoft Defender for IoT | How to Discover and Secure IoT Devices in the Enterprise Environment In this session we will share how Microsoft Defender for IoT is leveraging multiple data sources (including an agentless solution and Microsoft Defender for Endpoints) to discover and secure IoT devices in enterprise networks. Printers, cameras, VoIP phones and other unmanaged devices are posing an increasing risk to enterprises, and the need to identify and protect them becomes a cardinal priority for security teams. We will present our integrated solution and how it complements our OT security offering. Original Post: Defender for IoT public webinars - Microsoft Tech CommunityInvitation | Join the Microsoft Defender for IoT community to influence and earn swag!
Defender for IoT Customer - Join Defender for IoT private community! Access exclusive Defender for IoT content and best practices Be first to try our private previews and influence our features before they become GA Earn digital badges based on your level of contribution Live events To join, please fill out the form at https://aka.ms/SecurityPrP and select “ongoing program” NDA is required Cool swag for the first 50 members who sign up! make sure to fill in your shipping address in the form Are you already a member of our cloud security community? https://aka.ms/SecurityCommunity, Discussion group on LinkedInNew Blog Post | The Microsoft Intune Suite fuels cyber safety and IT efficiency
Original post: New Microsoft Intune Suite helps simplify security solutions - Microsoft Security Blog Today marks a significant shift in endpoint management and security. We’re launching the Microsoft Intune Suite, which unifies mission-critical advanced endpoint management and security solutions into one simple bundle. The new Intune Suite can simplify our customers’ endpoint management experience, improve their security posture, and keep people at the center with exceptional user experiences. Microsoft Security and Microsoft 365 deeply integrated with the Intune Suite will empower IT and security teams with data science and AI to increase automation, helping them move simply and quickly from reactive to proactive in addressing endpoint management and other security challenges. Microsoft Intune is an industry-leading, unified endpoint management solution that organizations depend on to ensure their devices, operating systems, and apps are up-to-date, protected, and performant. Yet evolving work habits and security threats, tougher economic climate, and growing diversity of devices mean that organizations need more help in reducing complexity. Consider this: in a recent survey, two-thirds of respondents were using more than ten tools to manage and protect their digital estate. 1 More individual tools mean more management overhead, more attack surface, and more licensing costs— all things organizations need to reduce.New Blog Post | Inexpensive solution for managing access to SQL health, performance & security info
Full blog post: Low-cost solution to manage access to SQL system health and performance (microsoft.com Microsoft Purview governance is well known for its ability to map, search and classify a customer's data estate. But there is a lot more. For example, the Microsoft Purview Data policy App is seamlessly integrated with the data map and can help you provision user access to data sources and datasets. In essence, you create the policy in one of the Data Policy Apps multiple experiences and that policy is then communicated and gets enforced on a set of data sources. One such experience is the Microsoft Purview DevOps policies, which focuses on access control to SQL system metadata. Because access is configured automatically from Purview, it eliminates the need for a SQL sysadmin to create local users and assign to them privileges. This helps curb insider risk.New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud
Full blog post: Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub In our previous blog “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” Yuri Diogenes emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. He delved into the core elements of posture management, including monitoring secure score improvement, enforcing governance rules, and engaging in proactive hunting. Building on that discussion, we now turn our attention to the vital aspect of proactive hunting in this follow-up article. Our goal is to provide technical insights and practical tips for reducing the attack surface and minimizing the risk of compromise through proactive hunting in cloud environments. This article will demonstrate how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency. Original post: New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community HubNew Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud
Full blog post: Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub In our previous blog “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” Yuri Diogenes emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. He delved into the core elements of posture management, including monitoring secure score improvement, enforcing governance rules, and engaging in proactive hunting. Building on that discussion, we now turn our attention to the vital aspect of proactive hunting in this follow-up article. Our goal is to provide technical insights and practical tips for reducing the attack surface and minimizing the risk of compromise through proactive hunting in cloud environments. This article will demonstrate how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency.New Blog Post | Why is Defender EASM Discovery important?
Full blog post: Why is Defender EASM Discovery important? - Microsoft Community Hub The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure. How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer. Original Post: New Blog Post | Why is Defender EASM Discovery important? - Microsoft Community HubNew Blog Post | Why is Defender EASM Discovery important?
Full blog post: Why is Defender EASM Discovery important? - Microsoft Community Hub The Defender External Attack Surface Management (Defender EASM) Discovery is an integral part of the external attack surface management process. Organizations often struggle to keep up with demanding business requests and create additional infrastructure not under their IT compliance. COVID increased pressure on organizations to allow employees to work from home and make rapid changes to new or existing infrastructure. How can you get an accurate picture of your risk with all these changes happening? How could you know where your attack surface is vulnerable? Defender EASM Discovery is the answer.New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method
Full blog post: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows. Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML. Original post: New Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community HubNew Blog Post | Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method
Full blog post: Defender for DevOps - Configuration of DevOps Pipeline Classic and YAML method - Microsoft Community Hub Microsoft Defender for DevOps shows the security posture of pre-production application code and resource configurations. Security teams can use the service to enable security checks for their templates and container images designed to minimize the chance that cloud misconfigurations reach production environments. Leveraging [insights] within Microsoft Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows. Defender for DevOps uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub, Azure DevOps and more to come. With an intent to help Security admins and developers, Azure DevOps provides two ways of configuration today. In this article we want to walk you through the configuration of Azure DevOps pipelines via the classic UI and YAML.New Blog Post | Enable IT personnel to monitor SQL health and performance while reducing the insider
Full blog post: Manage access to SQL system health and performance using Microsoft Purview DevOps policies, a type of RBAC policies It is common that IT personnel tasked with monitoring the health and performance of database systems be given very high privileges such as SQL sysadmin. This enables them to do their job but comes with significant risks. Those privileges enable them to read or modify the data that other users in the organization store in those databases. That data is commonly referred to as “user data”. Sometimes user data can be very sensitive, for example, the consolidated financial information of a public company prior to being disclosed in an earnings report, a technological achievement that gives the company a competitive edge, and customer or employee information that must be protected to comply with privacy regulations. Sensitive data may be leaked or tampered with because of malicious intentions or simply poor security practices. When that happens, the company usually suffers financial damage and litigation against its officers. Microsoft Purview DevOps policies support the Principle of Least Privilege (PoLP), which simply states that people should be given only the minimum access they need to be able to perform their job and no more. DevOps policies address the scenario of IT personnel tasked with monitoring the health and performance of database systems. This article showcases the experience for Azure SQL Managed Instance, the newest source supported for DevOps policies (soon to enter private preview). Azure SQL Database and SQL Server 2022 are already supported, and the configuration steps are linked at the end. First, register the Azure SQL MI in Microsoft Purview and enable Data use management. This means consenting that you would like to use Microsoft Purview to grant users access to the Azure SQL MI.New Blog Post | [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sent
Full blog post: [What's New] Extract Actionable Intelligence from Text-based Threat Intel using Sentinel Notebook (microsoft.com) With the increasing number and sophistication of attacks occurring across an organisation’s digital infrastructure, SecOps teams are increasingly using Threat Intelligence to document the operations of an actor group, to record their investigation framework, results, and any entities or IoCs discovered. A variety of entities, ranging from public and private organisations to social media platforms and the open source community, publish threat reports in the form of unstructured text data, blogs, and white papers, which describe the TTPs used by actor groups in an operation, and the best-practices that enterprises can adopt to protect themselves from these attacks. However, with the growing corpus of unstructured threat intel, it is not easy to extract the patterns of attack that an enterprise or the associated industry vertical has observed on its infrastructure.New Blog Post | Security and Compliance Easter Eggs in Microsoft's NEW Teams Premium
Full blog Post: Security and Compliance Easter Eggs in Microsoft's NEW Teams Premium Back in October, Microsoft introduced Microsoft Teams Premium (Premium) during Ignite, later announced Premium preview as a limited trial for commercial customers in December, and now generally available February 1. These updates likely went under the radar for many security and compliance professionals, as the solution's safeguards are buried within the valuable efficiency and collaboration enhancements. Admittedly there are some interesting meeting and webinar branding features, and I'm personally excited about the new note taking functionality (powered by OpenAI's ChatGPT) to generate tasks and flag moments in the recording where you're mentioned. However, the purpose of this blog is to highlight the meetings protection capabilities that come with Premium and address nuances an IT or security leader should consider prior to procuring the add on.New Blog Post | Help safeguard data and reduce risk with compliant communications
Full blog post: Help safeguard data and reduce risk with compliant communications - Microsoft Community Hub Corporate communication channels continue to proliferate as a result of hybrid collaboration and engagement with customers across multiple mediums and devices. This has also resulted in regulatory agencies, such as the Securities and Exchange Commission (SEC), shifting their regulatory requirements to include work-related communications on all devices and platforms. With stronger enforcement stances and increases in communication volume across platforms, organizations are finding it difficult to sift through volumes of communications to help meet regulatory compliance requirements. These elevated compliance standards also result in higher fines. For example, in the United States, the SEC imposed $1.8B in fines on Wall Street firms because employees violated communication requirements by discussing business matters using personal devices and text messages. Across Microsoft Teams, Outlook and apps like Instant Bloomberg, Microsoft Purview Communication Compliance provides the tools to help organizations detect regulatory (e.g. SEC or FINRA) and business conduct compliance violations, such as the sharing of sensitive or confidential information, harassing or threatening language, and sharing of adult content. Built with privacy by design, usernames are pseudonymized by default, role-based access controls are built in, investigators are opted in by an admin, and audit logs are in place to help ensure user-level privacy. Recently we have rolled out capabilities that help companies better sift through potential communication violations with the right policies, attributes and filters to enable better detection and investigation of policy violations.Feedback Opportunity: Defender for Servers Capabilities Survey
Help us understand how we can provide better protection within Defender for Servers! Microsoft Defender for Cloud (MDC) helps customers improve their security posture by getting visibility and remediating vulnerabilities through Cloud Security Posture Management (CSPM) and to protect against threats through Cloud Workload Protection (CWP) capabilities. MDC has a Defender for Server plan that secures and protects servers on-prem and in multi-cloud environments, including cloud-native protection, agentless and agent-based scanning, on top of leading EDR capabilities (from MDE). We're conducting this survey to understand how you currently use Defender for Servers and how you find the current capabilities useful in protecting your cloud, as well as to get your input on how we might provide better protection within Defender for Servers. Please use this 5-minute survey to provide your thoughts and priorities. https://forms.office.com/r/5PBkHbmEMb Original Post: Feedback Opportunity: Defender for Servers Capabilities Survey - Microsoft Community Hub
