Microsoft 365 Defender (part 2)

 





To read part 1, please click here









Microsoft Cloud Application Security

As the name suggests, it's a Cloud Access Security Broker which can support different deployment modes including log collection, API connectors, and reverse proxy while also providing rich visibility, control over data travel, and sophisticated analytics in order to identify as well as combat cyberthreats across all your Microsoft and third-party cloud services.

Microsoft Cloud App Security natively integrates with leading Microsoft solutions and is designed according to the security professionals to offer simple deployment, centralized management, and innovative automation capabilities. 

The Cloud App Security Framework

  • Discover & control the use of Shadow IT- It can easily identify cloud apps, IaaS, and PaaS services used by your organization including the investigation of usage patterns, assessing the risk levels, as well as determining the business readiness of more than 16000 SaaS apps against more than 80 risks while also managing them to ensure security and compliance.

  • Protect your sensitive information anywhere in the cloud- It can understand, classify, and protect the exposure of sensitive information at rest while also leveraging out-of-the box policies as well as automated processes to apply controls in real-time across all your cloud apps.

  • Assess the compliance of your cloud apps- It can find if your cloud apps fulfill the relevant compliance requirements and industry standards while also preventing any kind of data leaks to non-compliant apps as well as limit access to regulated data. 

  • Protect against cyberthreats & anomalies- It can easily detect any unusual behavior across cloud apps to identify ransomware, compromised users, or rogue applications, analyze high-risk usage and automatically remediate to limit the risk to your organization.      

Microsoft Defender for Endpoint

Its primary components are:
  • Threat & Vulnerability Management- It uses a game-changing risk-based approach to discover, prioritize, and remediate the endpoint vulnerabilities and misconfigurations.

  • Attack Surface Reduction- It's a set of capabilities that offers the first line of defense in the stack by making sure that the configuration settings are properly set as well as exploit mitigation techniques are applied to resist attacks and exploitations.

  • Next Generation Protection- It can be used by the Microsoft Defender for Endpoint to catch all types of emerging threats in order to further reinforce the security perimeter of your network. 

  • Endpoint Detection & Response- This capability can detect, investigate, and respond to advanced threats that may have made it past through the first two security pillars. 

  • Automated Investigation & Remediation- Besides quickly responding to the advanced attacks, Microsoft Defender for Endpoint provides automatic investigation and remediation capabilities that allows you to reduce the volume of alerts in minutes at scale. 

  • Secure Score for Devices- It is included to help you assess the security state of your enterprise network, identify unprotected systems, and take recommended actions dynamically to improve the overall security of your organization. 

  • Microsoft Threat Experts- It offers proactive hunting, prioritization, as well as extra context and insights which in turn empower your Security Operations Centers (SOCs) to identify as well as respond to threats quickly and accurately.

  • Management of APIs- You can integrate Microsoft Defender for Endpoint into your existing workflows. 

  • Microsoft 365 Defender- It's a part of Microsoft 365 Defender solution that allows you to implement end-to-end security across possible attack surfaces in modern workplace.      

Microsoft Defender for Identity

It's a cloud-based security solution that leverages your on-premises AD signals to identify, detect, as well as investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. It also allows SecOp analysts and security  professionals to detect advanced attacks in hybrid environments to:
  1. Monitor users, entity behavior, and activities with learning-based analytics.
  2. Protect user identities and credentials stored in AD.
  3. Identify and investigate suspicious user activities and advanced attacks throughout kill chain.
  4. Provide clear incident information on a simple timeline for fast triage. 

Monitor & profile user behavior & activities

Microsoft Defender for Identity can monitor as well as analyze user activities and information across your network, like permissions and group memberships, creating a behavioral baseline for each user. After that Azure ATP identifies the anomalies with the help of an adaptive built-in intelligence providing you with insights into suspicious activities as well as events to reveal any kind of advanced threats, compromised users, and insider threats troubling your organization. Its proprietary sensors can easily monitor organizational domain controllers, granting a comprehensive view for all user activities from every device. 

Protect user identities & reduce the attack surface

It offers you priceless insights on identity configurations and suggests security best-practices through security reports, and user profile analytics. Azure ATP allows you to reduce your organizational attack surface, further making it difficult to compromise user credentials and an advance attack. Its reports can help you to identify authenticated users as well as devices through clear-text passwords and offers extra insights to improve your organizational security posture and policies.

Identify suspicious activities & advanced attacks across the cyber-attack kill-chain

Azure ATP is capable of detecting any kind of advanced threat at the source throughout the entire cyber attack kill-chain:

  • Reconnaissance- Can identify rogue users as well as attackers' attempts to gain any information about user names, users' group membership, IP addresses assigned to devices, resources, and whatnot, with the help of various methods. 

  • Compromised credentials- Can identify attempts to compromise user credentials with the help of brute force attacks, failed authentications, user group membership changes, and the other methods.

  • Lateral movements- Can detect attempts to move laterally inside the network to gain further control of sensitive users, with the help of methods like, Pass the Ticket, Pass the Hash, Overpass the Hash, and more.

  • Domain dominance- Can highlight an attacker's behavior via remote code execution on the domain controller, and methods like DC Shadow, malicious domain controller replication, Golden Ticket activities, and more.  










To read part 1, please click here

























































Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)