Select Page
Image showing protection of critical web applications. Azure ID, CIS IDs, and Responsibility.

Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure

The Azure security team is pleased to announce that the Azure Security Benchmark v1 (ASB) is now available. ASB is a collection of over 90 security best practices recommendations you can employ to increase the overall security and compliance of ... continue reading

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle ... continue reading

New Azure blueprint for CIS Benchmark

We’ve released our newest Azure blueprint that maps to another key industry-standard, the Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark. This follows the recent announcement of our Azure blueprint for FedRAMP moderate and adds to the growing list ... continue reading

Learning from cryptocurrency mining attack scripts on Linux

Cryptocurrency mining attacks continue to represent a threat to many of our Azure Linux customers. In the past, we've talked about how some attackers use brute force techniques to guess account names and passwords and use those to gain access ... continue reading

IoT Signals retail report: IoT’s promise for retail will be unlocked addressing security, privacy and compliance

Few industries have been disrupted by emerging technology quite like retail. From exploding online sales to the growth of mobile shopping, the industry has made a permanent shift to accommodate digital consumers. The rise of IoT has forced the retail ... continue reading
Zero Hype

Zero Hype

At Ignite, I had the privilege of presenting “Zero Hype” with my colleagues Nupur Goyal (@nupur_11) who leads our Product Marketing, and Yinon Costica (@c0stica) who directs program management for Azure Security Center, Microsoft Cloud App Security, and Azure ATP ... continue reading
Image of security workers in an office.

CISO series: Lessons learned from the Microsoft SOC—Part 3b: A day in the life

The Lessons learned from the Microsoft SOC blog series is designed to share our approach and experience with security operations center (SOC) operations. We share strategies and learnings from our SOC, which protects Microsoft, and our Detection and Response Team ... continue reading
clipboard_image_0.png

Using Azure Security Center and Log Analytics to Audit Use of NTLM

The purpose of this post is to show how you can collect and query security events of interest from Windows servers. To do this we will use: Azure Security Center to collect events Log Analytics Workspace to store events Kusto ... continue reading
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities

Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS. Background Intelligent Transfer Service (BITS) is a component of ... continue reading
Timeline of evolution of Dexphot malware

Insights from one year of tracking a polymorphic threat

A little over a year ago, in October 2018, our polymorphic outbreak monitoring system detected a large surge in reports, indicating that a large-scale campaign was unfolding. We observed as the new threat attempted to deploy files that changed every ... continue reading