193 episodes
Blue Security Andy Jaw & Adam Brewer
-
- Technology
-
-
4.6 • 11 Ratings
-
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
-
Entra Private Access, Endpoint Privilege Management
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft Entra Private Access and Endpoint Privilege Management. Entra Private Access is a modern secure edge solution that allows remote users to access on-premise applications in a micro-segmented manner. It enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without giving them complete local admin access. It also supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
Takeaways
-Microsoft Entra Private Access is a modern secure edge solution for remote users to access on-premise applications in a micro-segmented manner.
-Entra Private Access enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users.
-Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without complete local admin access.
-Endpoint Privilege Management now supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ye3s2SNhqao
-----------------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/endpoint-privilege-management-adds-support-approved-elevations/ba-p/4101196
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero -
MSRC Transparency and USB Threats
In this episode of the Blue Security Podcast, Andy and Adam discuss two important topics: Microsoft's pledge for greater transparency in identifying and determining root causes for security vulnerabilities, and the increasing sophistication of USB malware attacks in industrial organizations. They provide insights into Microsoft's Secure Future Initiative and the importance of security in the OT and IoT networks. They also offer practical tips for strengthening USB security and data exfiltration prevention.
Takeaways
-Microsoft is pledging greater transparency in identifying and determining root causes for security vulnerabilities in their products and services.
-The Secure Future Initiative aims to transform software development, implement new identity protections, and improve transparency and vulnerability responses.
-USB malware attacks in industrial organizations are increasing in sophistication, with attackers using USB devices to establish silent residency in industrial control systems.
-Organizations should strengthen USB security by blocking or allowing USB devices based on an allow list, scanning USB devices for malicious processes or files, and implementing attack surface reduction rules.
-Data exfiltration prevention is crucial, and organizations should consider implementing full disk encryption, data loss prevention (DLP) rules, and sensitivity labeling to protect sensitive data.
-Visibility and inventory of OT and IoT devices are essential for developing a security strategy, and solutions like Defender for IoT and OT can provide network-based security and inventory management.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/aveWb4fjOek
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
https://www.honeywell.com/us/en/news/2024/04/cybersecurity-in-2024-usb-devices-continue-to-pose-major-threat
https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast -
2024 Verizon Data Breach Report
The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies.
Takeaways
-Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs.
-Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures.
-Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit.
-Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes.
-The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ajqbA9zPUbA
-----------------------------------------------------------
Documentation:
https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: -
Mobile Threats
In this episode, Andy and Adam discuss the growing threat of mobile device threats. They highlight the recent mass password reset and account lockout of Apple IDs and the potential for a mobile wormable event. They explore the conditions necessary for a mobile wormable attack, including the development of zero-click exploits, the abuse of contact lists for further spread, and the lack of clear mitigations from telecommunications and mobile device companies. They also discuss the limitations of lockdown mode and the importance of endpoint protection for mobile devices.
Takeaways
-Mobile devices have become ubiquitous in corporate environments and are vital for both security and operations.
-The conditions necessary for a mobile wormable attack are already in place, including the development of zero-click exploits and the abuse of contact lists for further spread.
-Lockdown mode and mobile threat detection (MTD) solutions can provide some risk mitigation for mobile devices, but they have limitations and limited visibility.
-Endpoint protection for mobile devices, including mobile device management (MDM) and MTD, should be part of an organization's risk mitigation strategy.
-Enterprises should consider implementing baseline security measures for mobile devices, such as a minimum six-digit passcode and keeping the operating system up to date.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/lxWveot8AF4
-----------------------------------------------------------
Documentation:
https://www.macrumors.com/2024/04/27/apple-id-accounts-logging-out-users/
https://go.recordedfuture.com/hubfs/reports/CTA-2024-0416.pdf
https://www.wired.com/story/apple-lockdown-mode-hands-on/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: -
VDI and Shared Responsibility Model
In this episode, Andy and Adam discuss the importance of VDI (Virtual Desktop Infrastructure) in security and enterprise architecture. They highlight the security benefits of VDI, such as separating end user environments from the underlying physical hardware, centralized management of baseline images and patches, and the ability to keep sensitive data in the data center. They also explore the shared responsibility model in cloud computing, where the cloud provider is responsible for the security of the infrastructure, but the end users are responsible for protecting their data and assets stored in the cloud.
Takeaways
-VDI provides security benefits by separating end user environments from the underlying physical hardware and centralizing management of baseline images and patches.
-The shared responsibility model in cloud computing means that while the cloud provider is responsible for the security of the infrastructure, the end users are responsible for protecting their data and assets stored in the cloud.
-Understanding the shared responsibility model is crucial for security practitioners to ensure they are defending their organization's data effectively.
-Minimizing the use of IaaS and on-premises models in favor of PaaS and SaaS models can reduce the organization's security responsibilities and provide better security.
-It's important to know what you're responsible for in terms of data protection and security when using cloud services.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/wdguHOGjs2Q
-----------------------------------------------------------
Documentation:
https://x.com/itguysocal/status/1769052129111707877?s=46&t=wVpJpdH7u2mDZZDEtx3bMg
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://aws.amazon.com/compliance/shared-responsibility-model/
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero -
Entra Follow-up, Helpdesk Security, Certifications
In this episode, Andy and Adam clarify some points from the previous episode and discuss two main topics: mitigating social engineering attacks on IT help desks and the value of certifications in cybersecurity. They provide practical tips for securing IT help desks, such as requiring callbacks, video verifications, and supervisor verification. They also share their thoughts on certifications, highlighting the importance of experience and continuous learning over the number of certifications. They recommend certifications from AWS and Microsoft for beginners and discuss the relevance of TCP/IP knowledge in today's cybersecurity landscape.
Takeaways
-Mitigate social engineering attacks on IT help desks by implementing measures such as requiring callbacks, video verifications, and supervisor verification.
-Certifications in cybersecurity can be valuable for beginners and for demonstrating knowledge and skills to employers, but they should not be the sole focus. Experience and continuous learning are more important.
-Certifications from AWS and Microsoft are cost-effective options for beginners in the field.
-TCP/IP knowledge, while important, may not be as relevant in today's cybersecurity landscape as other skills and knowledge areas.
-Adaptability and meeting employers where they are in terms of security practices are crucial in the field of cybersecurity.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/BHcR7bAyMlY
-----------------------------------------------------------
Documentation:
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
https://twitter.com/infosec_fox/status/1778404395035550105?t=wVpJpdH7u2mDZZDEtx3bMg
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn:
Customer Reviews
Must have podcast for Defenders
Good listen all around. Best podcast I’ve found for Azure, Microsoft 365 security topics. Show notes let you dig deep into topics.