Kurt Shintaku's Blog

Today, organizations face an evolving threat landscape and an exponentially increasing attack surface. Email represents the primary attack vector for cybercrime, and security teams are in search of efficient and cost-effective means to minimize the risk of these threats and the impact they have on organizational productivity and innovation.

We are proud to announce today that Microsoft is positioned as a leader in The Forrester Wave™: Enterprise Email Security, Q2 2021¹, receiving among the highest scores in the strategy category. The Forrester Wave report evaluates enterprise email security solutions and provides a detailed overview of the current offering, strategy, and market presence of these vendors. From the report, “Forrester’s 2021 Wave evaluation of the email security market revealed that secure email gateways (SEGs) are slowly becoming dinosaurs as customers turn to the native security capabilities of cloud email infrastructure providers”. Microsoft Defender for Office 365 received the highest possible score in the incident response, threat intelligence, and endpoint and endpoint detection and response (EDR) solutions integration criteria, as well as in the product strategy, customer success, and performance and operations criteria.

…

Read about the Wave placement for Email Security here:

• Forrester names Microsoft a Leader in the 2021 Enterprise Email Security Wave
  https://www.microsoft.com/security/blog/2021/05/06/forrester-names-microsoft-a-leader-in-the-2021-enterprise-email-security-wave/

Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise (BEC)—a damaging form of phishing designed to gain access to critical business information or extract money through email-based fraud.

We’ve published an article that goes over all the vectors in which we protection customers and the tools we & customers can used to further this effort.

Amongst all cybercrime, phishing attacks continue to be the most prevalent today. With over 90 percent of attacks coming via email, it’s important that every organization has a plan to prevent these threats from reaching users.

One such threat that has been making waves recently is a class of phishing attacks called business email compromise (BEC). BEC is also proving to be one of the costliest flavors of attacks to organizations—the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) recorded almost 20,000 complaints of business email compromise in 2020 alone, with adjusted losses of over $1.8 billion according to their recent IC3 report. What’s more, BEC attacks continue to increase in scope and sophistication. No wonder then that business email compromise is a top concern for CISOs across the globe, especially in a climate where remote work and collaboration have increased significantly.

We at Microsoft share that concern. And that is why we’ve been working aggressively to protect customers by detecting and blocking such attacks through innovation in our products and by staying ahead of current and future threats through research. Additionally, through the Digital Crimes Unit at Microsoft, we have been working to disrupt and thwart such attack networks in partnership with law enforcement.

…

In the article, we cover:

• What is business email compromise?
• How are these attacks orchestrated?
• What is Microsoft doing to combat security threats
• Research powered by human intelligence and artificial intelligence
• How Microsoft fights cybercrime—Digital Crimes Unit
• Steps to take now to protect your organization
• Product innovation in Microsoft Defender for Office 365

Read the article here:

• BLOG: Business email compromise: How Microsoft is combating this costly threat
  https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-how-microsoft-is-combating-this-costly-threat/

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats.  We recently published a security conversation with ICS/OT authority, Chris Sistrunk:

In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in Mandiant’s ICS/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of supervisory control and data acquisition (SCADA) systems. In this blog, Chris shares best practices to help mitigate the security threats to operational technology (OT) environments.

In this blog, Chris Sistrunk answers questions such as:

• What tools do you use to monitor and govern your OT environment?
• What are some best practices for securing remote access to the OT network?
• What percentage of organizations are continuously monitoring their OT networks?
• How can teams break down IT and OT silos?
• What should roles and responsibilities look like?
• Should companies unify IT and OT security in the security operations center (SOC)?
• What would you say to a board of directors to get them to prioritize OT security?

Read the full discussion and blog here:

• Mitigate OT security threats with these best practices
  https://www.microsoft.com/security/blog/2021/05/18/mitigate-ot-security-threats-with-these-best-practices/

If you leverage RSS feeds and are interested in US Government & Public Sector news & announcements, the way to get notified of this is to subscribe to the following feeds.

If you’re a Microsoft Teams user, an easy way to wire this up is to simply start receiving RSS feeds in a Teams Channel. Simply select “Connectors” for a Teams channel and search for RSS. 

Setting the RSS feed should be self explanatory.  Set RSS feed, identify the rate of refresh, and the name of the RSS feed for viewers, and everyone on the channel will receive notifications in the channel whenever there are new posts identified on the schedule you set:

The State & Local Government/Public Sector RSS feeds that I know of from Microsoft are as follows:

• Microsoft Public Sector
  https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=8914833594477496387&board=PublicSectorBlog&label=&messages=&size=10
• Microsoft in US Public Sector
  https://techcommunity.microsoft.com/plugins/custom/microsoft/o365/custom-blog-rss?tid=8914833594477496387&board=PublicSectorBlog&label=&messages=&size=10
• Microsoft in US Government
  https://cloudblogs.microsoft.com/industry-blog/microsoft-in-business/government/feed/

Microsoft has one of the largest implementations of SAP in the world.  As such, we’ve created & made available a preview of Microsoft-developed security monitoring solution specifically for SAP, called “SAP Threat Monitoring” leveraging our Azure Sentinel security incident & event management solution.

As one of the leading solution providers for applications that manage business processes, SAP is the custodian for massive amounts of sensitive data in many of the biggest organizations in the world.

Since these applications are business-critical, an SAP security breach can be catastrophic. Yet, protecting SAP applications is uniquely challenging. These systems are growing in complexity as organizations expand them beyond base capabilities. They are vulnerable not only to outside attacks, but also insider threats. What’s more, their complex nature means that threats can emerge across multiple modules, making cross-correlation especially important.

It has been traditionally very difficult for security operations (SecOps) teams to effectively monitor them due to the unique nature of the SAP ecosystems and the expertise they require. We set out to meet this challenge with the new SAP threat monitoring solution for Azure Sentinel. Now in public preview, the solution provides continuous threat detection and analytics for SAP systems deployed on Azure, in other clouds, or on-premises. Now, SecOps teams can use Azure Sentinel’s visibility, threat detection, and investigation tools to protect their SAP systems and cross-correlate across their entire organization.

…

Read more

• BETA: Protecting SAP applications with the new Azure Sentinel SAP threat monitoring solution (Preview)
  https://www.microsoft.com/security/blog/2021/05/19/protecting-sap-applications-with-the-new-azure-sentinel-sap-threat-monitoring-solution/

Forrester just announced that “Microsoft Cloud App Security” is a tremendous leader in their evaluation of Cloud Security Gateways.

I am thrilled to share that Forrester Research has named Microsoft Cloud App Security as a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021. Additionally, Microsoft received the highest score in the strategy category.

People have increasingly used cloud apps to stay productive and connected during this challenging period. Organizations have accelerated the migration to the cloud to address their evolving needs. While the adoption of cloud apps offers a simple and cost-effective solution, it can also lead to a rise in shadow IT and creates an urgency to address new security and compliance requirements.

Our continued innovation in Microsoft Cloud App Security is focused on helping you gain visibility of your cloud apps, discover shadow IT, protect sensitive information anywhere in the cloud, enable protection against cyber threats, assess compliance, and manage security posture across clouds. We are honored to be recognized as a leader in this Forrester Wave for Cloud Security Gateways based on the strength of our security solution and strategy.

…

Read more at the announcement blog:

• Forrester names Microsoft a Leader in The Forrester Wave™: Cloud Security Gateways, Q2 2021
  https://www.microsoft.com/security/blog/2021/05/19/forrester-names-microsoft-a-leader-in-the-forrester-wave-cloud-security-gateways-q2-2021/

With so many people working remotely, it is a good time to review guidance on deploying security updates to remote devices, such as desktops, laptops, and tablets. Here are some resources to answer questions pertaining to deploying updates to remote devices.

• Part 1: Helping businesses rapidly set up to work securely from personal PCs and mobiles
• Part 2: Helping IT send & provision business PCs at home to work securely during COVID-19
• Part 3: Manage work devices at home during Covid-19 using Configuration Manager
• Part 4: Managing remote machines with cloud management gateway (CMG)
• Part 5: Managing Patch Tuesday with Configuration Manager in a remote work world

See also: Mastering​Configuration Manager Bandwidth limitations for VPN connected Clients

The Security Update Guide is our recommended resource for security update information. You can customize your views and create affected software spreadsheets, as well as download data via a RESTful API. As a reminder, the Security Update Guide has now formally replaced traditional security bulletin webpages.

See following useful links:

• Get a summary of the latest security updates
• Get security update information through the API
• Visit the Security Update Guide support forum
• Read the Security Update Guide FAQ

For the entire list of published Security Advisories, visit the Security Advisory Archive page. To learn about security vulnerabilities that Microsoft discovered in third-party products, visit the Microsoft Vulnerability Research Advisories page.

Best practices on managing cyber-risks and protecting your information in today’s work-from-home world

Internal bad actors are always a possibility and external ones are assured—what types of monitoring and testing processes and FinTech tools are appropriate to detect and stop these types of threats?

In this webinar, delivered by Microsoft security experts at Compliance Week’s Cyber-Risk & Dara Privacy Summit, you will learn:

• How Microsoft looks at cybercrime through the Digital Defense Report
• Cybercrime issues and considerations in the current remote environment
• How Microsoft solutions can help with internal and external protection across the threat kill chain
• Actionable learnings of what you can do today to mitigate internal and external threats

Visit this website to register:

• WEBINAR: Managing Internal vs. External Threats
  https://info.microsoft.com/en-us-ondemand-ManagingInternalvsExternalThreats-none.html

Keep up with the evolving compliance and risk landscape

As the pace of digital transformation accelerates, organizations face greater security risks associated with data, users, devices, and applications. More than half of risk management decision-makers say IT and cybersecurity risks are their biggest concern (1). It’s critical today for IT professionals to have the knowledge and tools to effectively assess potential threats and key challenges to safeguarding the organization.

Many organizations are trying to meet compliance requirements, and figuring out where to start and what to implement can be overwhelming. In this webinar, learn how you can use Microsoft Compliance Manager to help you prioritize and take risk-informed actions to manage compliance.

Explore:

• The benefits of implementing a solution to help you meet organizational compliance requirements.
• Recommendations and use cases to help you manage data and compliance risks
• How Microsoft Compliance Manager can support you throughout your compliance journey.

(1) Source: Gartner (Risk management market landscape web survey)

• Simplify compliance and reduce risk with Microsoft Compliance Manager
  https://mktoevents.com/Microsoft+Event/231892/157-GQE-382?wt.mc_id=AID3027723_QSG_EML_500857

Check out our new, free Microsoft Learn module focused on managing Windows Updates!  If you’re not familiar with the full end to end process such as:

• understanding update rings
• enrolling in feature releases
• managing cloud-based driver updates
• configuring Microsoft Endpoint Manager or Group Policy for deferral periods
• setting compliance deadlines
• optimizing downloads & managing bandwidth
• enabling power management to wake systems for updates
• managing when to restart
• controlling self-updating
• etc.

…check out this module.  It’s not long and it’s VERY informative for those wanting to make sure they aren’t missing something in their Windows Servicing strategy.

By the end of this module you will be able to:

• Describe the tools you can use to update Windows devices
• Manage quality, feature, and driver updates for Windows devices
• Manage the post-deployment experience for updates

View the module here:

• MICROSOFT LEARN: Manage Windows updates in the cloud
  https://docs.microsoft.com/en-us/learn/modules/m365-windows-manage-cloud-device-updates/