Category Archives: Security

Microsoft Sentinel – Getting started with Automation Rules and Playbooks to help automate threat response

Microsoft Sentinel’s automation rules give you the ability to develop and organize rules that can be used in a variety of scenarios, allowing you to manage automation from a central location. A playbook is a compilation of various corrective actions that may be routinely executed from Microsoft Sentinel.

When triggered by specific alerts or incidents, as determined by an analytics rule or an automation rule, a playbook can help automate and orchestrate your threat response. It can be used manually or set to run automatically in response to specific alerts or incidents.

Take a look at this video on getting started with Automation Rules & Playbooks

Regards

Sathish Veerapandian

Azure Sentinel – Use of Microsoft Sentinel Analytics Rules & Data Connectors to detect potential threats

Enterprise-wide threat information and intelligent security analytics are provided by Microsoft Sentinel. A single solution for attack detection, threat visibility, proactive hunting, and threat response with Microsoft Sentinel.

Microsoft Sentinel Analytics provides an intelligent solution that you can use to detect potential threats and vulnerabilities in your organizations.
Microsoft Sentinel Analytics helps you detect, investigate, and remediate cybersecurity threats.

Additionally, Microsoft Sentinel includes built-in worksheet templates so that as soon as a data source is connected, you may instantly acquire insights from your data.

Take a look at this video !

Starting from scratch – Microsoft Sentinel as a SIEM & SOAR solution in your environment

It’s close to 4 yrs that Azure sentinel has been in the market and lot of organizations are utilizing them fully in their Secops Team and the SIEM cloud native tool have been doing a great job.

Many businesses use Office 365, and they are expanding their use of the sophisticated security and compliance tools offered by Microsoft 365. To fully comprehend an attack, you frequently need to mix security data from users and end point applications with data from your IT environment and third parties. If you could accomplish all of this while staying within a single cloud provider’s compliance guidelines, that would be perfect.

Take a look at this video on getting started with Microsoft Sentinel in your Environment.

Hope you enjoyed this video !!

Manage the endpoint security through Microsoft defender for endpoint

Today in this video we will look at how to manage the endpoint security through Microsoft defender for endpoint.

Hope you enjoyed this video !!

Utilize Intune endpoint security policies for Account Protection in Windows devices

Microsoft has invested a lot of new upgrades in end point security in the last few of years. We can use Intune endpoint security policies for account protection to safeguard users’ identities and accounts, as well as control device built-in group memberships. In the end point security policies we can do the account protection and we will have a look at the settings in this article

To get started navigate to endpoint security and click on account protection. Here we have the opportunity to create an account protection policy.

When creating the new policy at the time of writing this blog we have option to create the policy for the platform Windows 10 and later. And the profile is targeted for two profiles local user group membership or account protection which is in preview state at this moment.

When creating for local user group we have the below options where we can select administrators and other set of user groups as we see below.

Continue reading

Microsoft Teams – Enable end to end encryption for Teams Calls

Teams encrypts all communication by default with industry-standard technologies including Transport Layer Security (TLS) and Secure Real-Time Transport Protocol (SRTP). By default TLS authenticates all traffic and encrypts them. SRTP is used for media traffic and also encrypted. And by default they are definitely Trustworthy and this end to end encryption is definitely not required unless there is a specific business case.

Last month Microsoft announced the public preview of the end to end encryption as per this blog

The goal of end-to-end encryption is to prevent data from being read or secretly manipulated by anybody other than the sender and recipient. The sender encrypts the calls, chats & files, but the third party or even the service provider has no way of decrypting them and stores them encrypted. The recipients obtain and decrypt the encrypted data on their own.

There may be a situation when a few participants are dealing with business-critical data or sensitive information, and they want more increased security to meet their compliance and regulatory obligations. In some circumstances, end-to-end encryption can be used to accommodate those scenarios, and it can be enabled exclusively for those users who are specifically targeted.

Continue reading

Tips and tricks to secure Microsoft 365

If you are using any of Microsoft’s business plans, you are likely to be targeted by hackers. The following guide will help you boost the security of your organization. This guide will help you meet the goals outlined in the handbook by Harvard Kennedy School Cybersecurity Campaign.

If you have Microsoft Business Premium, you can set up security by following the guide in Microsoft’s Library: Microsoft 365 for Smaller Businesses and Campaigns. The guidelines here were outlined in partnership with Microsoft’s Defending Democracy team. The guide protects small business customers against cyber threats.

It is crucial that you determine your Microsoft 365 Secure Score in Microsoft’s 365 security center. There is a centralized dashboard from where you can improve the security of your Microsoft 365 apps, data, devices, identities, and infrastructure. You gain points for installing the recommended security features and addressing recommendations with third-party software or application. Here are ways you can secure Microsoft 365.

1. Set Up Multi-Factor Authentication

Multi-factor authentication is the easiest and most effective way of boosting the security of your firm. Logging in to multi-factor authentication entails typing a code sent to your phone so you can access Microsoft 365. This is also known as 2-step verification. This move prevents hackers from accessing your account if they know your password.

To add the 2-step verification to your Microsoft account, you need to add a setting that requires you to log in with multi-factor authentication. After making this change, you will be prompted to set up your phone for 2-factor authentication the next time you are logged in.

2. Create Awareness

The Harvard Kennedy School Cybersecurity Campaign handbook provides further guidance on how to promote security awareness in your organization. This includes training users on how to spot phishing attacks.

Microsoft also recommends users to use strong passwords, protect their devices, and enable the security features on their Windows 10 and Mac PCs. Users are also required to protect their email accounts.

Continue reading

Enable Modern Authentication on Microsoft Teams Room Devices

As we all know the basic authentication will be retired for Office 365 sooner and its high time for us to enforce Modern Authentication on all clients. When most of the organizations have already enabled Modern Authentication which is a good sign. However there are cases where the modern authentication cannot be interactive for the 2nd factor authentication ,needs some planning on those special cases and they have exceptions. For instance Room Systems they are having resource accounts with Teams Enabled and Exchange Online where these resource accounts cannot have modern authentication enabled with MFA like normal user accounts to approve for the 2nd factor authentication.

Post Microsoft Teams Room App version 4.4.25.0 we have the option to enable Modern Authentication on the devices capable of hosting Microsoft Teams Meeting. The account management of the Teams Room devices is set at the application level.

Continue reading

Cloud DLP and Regulatory Compliance: 3 Things You Must Know

This article was originally published at nightfall.ai

It’s well-established that a data breach is an extremely costly event. By some estimates, a data leak can cost a small to medium-sized business more than $7.68 million per incident.

Compliance regimes may seem burdensome, but the goal of these policies is to prevent a devastating data breach that can bankrupt a business and cause myriad problems for consumers. It’s important to understand the differences between compliance and security, as well as how data loss prevention (DLP) allows your organization to accomplish both objectives efficiently and affordably.

Here’s what you need to know about cloud DLP and prevalent compliance policies like HIPAA, GDPR, and others.

Cloud compliance vs. cloud security: what’s the difference?

Cloud compliance and cloud security overlap, but these are two different areas of practice. Cloud compliance refers to the regulations and policies designed to protect individuals and companies from the impact of data loss. More specifically, compliance focuses on the type of data collected and stored by a business, as well as the regulatory frameworks that apply to data protection. Cloud security is made up of the physical tools and platforms that protect and defend customer and company data. This could include software like VPNs, DLP platforms like Nightfall, and tools like multifactor authentication. Cloud security also requires action-oriented cloud security policies that are updated regularly to reflect changes in the business and new online threats

Continue reading

Microsoft Teams – Deploy Information barrier policies for your organization.

Information barrier policies is an another security enhancement feature in Microsoft Teams. With this new component it helps the organization to enforce policies which prevents the communication between specific group of people. This is primarily helpful and beneficial for the organizations who are into manufacturing and production units where they would need to adhere certain industry standards and guidelines usually to avoid conflicts of interest.

Before we actually move into deploying the information barrier policies segmentation of the users needs to be done.Ideally the business requirement which falls into compliance category to prevent communications between groups of users in Microsoft Teams. For example a person from Marketing Team cannot make a call,send instant messages or share his desktop to Research department. It can be vice versa or its is only one direction. All the sets of users needs to be identified because this contributes to the number of the segments that we are going to create for this policy to prevent the communication between them.

Continue reading
%d bloggers like this: