Threat Intelligence

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers

Clouds and FEDRAMP Before we dive into how to ingest data from AWS into Microsoft Sentinel, we need to understand what levels each cloud is FedRamp authorized to operate.  This is not a deep discussion on compliance, just a quick overview of what levels each cloud is authorized to operate at.  For specific compliance or […]

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers Continue Reading

An Enterprise Design for Azure Machine Learning – An Architect’s Viewpoint

1. Problem Statement Many Organisations want to create enterprise data science capability. The goals can include unlocking value from their data assets, reducing cost, and driving customer engagement. While many organisations have an initial capability, challenges can arise while “scaling and industrialization” into an enterprise service. This Point-of-view provides an opinionated design for a “fit

An Enterprise Design for Azure Machine Learning – An Architect’s Viewpoint Continue Reading

How Microsoft discovers and mitigates evolving attacks against AI guardrails

As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can arise from its use. Our ongoing commitment to advance safe, secure, and trustworthy AI includes transparency about the capabilities and limitations of large language models (LLMs). We prioritize research on societal risks and building secure,

How Microsoft discovers and mitigates evolving attacks against AI guardrails Continue Reading

Azure Firewall: Comprehensive Comparison & Best Practices

Azure Firewall, a managed, cloud-based network security service, is an essential component of Azure’s security offerings. It comes in three different versions – Basic, Standard, and Premium – each designed to cater to a wide range of customer use cases and preferences. This blog post will provide a comprehensive comparison of these versions, discuss best

Azure Firewall: Comprehensive Comparison & Best Practices Continue Reading

Microsoft Defender for Cloud Full Coverage for Azure Open-Source Relational Databases

Microsoft Defender for Cloud now provides full threat protection coverage for all instances of Azure open-source relational databases: PostgreSQL, MySQL and MariaDB – helping customers safeguard their business-critical database against cyberattacks. Azure Database for MySQL Flexible Server (GA as of today) and Azure Database for PostgreSQL Flexible Server (extended post-GA features), providing customers with a

Microsoft Defender for Cloud Full Coverage for Azure Open-Source Relational Databases Continue Reading

Microsoft Defender for Cloud Adds Full Coverage for Azure Open-Source Relational Databases

Microsoft Defender for Cloud now provides full threat protection coverage for all instances of Azure open-source relational databases: PostgreSQL, MySQL and MariaDB – helping customers safeguard their business-critical database against cyberattacks. Azure Database for MySQL Flexible Server (GA as of today) and Azure Database for PostgreSQL Flexible Server (extended post-GA features), providing customers with a

Microsoft Defender for Cloud Adds Full Coverage for Azure Open-Source Relational Databases Continue Reading

Unleashing the Power of Microsoft Defender for Cloud – Unique Capabilities for Robust Protection

Microsoft Defender for Cloud (MDC) is a cloud-native application protection platform (CNAPP) that is made up of security measures and practices that are designed to protect cloud-based applications from various cyber threats and vulnerabilities. In this article we make a case that the unique capabilities provided by MDC will be hard to replicate with a

Unleashing the Power of Microsoft Defender for Cloud – Unique Capabilities for Robust Protection Continue Reading

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview

Today, I am excited to announce the public preview of our unified security operations platform. When we announced a limited preview in November 2023, it was one of the first security operations center platforms that brought together the full capabilities of an industry-leading cloud-native security information and event management (SIEM), comprehensive extended detection and response

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview Continue Reading

A Copilot for Security Customer’s Guide to MDTI

With just one Security Compute Unit (SCU), Copilot for Security customers have unlimited access to the powerful operational, tactical, and strategic threat intelligence in Microsoft Defender Threat Intelligence (MDTI), a $50k per seat value, at no extra cost. This compendium of high-fidelity intelligence developed by Microsoft’s team of more than 10,000 multidisciplinary security experts and

A Copilot for Security Customer’s Guide to MDTI Continue Reading

Secrets scanning for Cloud deployments

Over the past year, our CNAPP solution has gone through progressive enhancements, particularly around secret management. It all began with the ability to identify various secret types across virtual machines (VMs). Subsequently, we expanded our focus to include a wide range of metadata associated with these secrets, providing valuable context.  Today, we are excited to

Secrets scanning for Cloud deployments Continue Reading