User Profile
CloudHunter007
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Re: Ninja Cat Giveaway: Episode 4 | Defender Experts for Hunting Overview
1. Defender Experts for Hunting Defender Experts for Hunting is a managed service offering by Microsoft that is specifically aimed at conducting proactive hunts 24/7/365 across endpoints, identity, email, and cloud apps using Microsoft 365 Defender telemetry in order to prioritize significant threats and improve your overall defensive posture and SOC response. This is achieve in through the following: a. Threat Hunting and analysis b. Defender Expert Notifications c. Experts on Demand d. Hunter-trained Artificial Intelligence (AI) e. Reports 2. Threat Hunting defined: Almost 10 years ago, in 2014, Microsoft Enterprise Cloud Red Teaming released a white paper on it's core philosophy of 'Assume Breach'. This philosophical shift in mindset resides at the foundation of what Threat Hunting is about. Threat Hunting is a proactive, intentional effort to enhance an organizations defensive posture. This is accomplished by developing a hypothesis for a hunt and interrogating the operational environment to confirm the presence or absence (validate) a hypothesis. As the threat landscape continues to evolve, proactive hunts can also be tailored to validate the absence of a known actively exploited threat vector. Threat Hunting is a proactive measure used within the overall strategy of a Defense-In-Depth approach. Like active security in the physical world focused on key terrain, the same should take place in our digital world. Especially with cloud computing where identity is the new perimeter. I'm really enjoying the content, thank you!51KViews1like0CommentsRe: Ninja Cat Giveaway: Episode 3 | Sentinel integration
HeikeRitter Hello Heike, great show! Thank you for having Javier on. EBA == User and Entity Behavior Analytics UEBA uses Artificial Intelligence (AI) and Machine Learning (ML) algorithms used to establish a user and entity baselines and then monitor/identify anomalies, impossible travel, and/or any other inconsistent behaviors from established baselines. Originated from FinTech as a means to minimize credit card fraud. SOAR == Security, Orchestration, Automation, and Response is needed as SOC analysts have to do more with less. SOAR can also reduce alert fatigue in Analysts by handling common activities / alert and when a certain threshold is exceeded, alert the SOC Analyst to events they should really focus on. This is a critical capability. One of my favorite features of Sentinel is the Fusion Analytic correlation engine that uses 10's of trillions of signals (daily) with AI/ML to produce low noise, high fidelity alerts. This dynamic content feeding Sentinel raises the bar from static on-premises manual processes into a continuous cloud powered platform! I particularly like how Sentinel can bring in visibility from other Defender Security solutions, cloud providers, on-premises infrastructure via Azure Arc and provide dashboards with dynamic displays in a single pane of glass. I also like how Kusto Query Langauge (KQL) can be used in M365 Defender, Sentinel, Log Analytics, and Azure Data Explorer. One common language used to deeply explore, enrich, and correlate information across various Azure security solutions (MDE,MDI,MDC,MDO, etc). Lastly the automation demonstration through logic apps and the Microsoft 365 Defender connector in Sentinel was great! This cross-functional integration of telemetry woven into and through the Azure security solution stack is impressive and very useful when it comes to event/alert enrichment, correlation, thus illuminating the operational environment folks are responsible for defending.51KViews1like0Comments
Groups
Recent Blog Articles
No content to show