What does the M365 Suite do?<\/b><\/h3>\n\n- Protects against the threats and attackers<\/span><\/li>\n<\/ul>\n
Whizlabs, on 27 November 2021,\u00a0 conducted a well organised webinar on \u2018Threat Protection with Microsoft 365 Defender\u2019 with Mr. Anand Rao.<\/span><\/p>\nAnand Rao is a Senior Technical Instructor and a Cloud Consultant with more than 15 years of experience. He<\/span> started with break fix environments and troubleshooting mainly on Microsoft platforms. With his forte being Directory services, he has been working on Identity and Access Management Systems for the\u00a0 last 15 years. He started working on Cloud in 2012 and to date, he has worked with various cloud platforms like Azure, Microsoft Services, Amazon web services, and more. His passion for Cyber Security got him certified in Ethical Hacking and Computer Security.<\/span><\/p>\nFollowing is the brief on his detailed explanation and discussion during the Webinar.<\/span><\/p>\nWhat is a Threat?<\/b><\/h4>\n
Threats are potential weaknesses and the <\/span>attackers<\/b> capitalise on these weaknesses to infiltrate the organisation. The attackers will cross multiple domains so when the attacker is trying to get into your environment, they will not take the front door, instead, they will do reconnaissance.<\/span><\/p>\nReconnaissance is a military term that means doing thorough research on the enemy. Is it possible to take the equipment or ammunition there, are there enough food and supplies available, can we take the road or should we presume airways?<\/span><\/p>\nIn simple words, <\/span>planning and preparing<\/b>.<\/span><\/p>\nSo, how do the attackers figure out these things in lieu of Cyber Security?<\/span><\/p>\nThey will figure out their attack space through emails, identities such as user accounts using the user id and password, endpoints that are devices like mobile phones, android, iOS, laptops, and other applications.<\/span><\/p>\nThe attackers will use their vulnerability and enter the infrastructure, i.e. the <\/span>attack surface<\/b>.<\/span><\/p>\nThe smaller the attack surface, the better it is for the infrastructure.<\/span><\/p>\nDefence solutions, apart from Microsoft365 Defender, are Checkpoint, Barracuda Palo alto, and more.<\/span><\/p>\nSim solutions that aggregate all the logs altogether pave a new way for logs.<\/span><\/p>\nToday defence solutions have been designed for multiple purposes like, to:<\/span><\/p>\n\n- Protect<\/span><\/li>\n
- Detect<\/span><\/li>\n
- Block<\/span><\/li>\n<\/ol>\n
A defender protects your business from becoming vulnerable to these attacks, detects them on time and, the final step is to block the threats from each of the domains i.e. endpoints, apps, emails, etc.<\/span><\/p>\nSo, the job of the whole M365 defender suite is to protect your identities, endpoints, applications onboarded to Microsoft Azure and other third party applications, and your emails and documents in office 365.<\/span><\/p>\nWhat if you are using Hybrid Cloud or AWS, Google Cloud or SAS providers like DocuSign, box and Dropbox solutions, Salesforce or ITSM solutions like ServiceNow?<\/span><\/p>\nThe answer is, this is a one stop solution for all the domains like endpoints, applications, and more.<\/span><\/p>\nThe Cyber security teams are facing a lot of risks at present, but at the very same time, there are many tools available that provide advanced security analytics like Machine learning, making it possible to fight back with agility and adaptable defence systems. The security teams have to go through a number of alerts, some of which are legitimate while some of them are false positives and noises that are displayed on logs, which means significant damage to all the hard work that is hard to handle.<\/span><\/p>\nSome facts<\/b><\/h4>\n\n- An average large organisation monitors a minimum of <\/span>17000 malware warnings<\/b> each week.<\/span><\/li>\n
- It takes <\/span>99 days<\/b> for an organisation of this scale to discover a breach, which means it gives a huge amount of time to the attacker to enter inside and collect all the data.<\/span><\/li>\n
- It takes less than <\/span>48 hours<\/b> for an attacker to take complete control of the network.<\/span><\/li>\n
- Around <\/span>4 million dollars<\/b> is the average cost of a data breach to a company.<\/span><\/li>\n<\/ul>\n
What are the common threats?<\/b><\/h4>\n\n- Credential Theft: password spray attacks and collects the credentials.<\/span><\/li>\n
- Malware: MALicious softWARE, for instance, Ransomware<\/span><\/li>\n
- Phishing: For example, creating an email and when a person clicks on it, it copies the data to an attacker system.<\/span><\/li>\n
- Infrastructure attacks: kind of physical attacks done sometimes via pen drive being inserted into the system that contains the data.<\/span><\/li>\n<\/ul>\n
Timeline of an attack<\/b><\/h4>\n
![\"Timeline](\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2021\/12\/Timeline-of-an-attack-300x169.png\")
<\/p>\n
The attacker performs research and preparation alias Reconnaissance, or OSINT (open source intelligent information) collection or aggregates data from the previous attacks. Just when the attacker has all the information, it will attack the system. It will then use phishing and get the first system affected, called <\/span>Patient zero<\/b>, going further to privilege escalation leading to credential theft wherein they make use of admin tools and compromise on the configuration of the machine. Thus, the attacker goes from one system or server to another and then many, thereby achieving <\/span>Domain Dominance<\/b>. Here, they unlock the Admin credentials, the key to any system. Now they have everything that they need, that is Intellectual property proprietary information, formulas, maps, and more data. Then comes the data exfiltration which includes running some scripts and the attackers spend a considerable amount of time and there they go undetected for over 200 days.\u00a0<\/span><\/p>\nWhat are the capabilities of Microsoft 365 Defender Suite?<\/b><\/h4>\n
Whizlabs, on 27 November 2021,\u00a0 conducted a well organised webinar on \u2018Threat Protection with Microsoft 365 Defender\u2019 with Mr. Anand Rao.<\/span><\/p>\n Anand Rao is a Senior Technical Instructor and a Cloud Consultant with more than 15 years of experience. He<\/span> started with break fix environments and troubleshooting mainly on Microsoft platforms. With his forte being Directory services, he has been working on Identity and Access Management Systems for the\u00a0 last 15 years. He started working on Cloud in 2012 and to date, he has worked with various cloud platforms like Azure, Microsoft Services, Amazon web services, and more. His passion for Cyber Security got him certified in Ethical Hacking and Computer Security.<\/span><\/p>\n Following is the brief on his detailed explanation and discussion during the Webinar.<\/span><\/p>\n Threats are potential weaknesses and the <\/span>attackers<\/b> capitalise on these weaknesses to infiltrate the organisation. The attackers will cross multiple domains so when the attacker is trying to get into your environment, they will not take the front door, instead, they will do reconnaissance.<\/span><\/p>\n Reconnaissance is a military term that means doing thorough research on the enemy. Is it possible to take the equipment or ammunition there, are there enough food and supplies available, can we take the road or should we presume airways?<\/span><\/p>\n In simple words, <\/span>planning and preparing<\/b>.<\/span><\/p>\n So, how do the attackers figure out these things in lieu of Cyber Security?<\/span><\/p>\n They will figure out their attack space through emails, identities such as user accounts using the user id and password, endpoints that are devices like mobile phones, android, iOS, laptops, and other applications.<\/span><\/p>\n The attackers will use their vulnerability and enter the infrastructure, i.e. the <\/span>attack surface<\/b>.<\/span><\/p>\n The smaller the attack surface, the better it is for the infrastructure.<\/span><\/p>\n Defence solutions, apart from Microsoft365 Defender, are Checkpoint, Barracuda Palo alto, and more.<\/span><\/p>\n Sim solutions that aggregate all the logs altogether pave a new way for logs.<\/span><\/p>\n Today defence solutions have been designed for multiple purposes like, to:<\/span><\/p>\n A defender protects your business from becoming vulnerable to these attacks, detects them on time and, the final step is to block the threats from each of the domains i.e. endpoints, apps, emails, etc.<\/span><\/p>\n So, the job of the whole M365 defender suite is to protect your identities, endpoints, applications onboarded to Microsoft Azure and other third party applications, and your emails and documents in office 365.<\/span><\/p>\n What if you are using Hybrid Cloud or AWS, Google Cloud or SAS providers like DocuSign, box and Dropbox solutions, Salesforce or ITSM solutions like ServiceNow?<\/span><\/p>\n The answer is, this is a one stop solution for all the domains like endpoints, applications, and more.<\/span><\/p>\n The Cyber security teams are facing a lot of risks at present, but at the very same time, there are many tools available that provide advanced security analytics like Machine learning, making it possible to fight back with agility and adaptable defence systems. The security teams have to go through a number of alerts, some of which are legitimate while some of them are false positives and noises that are displayed on logs, which means significant damage to all the hard work that is hard to handle.<\/span><\/p>\n The attacker performs research and preparation alias Reconnaissance, or OSINT (open source intelligent information) collection or aggregates data from the previous attacks. Just when the attacker has all the information, it will attack the system. It will then use phishing and get the first system affected, called <\/span>Patient zero<\/b>, going further to privilege escalation leading to credential theft wherein they make use of admin tools and compromise on the configuration of the machine. Thus, the attacker goes from one system or server to another and then many, thereby achieving <\/span>Domain Dominance<\/b>. Here, they unlock the Admin credentials, the key to any system. Now they have everything that they need, that is Intellectual property proprietary information, formulas, maps, and more data. Then comes the data exfiltration which includes running some scripts and the attackers spend a considerable amount of time and there they go undetected for over 200 days.\u00a0<\/span><\/p>\nWhat is a Threat?<\/b><\/h4>\n
\n
Some facts<\/b><\/h4>\n
\n
What are the common threats?<\/b><\/h4>\n
\n
Timeline of an attack<\/b><\/h4>\n
<\/p>\nWhat are the capabilities of Microsoft 365 Defender Suite?<\/b><\/h4>\n
![\"Capabilities](\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2021\/12\/Capabilities-of-Microsoft-365-300x53.png\")
<\/p>\n