Defender Experts with Special Guest Raae Wolfram
Blue Security4 Maalis

Defender Experts with Special Guest Raae Wolfram

Summary

In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer engage with Ray Wolfram, Senior Product Manager for Defender Experts at Microsoft. Ray shares her extensive background in healthcare IT and cybersecurity, detailing her journey to Microsoft and the impact of COVID-19 on the cybersecurity landscape. The conversation delves into the two offerings of Defender Experts: Defender Experts for Hunting and Defender Experts for XDR, highlighting their unique features and the role of Microsoft in providing unparalleled threat intelligence. The episode emphasizes the importance of human expertise in cybersecurity and the proactive approach of Defender Experts in threat hunting and incident response. In this conversation, the speakers discuss the evolving landscape of cybersecurity, focusing on the role of threat hunters, the capabilities of Microsoft Defender Experts for XDR, and the importance of partnerships in providing comprehensive security solutions. They explore how Microsoft meets customers where they are, the onboarding process for new customers, and the integration of third-party solutions into the Defender ecosystem. The discussion also highlights the proactive nature of Defender Experts and the future roadmap for Defender for Cloud, emphasizing the need for collaboration in the cybersecurity space.----------------------------------------------------

YouTube Video Link:⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ https://youtu.be/zY9zOEFkZOc

----------------------------------------------------

Documentation:

https://learn.microsoft.com/en-us/defender-xdr/defender-experts-for-hunting

https://learn.microsoft.com/en-us/defender-xdr/dex-xdr-overview

https://www.microsoft.com/en-us/security/blog/2023/03/27/microsoft-incident-response-retainer-is-generally-available/

https://www.linkedin.com/in/raaewolfram/

----------------------------------------------------

Contact Us:

Website: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://bluesecuritypod.com

Bluesky: https://bsky.app/profile/bluesecuritypod.com

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/company/bluesecpod

YouTube:

⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.youtube.com/c/BlueSecurityPodcast

-----------------------------------------------------------

Andy Jaw

Bluesky: https://bsky.app/profile/ajawzero.com

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/andyjaw/

Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠andy@bluesecuritypod.com⁠

----------------------------------------------------

Adam Brewer

Twitter: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://twitter.com/ajbrewer

LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/adamjbrewer/

Email: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠adam@bluesecuritypod.com

Jaksot(269)

Don't Phish Me, Bro

Don't Phish Me, Bro

This week, Adam and Andy talk about OMB procurement requirements changing due to increased cybersecurity defense, Gartner's thoughts on consolidated security platforms, and internal phishing campaigns. ------------------------------------------- Youtube Video Link: https://youtu.be/OZKS03pmk8M ------------------------------------------- Documentation: https://www.whitehouse.gov/omb/briefing-room/2022/03/07/omb-statement-on-enhancing-the-security-of-federally-procured-software/ https://www.gartner.com/doc/reprints?id=1-28F8N1LT&ct=211213&st=sb https://twitter.com/swiftonsecurity/status/1534762545524969473?s=21&t=zH3ZUwsZZVDH6ujtVtxTWw ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

20 Kesä 202228min

Securing Guest Access to M365

Securing Guest Access to M365

This week, Adam and Andy talk about how to secure guest access and collaboration in Microsoft 365. They talk about the differences between member and guest users and how guest users are created. They also talk about best practices on how to secure access and collaborations in Sharepoint, Teams, and Azure AD. Finally, they end with talking about managing partner relationships and how that can impact access to an organization's tenant. ------------------------------------------- Youtube Video Link: https://youtu.be/PGjipcS6wiA ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/microsoft-365/solutions/create-secure-guest-sharing-environment?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/solutions/collaborate-with-people-outside-your-organization?view=o365-worldwide https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions#compare-member-and-guest-default-permissions https://docs.microsoft.com/en-US/microsoft-365/commerce/manage-partners?WT.mc_id=365AdminCSH_inproduct&view=o365-worldwide https://docs.microsoft.com/en-us/azure/lighthouse/overview ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

12 Kesä 202226min

Windows Defender Exploit Guard

Windows Defender Exploit Guard

This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening rules. This conversation was spawned by the current Follina vulnerability (CVE-2022-30190) where an Attack Surface Reduction (ASR) rule can prevent the attack from happening. ASR rules are part of Window Defender Exploit Guard. Dive in to learn all about it! ------------------------------------------- Youtube Video Link: https://youtu.be/ldFWF9GuMZY ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

6 Kesä 202221min

Patch Management

Patch Management

This week, Adam and Andy talk about patch management. This is basic security and some organizations are still struggling with it. They talk about the explosion of zero days and why continuous monitoring of patching is so important. They also go over some policy that you should review as well as why you should switch to Windows Update for Business. Finally, they go over a new feature called Windows Autopatch announced a few weeks ago. ------------------------------------------- Youtube Video Link: https://youtu.be/KM_2OrB1Wy8 ------------------------------------------- Documentation: https://www.mandiant.com/resources/zero-days-exploited-2021 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/the-windows-update-policies-you-should-set-and-why/ba-p/3270914 https://www.anoopcnair.com/windows-update-for-business-wufb-using-intune/ https://docs.microsoft.com/en-us/windows/deployment/update/waas-configure-wufb https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

30 Touko 202233min

Domain Controller Security

Domain Controller Security

This week, Adam and Andy talk about some updated guidance for securing domain controllers in a world where the cloud is a security imperative. They also review some of the existing guidance and walk through the most important recommendations. ------------------------------------------- Youtube Video Link: https://youtu.be/AlJ1H7Ud4vc ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/updating-best-practices-for-domain-controllers/ba-p/3263043 https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

23 Touko 202223min

Cyber Threat Intelligence with Special Guest Charity Wright

Cyber Threat Intelligence with Special Guest Charity Wright

This week, Adam and Andy talk with threat intelligence expert Charity Wright. Charity talks about her military career and how she got selected as a Chinese linguist and worked with the NSA. Charity works for Recorded Future currently and she talks about how threat intelligence can help bolster your cybersecurity program and why it's important to start gathering intel whether it's an internal team, a vendor, or using open source intelligence (OSINT). ------------------------------------------- Youtube Video Link: https://youtu.be/zkAg_mBp7N4 ------------------------------------------- Documentation: Charity Wright Twitter: https://twitter.com/CharityW4CTI Linkedin: https://www.linkedin.com/in/cwillhoite/ ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

16 Touko 202240min

Andy was hacked!

Andy was hacked!

This week, Adam and Andy talk about passwordless news released on World Password Day and about how Andy was hacked...listen in to hear the details of what happened! ------------------------------------------- Youtube Video Link: https://youtu.be/Go6cb9pU6ng ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/expansion-of-fido-standard-and-new-updates-for-microsoft/ba-p/3290633 ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

9 Touko 202220min

MFA Bombing

MFA Bombing

This week, Adam and Andy talk about MFA bombing. This tricky compromise circumvents MFA. Listen on what it is and how to protect against it. ------------------------------------------- Youtube Video Link: https://youtu.be/EFg-vw824PY ------------------------------------------- Documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com

2 Touko 202220min