Blogs by Ashwin

  To read part 1, please click  here   Zero-Hour Auto Purge (ZAP) It's an email protection feature present in Microsoft 365 that can retroactively detect as well as neutralize malicious phishing, spam, or malware messages that have already been delivered to Exchange Online mailboxes.  By default, ZAP is available with the default Exchange Online Protection (EOP) that's included with any Office 365 subscription containing Exchange Online mailboxes. It doesn't work in standalone EOP environments that protect on-premises Exchange mailboxes. How ZAP works? Although Microsoft Office 365 updates spam as well as malware signatures on daily basis, users can still receive malicious messages due to various reasons, including if content is weaponized after being delivered to users. ZAP  readily addresses this issue by regularly monitoring the updates to the Office 365 spam and malware signatures and finding as well as removing the messages that are already in a user's mailbox. As

  To read part 2, please click  here Exchange Online Protection (EOP) All the Microsoft 365 tenants having their mailboxes hosted in Exchange Online depends on the EOP services in order to route inbound as well as outbound mails. However, EOP can also secure your organizations against phishing, spoofing, spam, and malware while offering email security with the help of a combination of techniques like IP and sender reputation, heuristics, spam filtering, malware filtering, machine learning as well as filtering for phishing and spoofing. When you combine EOP and Microsoft Defender for Office they can readily offer a complete solution for protecting the users against any kind of cyberthreat originating in email. The Anti-Malware Pipeline in Microsoft 365 As stated above, as the organizations hosting mailboxes in Exchange Online rely on EOP to secure incoming as well as outgoing mails, their administrator must add Microsoft 365 specific MX and TXT records to their domain name in DNS while

  To read part 1, please click  here   Secure Score Dashboard The secure score tool can analyze an organization's Microsoft 365 security according to the security settings across the tenant, assigns a score that can be easily tracked on time, and is designed to help an organization to create a prioritize as well as an actionable roadmap to mitigate its security risks. Global administrators can easily access Microsoft secure Score, which displays the dashboard tab at first which offers a quick view into an organization's security posture. Overview Tab Microsoft's improvement actions are organized into groups in order to help you with the information you require instantly: Identity (Azure AD accounts & roles) Data (Microsoft Information Protection) Device (no improvement actions for now) App (email and cloud apps, including Office 365 and Microsoft Cloud App Security) Infrastructure (no improvement actions for now) The overview page shows how to split points between these

  To read part 2, please click  here Secure Score Explained Microsoft secure score is termed as a measurement of an organization's security posture, with a higher number indicating more improvement actions taken and with the help of a centralized dashboard in the Microsoft 365 security center, organizations can monitor as well as work on the security of their Microsoft 365 identities, data apps, devices, and infrastructure.  Secure score helps the organizations to: Report on the current state of the organization's security posture.  Improve their security posture by providing discoverability, visibility, guidance, and control. Compare with benchmarks and establish Key Performance Indicators (KPIs). Note: Microsoft Secure Score is a numerical summary of your security posture based on system configurations, user behavior, and other security-related measurements, but, it's not an absolute measurement of likely your system or data will be breached, whereas, it shows the extent

  AWS Step Functions It's a fully managed service that allows you to easily coordinate the components of distributed applications as well as microservices with the help of visual workflows and if you build applications from the individual components that can perform a discrete function, then, you can readily scale and change applications instantly. Step Functions offers a graphical console in order to arrange as well as visualize the components of your applications as series of steps which helps you to build and run multi-step applications.  These functions can automatically triggers as well as tracks each step, and retries whenever there are errors, so that your application always always run appropriately; while also logging the state of each step, so that you can diagnose as well as debug the problems quickly in case anything goes wrong. You can also change and add steps without even writing code, so that you can easily evolve your application as well as innovate it faster.  Amaz

  AWS Management Console You can access as well as manage AWS through the AWS Management Console, which is a simple and intuitive user interface while also using the AWS Console Mobile Application to view the resources on the go quickly. AWS Command Line Interface  It's a unified tool that's used to manage your AWS services and also helps you to control multiple AWS services as well as automate them through scripts with just one tool to download and configure. Software Development Kits They cam simplify using AWS services in your applications with the help of an Application Program Interface (API) tailored to your programming language and interface. Analytics Amazon Athena  It's an interactive query service making it easy to analyze data in Amazon S3 with the help of standard SQL and does not require any infrastructure to manage as Athena is serverless and you only pay for the queries you run. Athena is easy to use and does not require any kind of complex extract, transform

  To read part 1, please click  here Microsoft Cloud Application Security As the name suggests, it's a Cloud Access Security Broker which can support different deployment modes including log collection, API connectors, and reverse proxy while also providing rich visibility, control over data travel, and sophisticated analytics in order to identify as well as combat cyberthreats across all your Microsoft and third-party cloud services. Microsoft Cloud App Security natively integrates with leading Microsoft solutions and is designed according to the security professionals to offer simple deployment, centralized management, and innovative automation capabilities.  The Cloud App Security Framework Discover & control the use of Shadow IT- It can easily identify cloud apps, IaaS, and PaaS services used by your organization including the investigation of usage patterns, assessing the risk levels, as well as determining the business readiness of more than 16000 SaaS apps against more t

  To read part 2, please click  here Microsoft Defender It's a unified pre- and post-breach enterprise defense suite that can natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to offer integrated protection against sophisticated attacks. Hence, Microsoft 365 Defender can take automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, as well as user identities.  Microsoft 365 Defender cross-product features includes the following: Cross-product single pane of glass- Central view all information for detections, impacted assets, automated actions taken, and related evidence in a single queue as well as a single pane in security.microsoft.com. Combined incidents queue- It can help the security professionals to concentrate on what's critical by making sure the full attack scope, impacted assets, as well as automated remediation actions are grouped together and surfaced in a

  Microsoft Security Principles It includes the following: An effective defense requires you to dramatically increase the costs to the attacker.  Assume your identities are always under attack.  Apply attack graph thinking. Defense in depth is critical.  Protect, detect, and respond.  Above all, assume compromise.  Measuring Security Success It's is difficult to calculate Security Return on Investment (SROI) as both the components of risk are not easy to measure.  Impact- Many of the outcomes are unknown and difficult to measure (like, which competitive products have benefitted from intelligence stolen from your environment?). Likelihood- This is driven by uncertainty influenced by adaptive/reactive human attacker decisions (i.e. they are not random).  Defender Investment consists of: Security budget - which is the cost of purchasing technology and hiring people. The time and attention of the team members. Defender Return consists of your ability to: Reduce the attacker's ROI,

  To read part 1, please click  here Global Infrastructure AWS is steadily expanding its global infrastructure to help their customers achieve lower latency and higher throughput while also making sure that their data resides only in the AWS region they specify. The AWS Cloud infrastructure is built around AWS Regions and Availability Zones. An AWS Region is known as a physical location in the world having multiple Availability Zones which in turn also consists of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities.  In order to achieve higher fault tolerance and stability, each Amazon Region is designed to be completely isolated from the other Amazon Regions whereas Availability Zones are connected through low-latency links in a Region. Availability Zones are designed as an independent failure zone i.e. they are physically separated within a typical metropolitan region and are located in lower risk flood plains. Dis

  To read part 2, please click  here Introduction Amazon Web Services or AWS started providing their IT infrastructure services to businesses as web services in the year 2006, also known as cloud computing which also offers an opportunity to replace upfront capital infrastructure expenses into low variable costs that scale with your business. Since the introduction of cloud computing, businesses no longer require to plan for as well as procure servers and the other IT infrastructure weeks or months in advance, on the contrary, they can instantly spin up hundreds or thousands of servers in minutes and delivers quick results.  Nowadays, AWS offers a highly reliable, scalable, low-cost infrastructure platform in the cloud that powers hundreds of thousands of businesses in 190 countries worldwide. What is Cloud Computing? Cloud computing is known as an on-demand provider of compute power, database, storage, applications, and the other IT resources through cloud services platform via the in

  To read part 1, please click  here To read part 2, please click  here Data Deletion  It happens when an attacker deletes your data, often making it difficult to recover the data if not impossible. Ransomware is one of the types of data deletion attacks which helps a hacker to compromise the network, encrypt the data, and then demanding a payment to get the key to decrypt the data. Attacker's motivations for data deletion includes covering the tracks of an attack, attempting to do irreparable harm to your business, or simply trying to spite you or your employees.  Preventing Data Deletion Besides using the other data prevention mechanisms, your main strategy should be to make sure that you have enough redundancies built into your data management processes to minimize the impact of data deletion. Although the data in Microsoft 365 is automatically backed up and made redundant for maximum availability by the service, but it's still possible for an attacker to delete data from Sh

  To read part 1, please click  here To read part 3, please click  here Account Breach An account can be considered as breached when a user's account is compromised such that it can be easily used by an attacker to access network resources and if its an administrative account, then the hacker can immediately begin scouring the network to gain access to critical data, but if its a regular user's account, then the hacker can use various techniques to obtain administrator privileges which is called elevation of privilege. Mitigating an Account Breach It's recommended to use Multi-factor Authentication (MFA) to mitigate an account breach where the users must perform an additional step to log on to services. Another authentication method can be an SMS text message, key FOB, or a phone call, which makes it much harder for an attacker to steal an identity without the actual account owner knowing about it. Directory controls can also be enabled against multiple failed logon attempt