6 hours 59 minutes
welcome back submarines to the M s 3 65 Security Administration course.
I'm your surgeon, Daniels
and then this. Listen, we're going to start Model three
in mystery 65 Threat, protection,
security and unnecessary 60 follow and we're gonna learn about modern threats.
So we're going to go over different components of the modern threat landscape
how that has evolved over the years. We're also going to look at security strategy principles for years, cybersecurity framework to detect and respond to threats.
This is one of my favorite quotes from Bill Gates.
Life is not fair. Get used to it.
do you so
don't really know while to decide in here. Oh, than it's one of my favorite quotes.
Whenever we get a new high or new employees or even, you know, my kids when they complain about itself,
this is it. Me, like Bill Gates, Life isn't fair.
Used to it.
Same thing applies with cybersecurity. Sometimes what happens? It isn't fair. We just got to roll with the punches.
A threat vendor
is a path or means a hacker which is an actor
from gain access to a target target is anything of value.
So here in the kill chain scenario, we have your attacker
orbs my own, the inside
abridged on account.
Elevate the privilege,
exfiltrate the data and then deleted
the threat landscape of the modern workplace.
Over the years, especially the last two decades,
in the office have really changed.
Um, you an office worker 20 years ago, maybe used to talk writer, maybe used a fax machine.
Now you have all of this technology email.
You have encrypted messages. Do you have teams? Instant messages. You have all of this stuff, regulations, data compliance, considerations that you didn't have as much 20 years ago.
So I must control. Do you really have
you have the perimeter protection? We talked about that previous. Looks like a movie
around your castle.
You control what isn't one your premises network, what someone Your environment you have control over
when you go out to manage global environment.
That's where switches to identity device management.
We talked about conditional access policies. Things of that nature
past that it's unknowns, unregulated.
We don't know this hybrid data. The new normal is hard to protect
because we don't know it changes in an evolving so quickly. So let's take a look at some of those threats that were actually facing in today's workplace. A lot of these will be a review for you. However we're gonna cover him anyway. To make for were all on the same page, especially asked. Vernacular goes.
That was one of my words of the day vernacular,
so I just kind of threw that in there for extra personal bonus points. Fishing
technique used to retreat information of value
by use or relative time
For one group of bad actors, it could be one thing for another group. It could be totally different.
Spearfishing is a type of attack
that's directed at specific individuals.
So you targeted phishing emails, usually containing branding eurozone. The surface look very legitimate,
but look here in the screen shot
Microsoft accounting, Campbell said. Outlook dot com
Security change This is a phishing email,
I see as very similar to the old marketing technique of spray and pray.
It's a numbers game, right? It's a percentage game.
If you send that email this picture to enough people,
you're going to get somebody to click on it,
some of my favorite spoofs, starting out live Mel Brooks
comedic spoofs. This sense of the word
is a technique that forgers and email letter, so it appears to have been sent from a trusted source.
An email address contains two center addresses.
The mail from
is used by sent in the mail servers who identified a center
shown as the return path
and also the from is displayed
as the form address by the middle client.
Shown in the email header asked from when someone spoofs they're actually changing the 53 22 dot from
they're changing that address
as cybersecurity professionals.
We will get a return path if it doesn't match
the mail from and the from Don't match,
then something is suspicious.
Now where is the overarching name for applications and other code? My software
that Microsoft classifies more granular oy as malicious software or on one of the software
you can cause a lot of home and a lot of headache
Soft received as an email
as an attachment or in a better link, Email
is the preferred delivery mechanism for malware.
It's been that way for quite some years now.
I can't breach
is when the user's account is compromised
such a, it could be used by an attacker to access resources.
Count. Credentials are a high value target.
N F A is a top recommended mitigation method.
If you have enough. A it's 99.9% less likely to be compromised.
If you are ever in a situation to where you want to implement in F A and you have arguments against it,
that's assistant speaks for itself.
It stops identity compromised attacks
1% against password cracking attempts
by enabling directory controls against most of all fell Dogan attempts.
Take a lockout.
You can do that prim and out of directories you not to do it in the cloud for the cloud managed accounts.
Elevation of privilege. In this scenario, Attackers compromised one account and is now working to increase the power.
If the administrators share the same machine and the machine gets compromised, it becomes easy for the attacker to figure out how to log onto the share machine
and run a credential harvesting tool.
It's recommended to use MF a special with admin accounts or ones that access sensitive content
data. Extra traction. You see me from house as data and data, quite frankly, I don't have a clue when the proper pronunciation. So I go back and forth to satisfy both thoughts of opinion data. Exfiltration,
data exfiltration. See, I just did it right. There is the unauthorized retrieval of data from a computer or a service
protecting your service from account breaches. An elevation and privileges will be your first step in protecting your data.
Some of the ways you can protect against data exfiltration
access control with a C. L's
external sharing policies,
least privileged access
that a classification schemes and deal P data loss prevention.
All of these souls should be used because it is a defense and depth. It's a layer of furch
when attacker delish heard at a usual in a way to make recovery difficult.
Ransomware is a very of this attack
where the attacker compromises the network, encrypts the data and demands a payment to get the decryption key
Kevin's famous chili
you've ever watched the office.
You know, Kevin's famous chili was so proud of it. Hide up. This chili's amazing. Brings it into the office,
see what happen
He spilled everywhere.
It occurs when protected, that is transferred to a system that doesn't provide the same level of protection.
A. I P. As your information protection is effective at preventing exposure of data outside the tenant. It applies protection at the foul level. It travels with the foul, no matter where it is that
a few of the other attacks that are of no
password cracking. It's when attacker has acquired access from the application servers or data store that allows him to try meaning different password combinations.
Use this more password. Lock out for this. Use that threshold.
Use the can't walk out.
One of your approve users is performing elicit activities in your tenant.
Ensure your accounts are secure privileges. Orwell managers and trends and your dad is well protected.
and technique orders An email header so it appears
to have been sent from a trusted source is known as what?
data, exfiltration or malware? Which one do you think it is? The right answer is spoofing.
Remember spoofing. Think of deception. Think of deceiving
spoofing. It appears to have been sent,
so it is deceiving the user into believing the emails from somebody that is not from
Kevin McCallister had a plan for robbers, right? He had a plan.
He didn't just let them have free reign in the house.
He wanted to show them
that he was ready. He wanted to slow them down by any means necessary
by slowing them down
It Baltin time buying them time it allow the cops to respond and decrease the value of the robbery to the criminals.
All of these
were any means necessary whether it is a hot iron to the face,
whether it is a blow towards across your head, whether it is a torrential, a on your face or a BB gun through the pet door,
all of these slowed and hampered the robbers progress.
Where am I going with that?
One of your goals as a security professional
ruined the Attackers. Internal investment.
If you increase the cost of attack,
it makes your environment less of looking for. It makes it less value when you interrupt their playbook Plan of attack
and couple that with agile incident, response and recovery.
Even automated response and recovery Attackers, costs of attack increases.
is to make the cost of attack greater than the return.
Have you ever heard the phrase the juice isn't worth the squeeze.
Apply this year.
You want to have different layers and different mechanisms
Kingdom back a step, reduced their progress toe where they just give up.
They're going to go to the person as a open backdoor.
Attackers want something. They want something of value.
If you spend 10 hours of your day
where you make $50 an hour to get a sale that is worth $100
that wasn't a good investment of your time. Don't make it worth their time.
The M S 3 65 security center has various layers and various tools that you can apply within your environment to slow the hackers down to decrease their return on investment of the time. And the resource is they put into compromising your environment.
So, to recap this lesson now, where is often received an email as either an attachment, one embedded leak that goes to a malicious site or a foul
Protecting services from account breaches,
an elevation and privileges is the first step in protecting data.
Raising the cost of an attack reduces the likelihood if threat is materialized,
remember, make it difficult for them.
Thank you for joining me in this lesson.
Hope to see you back for the next one. Take care.