Select Page
Diagram representing how Azure Sentinel connects with Azure Security Center

Securing the hybrid cloud with Azure Security Center and Azure Sentinel

Infrastructure security is top of mind for organizations managing workloads on-premises, in the cloud, or hybrid. Keeping on top of an ever-changing security landscape presents a major challenge. Fortunately, the power and scale of the public cloud has unlocked powerful ... continue reading
Phishing with the Sharks Using the Attack Simulator

Phishing with the Sharks Using the Attack Simulator

First published on TECHNET on Dec 03, 2018Hello, Paul Bergson back again. It is late fall and once again playoff time for High School and Collegiate volleyball. Women's volleyball in Minnesota is a big deal and I have played and ... continue reading
Fig1-number-of-read-perations-vs-number-of-bytes-read

Detecting credential theft through memory access modelling with Microsoft Defender ATP

Stealing user credentials is a key step for attackers to move laterally across victim networks. In today’s attacks, we see a range of tools used to achieve credential theft, requiring protections that target the root behavior and not just individual ... continue reading
Image showing key SOC functions: threat intelligence, incident management, and SOC analysts (tiers 1, 2, and 3).

Lessons learned from the Microsoft SOC—Part 2: Organizing people

In the second post in our series, we focus on the most valuable resource in the security operations center (SOC)—our people. This series is designed to share our approach and experience with operations, so you can use what we learned ... continue reading
docker1

Detecting threats targeting containers with Azure Security Center

More and more services are moving to the cloud and bringing their security challenges with them. In this blog post, we will focus on the security concerns of container environments. In a previous blog post Azure Security Center announced new ... continue reading
Image of a table which show Traditional correlation engines and Fusion technology solutions. Solutions consist of Iterative attack simulation, Probabilistic cloud kill chain, and Advances in graphical menthods.

Building the security operations center of tomorrow—better insights with compound detection

In the physical world, humans are fantastic at connecting low quality signals into high quality analysis. Consider speaking with someone in a crowded place. You may not hear every word they say, but because you are fluent in the language ... continue reading

DART: the Microsoft cybersecurity team we hope you never meet

If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know ... continue reading

Helping security professionals do more, better

I’m on my way to the RSA Conference in San Francisco, California, and am looking forward to connecting with our customers and partners there. We have a lot to talk about. Last week, Ann Johnson announced two new services that ... continue reading
Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

Insights from the MITRE ATT&CK-based evaluation of Windows Defender ATP

In MITREs evaluation of endpoint detection and response solutions, Windows Defender Advanced Threat Protection demonstrated industry-leading optics and detection capabilities. The breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior ... continue reading

Phishing with the Sharks Using the Attack Simulator

Hello, Paul Bergson back again. It is late fall and once again playoff time for High School and Collegiate volleyball. Women’s volleyball in Minnesota is a big deal and I have played and coached for over 30 years and I ... continue reading