Security

Technical articles from Microsoft’s official blogs of in-depth discussions of security, cybersecurity and technology trends affecting trust in computing. This includes timely security news, trends, and best practices.

Microsoft Defender for Cloud PoC Series – Microsoft Defender for APIs

Introduction This Microsoft Defender for Cloud PoC Series provides guidelines on how to perform a proof of concept for specific Microsoft Defender plans. For a more holistic approach where you need to validate Microsoft Defender for Cloud and Microsoft Defender plans, please read How to Effectively Perform an Microsoft Defender for Cloud PoC article. Defender for APIs provides […]

Microsoft Defender for Cloud PoC Series – Microsoft Defender for APIs Continue Reading

Microsoft Power BI and Microsoft Defender for Cloud

Introduction As cloud environments grow more complex and threats increase, organizations need robust tools to monitor, analyze, and respond to security issues effectively. Microsoft Defender for Cloud (MDC) offers robust security management, but to unlock its full potential, organizations need powerful visualization and analysis tools. While Azure Workbooks provide valuable visualizations for MDC data, integrating

Microsoft Power BI and Microsoft Defender for Cloud Continue Reading

Unified Security Operations Platform – Technical FAQ!

Introduction If you are a security practitioner who uses Microsoft Sentinel and Microsoft Defender XDR in your daily workflows, and you have tried or are evaluating the unified security operations platform for your SOC – this blog is for you. With Microsoft Sentinel now Generally Available in the Microsoft Defender portal, as part of our

Unified Security Operations Platform – Technical FAQ! Continue Reading

What’s new: Run playbooks on incidents on-demand going GA in unified platform

Automation is a key facilitator for a SOC’s ability to save time and let the team focus on what matters most. We are happy to announce that the ability to run a playbook on incidents on demand is now hitting GA! Run playbooks as part of incident investigation and response Automation rules are incredibly useful

What’s new: Run playbooks on incidents on-demand going GA in unified platform Continue Reading

Vulnerabilities in PanelView Plus devices could lead to remote code execution

Microsoft discovered and responsibly disclosed two vulnerabilities in Rockwell Automation PanelView Plus that could be remotely exploited by unauthenticated attackers, allowing them to perform remote code execution (RCE) and denial-of-service (DoS). The RCE vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device.

Vulnerabilities in PanelView Plus devices could lead to remote code execution Continue Reading

Using Cribl Stream to ingest logs into Microsoft Sentinel

I would like to thank Javier Soriano, Eric Burkholder and Maria de Sousa-Valadas for helping out on this blog post. On 06 May 2024 it was announced by Microsoft here and by Cribl here that together, Microsoft and Cribl are working to drive accelerated SIEM migrations for customers looking to modernize their security operations (SecOps) with Microsoft

Using Cribl Stream to ingest logs into Microsoft Sentinel Continue Reading

More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes

Microsoft threat intelligence empowers our customers to keep up with the global threat landscape and understand the threats and vulnerabilities most relevant to their organization. We are excited to announce that we have recently accelerated the speed and scale at which we publish threat intelligence, giving our customers more critical security insights, data, and guidance

More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes Continue Reading

Introducing SOC Optimization API

SOC optimization is a new feature designed to combine the power of out of the box content with the flexibility of the SIEM to help you optimize your SOC processes and coverage to your organization’s specific needs, priorities, threats and environment. The first phase of this new feature helps you gain deep insights into your

Introducing SOC Optimization API Continue Reading

Mitigating Skeleton Key, a new type of generative AI jailbreak technique

In generative AI, jailbreaks, also known as direct prompt injection attacks, are malicious user inputs that attempt to circumvent an AI model’s intended behavior. A successful jailbreak has potential to subvert all or most responsible AI (RAI) guardrails built into the model through its training by the AI vendor, making risk mitigations across other layers

Mitigating Skeleton Key, a new type of generative AI jailbreak technique Continue Reading

Working with a cybersecurity committee of the board

I serve on the board of a publicly traded company. I fostered the creation of the board’s cybersecurity committee and I co-lead it. I’ve reflected on my work as a Global Black Belt, an advisor to chief information security officers (CISOs) and IT security and compliance teams, and studied best practices to set up a

Working with a cybersecurity committee of the board Continue Reading