Cloud Security - Defender for Storage Deep Dive
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft's Defender for Storage, a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage. They highlight the three major impacts on data workloads: malicious file uploads, sensitive data exfiltration, and data corruption. The solution offers activity monitoring, malware scanning, and sensitive data threat detection. They also mention the pricing model, the integration with Microsoft Purview, and the ease of deployment using Azure Policy and Logic Apps. Takeaways -Defender for Storage is a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage. -The solution protects against malicious file uploads, sensitive data exfiltration, and data corruption. -It offers activity monitoring, malware scanning, and sensitive data threat detection. -Integration with Microsoft Purview allows for seamless inheritance of sensitivity settings. -Deployment can be done through the Azure portal, Azure Policy, or infrastructure as code using the REST API. -Logic Apps can be used to automate responses and streamline security operations. -A pre-purchase plan is available for Defender for Cloud workloads, offering programmatic discounts and predictable billing. ---------------------------------------------------- YouTube Video Link: https://youtu.be/_DNCcy4V5Uo ---------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod LinkedIn: https://www.linkedin.com/company/bluesecpod YouTube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
13 Aug 202428min
New Autopilot Features, Intune Enrollment Attestation, MAM for W365/AVD
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss new features and updates in Intune, including autopilot for existing devices, Intune enrollment attestation, and mobile application management (MAM). They explain how autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. They also highlight the importance of monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards. Takeaways - Autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. - Monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards are important for protecting corporate data. -Intune enrollment attestation stores the MDM ID in the TPM of the device, preventing attacks that export the MDM device to attack other devices. -Mobile application management (MAM) is a lightweight way to protect corporate data on unmanaged devices, and it can be used in conjunction with MDM on managed devices. -MAM capabilities are now available for Windows 365 and AVD clients on Windows, iOS, PadOS, and Android clients, allowing for more secure access to corporate data. ---------------------------------------------------- YouTube Video Link: https://youtu.be/R8GYUQjr7ds ---------------------------------------------------- Documentation: https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-upcoming-changes-for-deploying-windows-autopilot-for/ba-p/4181554 https://learn.microsoft.com/en-us/autopilot/existing-devices https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-attestation#resources https://techcommunity.microsoft.com/t5/windows-it-pro-blog/mam-preview-for-windows-365-and-azure-virtual-desktop/ba-p/4171051 https://learn.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
6 Aug 202424min
Cloud Security - Defender CSPM Deep-Dive
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss Defender CSPM (Cloud Security Posture Management). They explain that CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations. They highlight the key capabilities of CSPM, including automation, monitoring and managing IaaS, SaaS, and PaaS platforms, and ensuring regulatory compliance. They also introduce Defender CSPM, a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security. They mention the inclusion of Entra Permissions Management and external attack surface management in Defender CSPM. They emphasize the value of Defender CSPM for regulatory compliance and the ease of reporting on security posture against specific standards. Takeaways -CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations. -Defender CSPM is a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security. -Defender CSPM includes Entra Permissions Management and external attack surface management. -Defender CSPM is valuable for regulatory compliance and provides ease of reporting on security posture against specific standards. ---------------------------------------------------- YouTube Video Link: https://youtu.be/lqvWnxyQqVs ---------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction#protect-cloud-workloads https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-devops-environment-posture-management-overview ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
30 Juli 202433min
CrowdStrike Major Incident
Summary In this episode of the Blue Security Podcast, Andy and Adam discuss the aftermath of the CrowdStrike failed software update. They express empathy for those impacted by the incident and discuss the importance of collaboration in the cybersecurity industry. They also explore the need for transparency from security vendors and the potential impact on cybersecurity teams and funding. The conversation touches on the level of access that security solutions have and the need for a balanced approach. They emphasize the importance of having an incident response plan and implementing deployment rings for security updates. ---------------------------------------------------- YouTube Video Link: https://youtu.be/_ajB1t89VrQ ---------------------------------------------------- Documentation: https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://www.linkedin.com/posts/racheltobac_lets-get-actionable-criminals-will-attempt-activity-7220134391350538240-8ZNN/ https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959 ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
22 Juli 202450min
Cybersecurity is full?
Summary In this episode, Andy and Adam discuss a blog post titled 'Cybersecurity is Full' that challenges the hype around cybersecurity careers. They explore the saturation of the field, the value of certifications and conferences, the optional nature of cybersecurity in organizations, and the stress and challenges of the industry. They emphasize the importance of having a strong foundation in technology before pursuing a career in cybersecurity and the need for organizations to prioritize cybersecurity as an enabler for their business. They also highlight the ongoing need for cybersecurity professionals and the rewarding nature of the field. Takeaways -Cybersecurity careers have been hyped up in recent years, leading to a saturation of the field, especially at the entry level. -Certification programs and conferences in cybersecurity can be expensive and may not always provide quality content or training. -The optional nature of cybersecurity in organizations means that it can be cut when budgets are tight, but there is a minimum level of investment required. -A strong foundation in technology and a basic understanding of concepts like TCP/IP and DNS are essential before pursuing a career in cybersecurity. -Cybersecurity professionals need to be persuasive and able to sell the value of cybersecurity to their organizations. -The cybersecurity industry is still growing, and professionals have the opportunity to make a difference and protect against malicious threat actors. ---------------------------------------------------- YouTube Video Link: https://youtu.be/B0roPpJKKpU ---------------------------------------------------- Documentation: https://cyberisfull.com/ ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
16 Juli 202440min
Cloud Security - Defender for Servers Deep-Dive
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender for Servers, a cloud security solution offered by Microsoft. They explain that Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers. They discuss the different plans available, including Plan 1 and Plan 2, which offer varying levels of endpoint protection and vulnerability management. They also highlight the inclusion of Cloud Security Posture Management (CSPM) in both plans. The hosts emphasize the vendor-agnostic nature of Defender for Servers, which can be used in AWS, GCP, and on-premises environments. Takeaways -Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers. -There are two plans available for Defender for Servers: Plan 1 and Plan 2. Plan 1 offers endpoint protection, while Plan 2 includes additional features such as XDR, EDR, and regulatory compliance capabilities. -Both Plan 1 and Plan 2 include Cloud Security Posture Management (CSPM), which provides security recommendations and secure score assessments. -Defender for Servers is vendor-agnostic and can be used in AWS, GCP, and on-premises environments. It is available for both Windows and Linux VMs. -Defender for Servers is priced on a consumption-based model, allowing customers to pay only for what they use. ---------------------------------------------------- YouTube Video Link: https://youtu.be/-jG2BFPS45o ---------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan https://learn.microsoft.com/en-us/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
9 Juli 202434min
Recommended EOP and MDO settings
In this episode of the Blue Security Podcast, Andy and Adam discuss recommended settings for Exchange Online Protection (EOP) and Microsoft Defender for Office (MDO). They explain that EOP is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection. They also highlight the importance of the secure by default feature in EOP and the use of admin submissions to report false positives and false negatives. They caution against using methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies, as these can bypass important security measures. They emphasize the need for organizations to regularly review and clean up their EOP policies to ensure effective email security. Takeaways -Exchange Online Protection (EOP) is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection. -The secure by default feature in EOP ensures that high-confidence phishing and malware emails are blocked, regardless of any overrides or exceptions. -Admin submissions should be used to report false positives and false negatives, allowing Microsoft to review and improve filtering rules. -Methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies can bypass important security measures and should be avoided. -Regularly reviewing and cleaning up EOP policies is essential to maintain effective email security. ---------------------------------------------------- YouTube Video Link: https://youtu.be/guRhC1yVJYI ---------------------------------------------------- Documentation: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide https://learn.microsoft.com/en-us/defender-office-365/secure-by-default https://learn.microsoft.com/en-us/defender-office-365/advanced-delivery-policy-configure#use-the-microsoft-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
2 Juli 202439min
Arlington BEC, Kaspersky Ban, Crown Equipment Cyberattack
In this episode, Andy and Adam discuss three cybersecurity news stories. They talk about a small town in Massachusetts that lost over $445,000 in an email scam, the Biden administration's ban on Kaspersky antivirus software, and a cyber attack on Crown Equipment, a forklift manufacturer. The main takeaways from the conversation are the importance of cybersecurity training, the need for secure remote access methods, and the impact of employee satisfaction on cybersecurity. Takeaways -Cybersecurity training is crucial to prevent email scams and social engineering attacks. -Secure remote access methods should be deployed and unauthorized remote access software should be blocked. -Employee satisfaction and trust in the company can reduce the risk of insider threats. -Small organizations and state and local governments are vulnerable to cyber attacks and should prioritize cybersecurity measures. ---------------------------------------------------- YouTube Video Link: https://youtu.be/YdTo2kej4VQ ---------------------------------------------------- Documentation: https://www.cybercaptcha.com/news/small-massachusetts-town-scammed-out-of-445000-in-shocking-email-hack/ https://www.bleepingcomputer.com/news/security/biden-bans-kaspersky-antivirus-software-in-us-over-security-concerns/ https://oicts.bis.gov/kaspersky/ https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/ ---------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ---------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com
25 Juni 202437min
