The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly (or not so covertly) penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities.
The post The art and science behind Microsoft threat hunting: Part 1 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

How to investigate service provider trust chains in the cloud

This blog outlines DART’s recommendations for incident responders to investigate potential abuse of these delegated admin permissions, independent of the threat actor.
The post How to investigate service provider trust chains in the cloud appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

Protect your business from password sprays with Microsoft DART recommendations

This blog discusses DART’s investigation techniques and approach to responding to password spray attacks while outlining recommendations for protecting against them.
The post Protect your business from password sprays with Microsoft DART recommendations appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

A guide to combatting human-operated ransomware: Part 2

In this post, we will tackle the risks of human-operated ransomware and detail DART’s security recommendations for tactical containment actions and post-incident activities in the event of an attack.
The post A guide to combatting human-operated ransomware: Part 2 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

A guide to combatting human-operated ransomware: Part 1

As human-operated ransomware is on the rise, Microsoft’s Detection and Response Team (DART) shares how they investigate these attacks and what to consider when faced with a similar event in your organization.
The post A guide to combatting human-operated ransomware: Part 1 appeared first on Microsoft Security Blog. READ MORE HERE…

Read more

A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture

This blog post will explain simple Microsoft security defaults and Secure Score—two features you should take advantage of that are easy to utilize and can significantly improve security in Azure AD and Office 365 configurations.
The post A “quick wins” approach to securing Azure Active Directory and Office 365 and improving your security posture appeared first on Microsoft Security. READ MORE HERE…

Read more

Microsoft Office 365—Do you have a false sense of cloud security?

Security is not just flipping the switch of security features to “on” and think you are done. DART explores the concept of having a false sense of security when securing your cloud environments.
The post Microsoft Office 365—Do you have a false sense of cloud security? appeared first on Microsoft Security. READ MORE HERE…

Read more

Success in security: reining in entropy

Your network is unique. It’s a living, breathing system evolving over time. The applications and users performing these actions are all unique parts of the system, adding degrees of disorder and entropy to your operating environment.
The post Success in security: reining in entropy appeared first on Microsoft Security. READ MORE HERE…

Read more

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.
The post Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2 appeared first on Microsoft Security. READ MORE HERE…

Read more