VDI and Shared Responsibility Model
In this episode, Andy and Adam discuss the importance of VDI (Virtual Desktop Infrastructure) in security and enterprise architecture. They highlight the security benefits of VDI, such as separating end user environments from the underlying physical hardware, centralized management of baseline images and patches, and the ability to keep sensitive data in the data center. They also explore the shared responsibility model in cloud computing, where the cloud provider is responsible for the security of the infrastructure, but the end users are responsible for protecting their data and assets stored in the cloud. Takeaways -VDI provides security benefits by separating end user environments from the underlying physical hardware and centralizing management of baseline images and patches. -The shared responsibility model in cloud computing means that while the cloud provider is responsible for the security of the infrastructure, the end users are responsible for protecting their data and assets stored in the cloud. -Understanding the shared responsibility model is crucial for security practitioners to ensure they are defending their organization's data effectively. -Minimizing the use of IaaS and on-premises models in favor of PaaS and SaaS models can reduce the organization's security responsibilities and provide better security. -It's important to know what you're responsible for in terms of data protection and security when using cloud services. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/wdguHOGjs2Q ----------------------------------------------------------- Documentation: https://x.com/itguysocal/status/1769052129111707877?s=46&t=wVpJpdH7u2mDZZDEtx3bMg https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility https://aws.amazon.com/compliance/shared-responsibility-model/ https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22 Apr 202425min
Entra Follow-up, Helpdesk Security, Certifications
In this episode, Andy and Adam clarify some points from the previous episode and discuss two main topics: mitigating social engineering attacks on IT help desks and the value of certifications in cybersecurity. They provide practical tips for securing IT help desks, such as requiring callbacks, video verifications, and supervisor verification. They also share their thoughts on certifications, highlighting the importance of experience and continuous learning over the number of certifications. They recommend certifications from AWS and Microsoft for beginners and discuss the relevance of TCP/IP knowledge in today's cybersecurity landscape. Takeaways -Mitigate social engineering attacks on IT help desks by implementing measures such as requiring callbacks, video verifications, and supervisor verification. -Certifications in cybersecurity can be valuable for beginners and for demonstrating knowledge and skills to employers, but they should not be the sole focus. Experience and continuous learning are more important. -Certifications from AWS and Microsoft are cost-effective options for beginners in the field. -TCP/IP knowledge, while important, may not be as relevant in today's cybersecurity landscape as other skills and knowledge areas. -Adaptability and meeting employers where they are in terms of security practices are crucial in the field of cybersecurity. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/BHcR7bAyMlY ----------------------------------------------------------- Documentation: https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/ https://twitter.com/infosec_fox/status/1778404395035550105?t=wVpJpdH7u2mDZZDEtx3bMg ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
16 Apr 202433min
Managed Machines, E3 vs E5
In this episode of the Blue Security Podcast, Andy Jaw and Adam Brewer discuss two main topics: the importance of managed devices for improving security posture and the bundling of security solutions in Microsoft licensing. They highlight the shift towards requiring Intune and Azure AD joined devices for improved device management and security. They also address the question of why Microsoft doesn't include more security solutions in their basic bundles, explaining the challenges of bundling and the need to compete fairly in the security market. Takeaways -Managed devices, specifically Intune and Azure AD joined devices, are crucial for improving security posture. -Hybrid join is the bare minimum for requiring managed machines, but Intune and Azure AD compliance provide continuous device health attestation and better device risk management. -Microsoft's licensing bundles, such as E3 and E5, do not include all security solutions because it would raise prices and not all customers need or want those solutions. -Microsoft aims to compete fairly in the security market and offers value in their licensing options, with E5 being the most comprehensive and cost-effective solution. -Customers have the flexibility to choose third-party security solutions and integrate them with Microsoft's offerings. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/Fv5yns0olmU ----------------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybridhttps://techcommunity.microsoft.com/t5/manufacturing/getting-started-with-an-intune-device-management-poc/ba-p/2703678 https://www.techrepublic.com/article/microsoft-teams-unbundle-office-eu-probe/ ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
9 Apr 202428min
Teams External User Phishing
This episode of the Blue Security Podcast discusses the issue of finding logs for chats between external and internal users in Microsoft Teams. The hosts explore various methods for detecting and alerting on suspicious chats, including using KQL queries, creating workbooks, and leveraging communication compliance features. They also highlight the connection between Teams, Exchange Online, and SharePoint, and the importance of protecting against malicious links and educating users about phishing threats. The episode concludes with a discussion on the significance of single sign-on configuration and the need for a holistic approach to security. Takeaways -Implementing KQL queries and workbooks can help detect and analyze logs for chats in Teams -Communication compliance features can be used to detect insider risks and inappropriate behavior in chats. -Protecting against malicious links and educating users about phishing threats are crucial for maintaining security in Teams. -Configuring single sign-on and requiring managed machines can enhance security and prevent credential theft. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/y4EEhkw7EpA ----------------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide#safe-links-settings-for-microsoft-teams https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
2 Apr 202436min
Midnight Blizzard Update, CISO Technical Skills, BEC + Automatic Attack Disruption
This episode covers updates on the Midnight Blizzard attack, the role of CISOs and their technical expertise, the need for international standards in cyber warfare, and defending against business email compromise. Takeaways -Microsoft provides an update on the Midnight Blizzard attack, revealing attempts to gain unauthorized access to internal systems. -The technical expertise of CISOs is important, but they don't need to be deeply technical. Understanding the solutions, threats, and being able to explain them is crucial. -Cyber warfare is a serious issue, and there is a need for international standards to define appropriate targets for attacks. -Microsoft demonstrates how their ecosystem defends against business email compromise using automatic attack disruption. ----------------------------------------------------------- YouTube Video Link: https://youtu.be/SQGJT2qLLms ----------------------------------------------------------- Documentation: https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.sec.gov/edgar/browse/?CIK=789019&owner=exclude https://www.youtube.com/watch?v=GnEGWzfxU8c ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
26 Mars 202430min
Microsoft Secure Recap
This episode of the Blue Security Podcast covers the announcements made at Microsoft Secure, focusing on Microsoft Copilot for Security, Microsoft Security Exposure Management, and updates to Microsoft Purview and Intune. The episode also highlights the integration of Copilot with Intune and the economic study that demonstrates the increased efficiency and accuracy of security analysts when using Copilot. Overall, the announcements showcase the advancements in Microsoft's security offerings and the value they bring to organizations. Takeaways -Microsoft Copilot for Security is a powerful tool that provides security analysts with AI-driven assistance in incident analysis, policy management, and more. -The licensing model for Copilot for Security is consumption-based, allowing organizations to use it as much as needed without overwhelming costs. -Microsoft Security Exposure Management offers a comprehensive threat exposure management process, integrating various security solutions and providing insights to mitigate risks. -The integration of Copilot with Intune enables administrators to easily understand and manage policy settings, security impact, and more. ----------------------------------------------------------- Youtube Video Link: https://youtu.be/8CH_OasAo0Q ----------------------------------------------------------- Documentation: https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/ https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/protect-at-the-speed-and-scale-of-ai-with-copilot-for-security/ba-p/4078785 https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-adds-identity-skills-to-copilot-for-security/ba-p/4081857 https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-introduces-a-preview-of-copilot-in-intune/ba-p/4083276 ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
19 Mars 202444min
FBI Internet Crimes Report and BEC Protection
In this episode, the hosts discuss the FBI's 2023 internet crime report, focusing on the increase in money lost to internet crimes and the age group most vulnerable to cybercrime. They then delve into the topic of business email compromise (BEC), explaining how scammers use email to trick individuals and businesses into giving money or divulging confidential information. The hosts provide tips for protecting against BEC, including using secure email gateways, implementing multi-factor authentication, and educating employees about phishing red flags. They also emphasize the importance of reporting BEC incidents to law enforcement and treating these crimes seriously. Takeaways -The FBI's 2023 internet crime report revealed an increase in money lost to internet crimes and highlighted the vulnerability of older adults to cybercrime. -Business email compromise (BEC) is a type of cybercrime where scammers use email to trick individuals and businesses into giving money or confidential information. -Protecting against BEC involves using secure email gateways, implementing multi-factor authentication, and educating employees about phishing red flags. -Reporting BEC incidents to law enforcement, such as the FBI, is crucial for recouping losses and cracking down on cybercrime. ----------------------------------------------------------- Youtube Video Link: https://youtu.be/_GpyjmLDX8g ----------------------------------------------------------- Documentation: https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf https://www.microsoft.com/en-us/security/blog/2019/10/16/top-6-email-security-best-practices-to-protect-against-phishing-attacks-and-business-email-compromise/?culture=en-us&country=us ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ----------------------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
12 Mars 202425min
Application Allow Listing, iMessage Post Quantum
Summary In this episode, Andy and Adam discuss the concept of application allow listing and the controversy surrounding the removal of Wireshark from company computers. They also delve into the announcement by Apple that iMessage is moving to post-quantum level 3 encryption, making it one of the most secure messaging apps available. The hosts highlight the importance of communication and risk assessment in the field of information security. They also emphasize the need for organizations to have backup communication plans during incidents. The episode concludes with a discussion on the future of post-quantum encryption and its potential impact on the industry. Takeaways -Application allow listing allows organizations to control the software installed on company assets for security and productivity purposes. -InfoSec teams have the right to evaluate and remove applications with high vulnerabilities or CVEs, but there should be an exception process for legitimate business needs. -Apple's announcement of iMessage moving to post-quantum level 3 encryption highlights the importance of quantum-resistant encryption in the face of future threats. -iMessage's widespread use in the United States makes its security upgrades significant for communication privacy. -The implementation of post-quantum encryption at scale by Apple sets a precedent for the industry and may lead to broader adoption of quantum-resistant encryption methods. ------------------------------------------- Youtube Video Link: https://youtu.be/mN9DFPPDgYI ------------------------------------------- Documentation: https://twitter.com/crisisofconsc/status/1758129747538702481 https://x.com/FrankMcG/status/1758948906740633946?s=20 https://security.apple.com/blog/imessage-pq3/ https://signal.org/blog/pqxdh/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
5 Mars 202432min
