Common PIM mistakes
In this episode, the hosts discuss Privileged Identity Management (PIM) and common misconceptions and mistakes related to its configuration. They cover topics such as configuring MFA in PIM, different MFA experiences, mitigations for MFA in PIM, authentication context in PIM, requiring approval to activate roles in PIM, considerations for role activation, mitigating role lockout, and using PIM for non-Microsoft apps. They also highlight the ability to use PIM for non-Azure resources, expanding its functionality beyond traditional Azure roles. Takeaways Privileged Identity Management (PIM) allows for just-in-time activation of privileged roles. Configuring MFA in PIM can have different experiences depending on the authentication method used. Mitigations for MFA in PIM include setting a lower sign-in frequency and not allowing persistent sessions. Authentication context in PIM allows for additional conditional access policies to be applied after authentication. Requiring approval to activate roles in PIM can help ensure proper oversight and control. Mitigating role lockout in PIM involves having a break glass account for emergency access. PIM can be used for non-Microsoft apps, allowing for just-in-time elevation of privileges. Expanding PIM to non-Azure resources opens up new possibilities for managing privileged access. ------------------------------------------- Youtube Video Link: https://youtu.be/uagtZ4KyB8k ------------------------------------------- Documentation: https://campbell.scot/pim-common-microsoft-365-security-mistakes-series/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
1 Tammi 202429min
Microsoft Digital Defense Report 2023
Microsoft's Digital Defense Report for 2023 provides insights into the state of cybercrime, critical cybersecurity challenges, and the importance of IoT and OT security. The report highlights Microsoft's investment in security research and innovation, as well as the need for partnerships and collaboration in the cybersecurity community. Key takeaways include the importance of multi-factor authentication, zero trust principles, and vulnerability management. The report also emphasizes the need for comprehensive OT patch management systems and the use of AI-powered security tools and large language models. In this conversation, Adam Brewer and Andy Jaw discuss the capabilities of large language models (LLMs) and their potential applications in cybersecurity. They highlight how LLMs can synthesize and understand human language, making them valuable tools for security analysts. The conversation also touches on the importance of the Digital Defense Report, which provides comprehensive insights into cybercrime and IoT/OT security. The hosts encourage listeners to explore the report for a deeper understanding of the current threat landscape. The episode concludes with closing remarks and well wishes for the holiday season. Takeaways * Invest in multi-factor authentication and zero trust principles for enhanced security. * Implement robust network monitoring and vulnerability management for IoT and OT devices. * Maintain comprehensive OT patch management systems to mitigate risks. * Utilize AI-powered security tools and large language models for threat intelligence and incident response. ------------------------------------------- Youtube Video Link: https://youtu.be/dZtD3dspMLA ------------------------------------------- Documentation: https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
25 Joulu 202354min
Audits and Data/AI Security with Special Guests Carley Salmon and Megan Maley
On this episode, Adam and Andy talk with Carley and Megan, about compliance, auditing, and data protection in the cybersecurity industry. They emphasize the importance of understanding compliance frameworks and preparing for audits with the help of partners or consultants. They also highlight the need for continuous monitoring and a shift away from checkbox security. The conversation touches on the challenges of interpreting controls and the potential for risk acceptance. The experts discuss the impact of AI and large language models on data protection and provide insights into the remediation process after failing an audit. The conversation explores the implications of using Copilot and large language models in terms of sensitive information and data protection. It emphasizes the importance of identifying and protecting sensitive data to prevent unintentional exposure. The discussion also highlights the role of data governance and Microsoft Purview in managing and classifying data. Additionally, the integration of sensitivity labels and rights management is discussed as a way to ensure data protection. The conversation concludes with a recommendation to check out the podcast 'Cocktails and SOC Tales' hosted by Carley Salmon and Megan Maley. ------------------------------------------- Youtube Video Link: https://youtu.be/vWKA8-sib4s ------------------------------------------- Documentation: Carley Salmon: https://www.linkedin.com/in/carley-s-9abb24241/ Megan Maley: https://www.linkedin.com/in/megan-maley/ Cocktails and SOC Tails Podcast: https://www.youtube.com/@cocktailssoctales ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
18 Joulu 202358min
CNAPP - Defender for Cloud Overview
This episode of the Blue Security Podcast discusses the Cloud Native Application Protection Platform (CNAPP) and Microsoft's Defender for Cloud. The hosts provide an overview of CNAPP and its various components, including DevSecOps, security posture management, and cloud workload protection platform. They highlight the ease of deployment and the pay-as-you-go pricing model of Defender for Cloud. The episode also covers the integration of Sentinel and M365 Defender into the Defender Security Center. The hosts emphasize the importance of protecting cloud infrastructure and recommend enabling Defender for Cloud by default. ------------------------------------------- Youtube Video Link: https://youtu.be/de6YvMsJAzQ ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-new-cnapp-capabilities-in-defender-for-cloud/ba-p/3981941 https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction https://learn.microsoft.com/en-us/entra/permissions-management/overview https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
11 Joulu 202334min
MeridianLink extortion, Plastic Surgery office breached, AI voice clones
On this week's episode, Adam and Andy talk about a ransomware gang making an SEC complaint against their victim, a medical office breach, and AI voice clones. ------------------------------------------- Youtube Video Link: https://youtu.be/iGgp8SurXM8 ------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/ https://www.8newsnow.com/investigators/hackers-target-las-vegas-plastic-surgeons-post-patient-information-naked-photos-online/ https://x.com/racheltobac/status/1725943979248910603?s=46&t=wVpJpdH7u2mDZZDEtx3bMg ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
4 Joulu 202333min
Microsoft Ignite 2023 - Part 2
On this week's episode, Adam and Andy talk about more things on security from Microsoft Ignite. From canary capabilities in MDE to Automatic Conditional Access Policies, there are a TON of really amazing announcements. Tune in to hear the 2nd half of Ignite news! ------------------------------------------- Youtube Video Link: https://youtu.be/Pl010QG_n5I ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/ignite-news-augment-your-edr-with-deception-tactics-to-catch/ba-p/3982253 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/empower-data-security-teams-to-proactively-manage-critical/ba-p/3975623 https://www.microsoft.com/en-us/security/blog/2023/11/06/automatic-conditional-access-policies-in-microsoft-entra-streamline-identity-protection/ https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/remediate-user-risks-in-microsoft-entra-id-protection-through-on/ba-p/3773129 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
4 Joulu 202349min
Microsoft Ignite 2023 - Part 1
On this week's episode, Adam and Andy talk about all the security announcements from Microsoft Ignite 2023. There were SO many that this will be part 1 with another episode being released in the following week. Listen in to some of the amazing advancements with Copilot, generative AI, and security within the Microsoft portfolio! ------------------------------------------- Youtube Video Link: https://youtu.be/wXIJJhNv-pI ------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-a-unified-security-operations-platform-with/ba-p/3983341 http://aka.ms/MSSecurityCCP https://www.microsoft.com/en-us/security/blog/2023/11/15/microsoft-unveils-expansion-of-ai-for-security-and-security-for-ai-at-microsoft-ignite/ https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-cloud-pki-launches-as-a-new-addition-to-the-microsoft/ba-p/3982830 https://techcommunity.microsoft.com/t5/microsoft-intune-blog/introducing-microsoft-intune-enterprise-app-management/ba-p/3981044 ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
20 Marras 202340min
Okta Breach Follow-up and Passkeys
On this week's episode, Andy and Adam talk about the follow up investigation from Okta about their support system breach along with some lessons that listeners can take away. They also talk about passkeys going mainstream and what that means for the future of passwordless. ------------------------------------------- Youtube Video Link: https://youtu.be/5Cz07OKHAII ------------------------------------------- Documentation: https://arstechnica.com/information-technology/2023/11/no-okta-senior-management-not-an-errant-employee-caused-you-to-get-hacked/ https://support.google.com/chrome/a/answer/12129062?hl=en https://support.google.com/chrome/a/answer/9116814?hl=en https://www.washingtonpost.com/technology/2023/10/18/passkeys-explained-google/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
13 Marras 202337min
