Common Threats
-Dictionary Attack = Attacker attempts to steal an identity by brute forcing into a target accounts
-Disruptive Attack = An attack which attempts to disrupt a computer system or network for various reasons: DDoS, Coin miners, Rootkits, Trojans, Worms, etc.
-Ransomware = A type of malicious software (malware) that when installed holds data, workstation or a network hostage.
-Data Breach = When a malicious actor gains unautorized access to a system in order to extract private data.
Extended Detection and Response (XDR) -
Endpoint Detection and Response (EDR)
XDR is cross-layered detection and response security system. Uses a holistic approuach to detect and respond threats that would normalyy evade detection in a single-vector solution by collaborating multiple data sources into a multi-vector solution.
EDR combines real-time continous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
Cloud Access Security Broker (CASB)
CASB sits between cloud service users and cloud applications, and monitors all activity and enforced security policies.
- Remote Workforce / Corporate Office
- CASB: Control and Monitoring, Compliance Management, Data Security. Threat Protection
- Cloud Services
Cloud Security Posture Management (CSPM)
Security Posture: A formula to determine the overall effectiveness of a companies security overall defense
CSPM identify and remediate risks through security assessments and automated compliance monitoring. Automatically alerts security staff when a vulnerability is found.
-Zero Trust-based access control
-Real-time risk scoring
-Threat and Vulnerability Management (TVM)
Just-in-Time | Just Enough Privilege
JIT = Giving access to resources only during the time when needed reducing the surface attack.
JeP = Giving access to only the specific actions (API calls) reducing the surface attack.
Automated Investigation and Remediation (AIR)
Automated Investigation = A service which uses an inspection algorithms that triggers an alert which in turn creates an incident
Automated Remediation = A service which watches for types of incidents and matches it with a remediation action
Threat Analysis & Modelling
TA = Is the practice of mitigating possible threats via threat modelling
TM = A structured process for identifying attackers and cataloging possible threats
Microsoft Security Development Lifecycle uses STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) and provides a tool to assist with this process > Microsoft Threat Modelling Tool
Microsoft Privacy Principles
- Control = You are in control of your privacy with easy-to-use tools and clear choices
- Transparency = We will be transparent about data collection so you can make informed decisions
- Security = We will protect your data with strong security and encryption
- Strong legal protections = We will respect your local privacy laws and fight for legal protection
- No content-based targeting = We will not use you email, chat, files or other, to target ads to you
- Benefits to you = When we do collect data, we will use it to make your experience better
Microsoft Privacy
- Control your data = Your data belongs to you, Data processing only with consent
- Control data location = You choose where your data is located
- Securing your data = AES256 (at-rest), SSL/TLS (in-transit), Key Vault (Encryption keys)
- Defending your data = Responding to data requests, Law requests
Primary Security Perimeter
Traditional security focused on firewalls and VPNs since there were few employees or workstations outside the office.
-BYOD, remote workstations access controls via Zero-trust model, e.g MFA
-User Identity Management becoming the primary perimeter for security (AD)
Microsoft Entra ID
Is Microsoft’s cloud-based identity and access management service.
- Free = MFA, SSO, Basic Security and Usage Reports, User Management
- Office 365 Apps = Company Branding, SLA, Two-Sync between On-Premise and Cloud
- Premium 1 = Hybrid Architecture, Advanced Group Access, Conditional Access
- Premium 2 = Identity Protection, Identity Governance
Can authorize and authenticate multiple sources:
On-Premises = Azure AD Connect
Web-App = App Registrations
Google & Facebook = External identities
Azure & M365 = Cloud Applications
App Registrations = Allows developers to integrate web-apps to use Azure AD authenticate users and request access to user resources such as email. calendar, and documents
External Identities = Allows people outside your organization to access your apps and resources, while letting them sign in using whatever identity they prefer
-B2B = Allows external business to authenticate with you app
-B2C = Allows customers to authenticate with your app
MDM and MAM
Mobile Device Management (MDM) = Control the entire device, can wipe data from it , and also reset it to factory settings
Mobile Application Management (MAM) = Publish, push, configure, secure, monitor, and update mobile apps for your users.
-Managed via Microsoft Intune
-You need Azure AD Premium 2
-Intune not part of Microsoft Endpoint Manager
Azure AD Connect
Is a hybrid service to connect your on-premises AD to you Azure Account
-Allows for SSO from your on-premises workstation to Azure
-Password Hash Synchronization = Sign-in method, synchronizes a hash of a users on-premises AD password with Azure AD
-Pass-through Authentication = Sign-in method, allows users to use the same password on-premises and in the cloud
-Federation Integration = Hybrid environment using an on-premises AD FS infrastructure, for certificate renewal
Azure Encryption Overview
-Azure Storage Service Encryption (SSE) = Protect data at rest by automatically encrypting before persisting it to: Managed disks, Blob Storage, Files, Queue.
-Transparent Data Encryption (TDE) = Encrypts data-at-rest for Microsoft Databases
AzureManaged Disks Supports 2 types of encryption:
- Server Side Encryption (SSE) = Encryption at rest enabled by default for all managed disks, snapshots and images. Keys can be managed in two ways: 1-Platform-managed keys (Azure manages) 2-Customer-managed keys (You manage)
- Azure Disk Encryption = Encrypt Windows and Linux IaaS VMs disks.
Azure Security Benchmark
Includes a collection of high-impact security recommendations you can use to help secure the services you use in Azure. It includes Security Controls and Service Baselines.
-Security Controls = Recommendations applicable across your Azure tenant and services.
-Service Baselines = Recommendations on a individual service’s configuration. (minimum)
Azure Security Center
Is a unified infrastructure security management system, it strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud.
-Regulatory Compliance Dashboard shows your compliance posture for a set of supported standards and regulations.
-Secure Score = Single score that represents your current security situation
Microsoft Defender
Provides advanced protection for you Azure and on-premises workloads. Composed of:
-Coverage: Lets you see the resources types in your subscription, elegible for protection.
-Security Alerts: Describe detauls of the affected resources, suggested remediation steps
-Insights: Rolling pane of news for reading (high priority alerts)
-Advanced Protection: Additional security features that are driven by analytics (VM/SQL Vulnerability Assessment, Just-in-time VM access, Adaptative Application Control, etc.)
Provides a unified pre- and post-breach enterprise defense suite that natively coordinates responses (detection, prevention, investigation) and across (endpoints identities, email, applications) to provide integrated protection against sophisticated attacks.
-Has Secure Score
Exchange Online Protection
EOP is a cloud-based filtering service that protects your organization against spam, malware, and other email threats. Anti-malware, Anti-spam, Connection filtering, Anti-phishing, Anti-spoofing, etc.
-
Describe security and compliance concepts10
-
Define identity concepts7
-
Describe the capabilities of Microsoft Entra30
-
Describe core infrastructure security services in Azure8
-
Describe security management capabilities of Azure6
-
Describe capabilities of Microsoft Sentinel5
-
Describe threat protection with Microsoft Defender XDR9
-
Describe Microsoft Service Trust Portal and privacy capabilities3
-
Describe the compliance management capabilities in Microsoft Purview5
-
Describe information protection, data lifecycle management, and data governance capabilities of Microsoft Purview11
-
Describe insider risk, eDiscovery, and audit capabilities in Microsoft Purview4
-
Extra18
