Blue Security Andy Jaw & Adam Brewer
-
- Technologie
-
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
-
VDI and Shared Responsibility Model
In this episode, Andy and Adam discuss the importance of VDI (Virtual Desktop Infrastructure) in security and enterprise architecture. They highlight the security benefits of VDI, such as separating end user environments from the underlying physical hardware, centralized management of baseline images and patches, and the ability to keep sensitive data in the data center. They also explore the shared responsibility model in cloud computing, where the cloud provider is responsible for the security of the infrastructure, but the end users are responsible for protecting their data and assets stored in the cloud.
Takeaways
-VDI provides security benefits by separating end user environments from the underlying physical hardware and centralizing management of baseline images and patches.
-The shared responsibility model in cloud computing means that while the cloud provider is responsible for the security of the infrastructure, the end users are responsible for protecting their data and assets stored in the cloud.
-Understanding the shared responsibility model is crucial for security practitioners to ensure they are defending their organization's data effectively.
-Minimizing the use of IaaS and on-premises models in favor of PaaS and SaaS models can reduce the organization's security responsibilities and provide better security.
-It's important to know what you're responsible for in terms of data protection and security when using cloud services.
-----------------------------------------------------------
YouTube Video Link:
-----------------------------------------------------------
Documentation:
https://x.com/itguysocal/status/1769052129111707877?s=46&t=wVpJpdH7u2mDZZDEtx3bMg
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://aws.amazon.com/compliance/shared-responsibility-model/
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero -
Entra Follow-up, Helpdesk Security, Certifications
In this episode, Andy and Adam clarify some points from the previous episode and discuss two main topics: mitigating social engineering attacks on IT help desks and the value of certifications in cybersecurity. They provide practical tips for securing IT help desks, such as requiring callbacks, video verifications, and supervisor verification. They also share their thoughts on certifications, highlighting the importance of experience and continuous learning over the number of certifications. They recommend certifications from AWS and Microsoft for beginners and discuss the relevance of TCP/IP knowledge in today's cybersecurity landscape.
Takeaways
-Mitigate social engineering attacks on IT help desks by implementing measures such as requiring callbacks, video verifications, and supervisor verification.
-Certifications in cybersecurity can be valuable for beginners and for demonstrating knowledge and skills to employers, but they should not be the sole focus. Experience and continuous learning are more important.
-Certifications from AWS and Microsoft are cost-effective options for beginners in the field.
-TCP/IP knowledge, while important, may not be as relevant in today's cybersecurity landscape as other skills and knowledge areas.
-Adaptability and meeting employers where they are in terms of security practices are crucial in the field of cybersecurity.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/BHcR7bAyMlY
-----------------------------------------------------------
Documentation:
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
https://twitter.com/infosec_fox/status/1778404395035550105?t=wVpJpdH7u2mDZZDEtx3bMg
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: -
Managed Machines, E3 vs E5
In this episode of the Blue Security Podcast, Andy Jaw and Adam Brewer discuss two main topics: the importance of managed devices for improving security posture and the bundling of security solutions in Microsoft licensing. They highlight the shift towards requiring Intune and Azure AD joined devices for improved device management and security. They also address the question of why Microsoft doesn't include more security solutions in their basic bundles, explaining the challenges of bundling and the need to compete fairly in the security market.
Takeaways
-Managed devices, specifically Intune and Azure AD joined devices, are crucial for improving security posture.
-Hybrid join is the bare minimum for requiring managed machines, but Intune and Azure AD compliance provide continuous device health attestation and better device risk management.
-Microsoft's licensing bundles, such as E3 and E5, do not include all security solutions because it would raise prices and not all customers need or want those solutions.
-Microsoft aims to compete fairly in the security market and offers value in their licensing options, with E5 being the most comprehensive and cost-effective solution.
-Customers have the flexibility to choose third-party security solutions and integrate them with Microsoft's offerings.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/Fv5yns0olmU
-----------------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/autopilot/windows-autopilot-hybridhttps://techcommunity.microsoft.com/t5/manufacturing/getting-started-with-an-intune-device-management-poc/ba-p/2703678
https://www.techrepublic.com/article/microsoft-teams-unbundle-office-eu-probe/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: -
Teams External User Phishing
This episode of the Blue Security Podcast discusses the issue of finding logs for chats between external and internal users in Microsoft Teams. The hosts explore various methods for detecting and alerting on suspicious chats, including using KQL queries, creating workbooks, and leveraging communication compliance features. They also highlight the connection between Teams, Exchange Online, and SharePoint, and the importance of protecting against malicious links and educating users about phishing threats. The episode concludes with a discussion on the significance of single sign-on configuration and the need for a holistic approach to security.
Takeaways
-Implementing KQL queries and workbooks can help detect and analyze logs for chats in Teams
-Communication compliance features can be used to detect insider risks and inappropriate behavior in chats.
-Protecting against malicious links and educating users about phishing threats are crucial for maintaining security in Teams.
-Configuring single sign-on and requiring managed machines can enhance security and prevent credential theft.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/y4EEhkw7EpA
-----------------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/mdo-support-teams-about?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about?view=o365-worldwide#safe-links-settings-for-microsoft-teams
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-teams?view=o365-worldwide
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: -
Midnight Blizzard Update, CISO Technical Skills, BEC + Automatic Attack Disruption
This episode covers updates on the Midnight Blizzard attack, the role of CISOs and their technical expertise, the need for international standards in cyber warfare, and defending against business email compromise.
Takeaways
-Microsoft provides an update on the Midnight Blizzard attack, revealing attempts to gain unauthorized access to internal systems.
-The technical expertise of CISOs is important, but they don't need to be deeply technical. Understanding the solutions, threats, and being able to explain them is crucial.
-Cyber warfare is a serious issue, and there is a need for international standards to define appropriate targets for attacks.
-Microsoft demonstrates how their ecosystem defends against business email compromise using automatic attack disruption.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/SQGJT2qLLms
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
https://www.sec.gov/edgar/browse/?CIK=789019&owner=exclude
https://www.youtube.com/watch?v=GnEGWzfxU8c
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------- -
Microsoft Secure Recap
This episode of the Blue Security Podcast covers the announcements made at Microsoft Secure, focusing on Microsoft Copilot for Security, Microsoft Security Exposure Management, and updates to Microsoft Purview and Intune. The episode also highlights the integration of Copilot with Intune and the economic study that demonstrates the increased efficiency and accuracy of security analysts when using Copilot. Overall, the announcements showcase the advancements in Microsoft's security offerings and the value they bring to organizations.
Takeaways
-Microsoft Copilot for Security is a powerful tool that provides security analysts with AI-driven assistance in incident analysis, policy management, and more.
-The licensing model for Copilot for Security is consumption-based, allowing organizations to use it as much as needed without overwhelming costs.
-Microsoft Security Exposure Management offers a comprehensive threat exposure management process, integrating various security solutions and providing insights to mitigate risks.
-The integration of Copilot with Intune enables administrators to easily understand and manage policy settings, security impact, and more.
-----------------------------------------------------------
Youtube Video Link: https://youtu.be/8CH_OasAo0Q
-----------------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/protect-at-the-speed-and-scale-of-ai-with-copilot-for-security/ba-p/4078785
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-adds-identity-skills-to-copilot-for-security/ba-p/4081857
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-introduces-a-preview-of-copilot-in-intune/ba-p/4083276
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero