Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
welcome back submarines to the M s 3 65 Security Administration course.
00:06
I'm your surgeon, Daniels
00:08
and then this. Listen, we're going to start Model three
00:11
in mystery 65 Threat, protection,
00:14
security and unnecessary 60 follow and we're gonna learn about modern threats.
00:20
So we're going to go over different components of the modern threat landscape
00:24
how that has evolved over the years. We're also going to look at security strategy principles for years, cybersecurity framework to detect and respond to threats.
00:37
This is one of my favorite quotes from Bill Gates.
00:40
Life is not fair. Get used to it.
00:43
Just
00:44
do you so
00:45
don't really know while to decide in here. Oh, than it's one of my favorite quotes.
00:50
Whenever we get a new high or new employees or even, you know, my kids when they complain about itself,
00:56
this is it. Me, like Bill Gates, Life isn't fair.
01:00
Used to it.
01:02
Same thing applies with cybersecurity. Sometimes what happens? It isn't fair. We just got to roll with the punches.
01:07
A threat vendor
01:08
is a path or means a hacker which is an actor
01:12
from gain access to a target target is anything of value.
01:18
So here in the kill chain scenario, we have your attacker
01:23
orbs my own, the inside
01:25
abridged on account.
01:26
Elevate the privilege,
01:29
exfiltrate the data and then deleted
01:32
the threat landscape of the modern workplace.
01:36
Over the years, especially the last two decades,
01:40
expectations
01:41
in the office have really changed.
01:42
Um, you an office worker 20 years ago, maybe used to talk writer, maybe used a fax machine.
01:49
Now you have all of this technology email.
01:53
You have encrypted messages. Do you have teams? Instant messages. You have all of this stuff, regulations, data compliance, considerations that you didn't have as much 20 years ago.
02:05
So I must control. Do you really have
02:07
on premise
02:08
you have the perimeter protection? We talked about that previous. Looks like a movie
02:13
around your castle.
02:15
You control what isn't one your premises network, what someone Your environment you have control over
02:21
when you go out to manage global environment.
02:23
That's where switches to identity device management.
02:28
We talked about conditional access policies. Things of that nature
02:30
past that it's unknowns, unregulated.
02:34
We don't know this hybrid data. The new normal is hard to protect
02:38
because we don't know it changes in an evolving so quickly. So let's take a look at some of those threats that were actually facing in today's workplace. A lot of these will be a review for you. However we're gonna cover him anyway. To make for were all on the same page, especially asked. Vernacular goes.
02:57
That was one of my words of the day vernacular,
03:00
so I just kind of threw that in there for extra personal bonus points. Fishing
03:06
technique used to retreat information of value
03:09
by use or relative time
03:12
For one group of bad actors, it could be one thing for another group. It could be totally different.
03:17
Spearfishing is a type of attack
03:21
that's directed at specific individuals.
03:23
So you targeted phishing emails, usually containing branding eurozone. The surface look very legitimate,
03:30
but look here in the screen shot
03:32
Microsoft accounting, Campbell said. Outlook dot com
03:37
Security change This is a phishing email,
03:39
so fishing
03:42
I see as very similar to the old marketing technique of spray and pray.
03:46
It's a numbers game, right? It's a percentage game.
03:50
If you send that email this picture to enough people,
03:53
you're going to get somebody to click on it,
03:57
spoofing
03:58
some of my favorite spoofs, starting out live Mel Brooks
04:02
comedic spoofs. This sense of the word
04:05
is a technique that forgers and email letter, so it appears to have been sent from a trusted source.
04:13
An email address contains two center addresses.
04:16
The mail from
04:18
is used by sent in the mail servers who identified a center
04:21
shown as the return path
04:25
and also the from is displayed
04:28
as the form address by the middle client.
04:30
Shown in the email header asked from when someone spoofs they're actually changing the 53 22 dot from
04:39
they're changing that address
04:42
as cybersecurity professionals.
04:44
We will get a return path if it doesn't match
04:46
the mail from and the from Don't match,
04:49
then something is suspicious.
04:51
Now where is the overarching name for applications and other code? My software
04:58
that Microsoft classifies more granular oy as malicious software or on one of the software
05:03
you can cause a lot of home and a lot of headache
05:06
Soft received as an email
05:09
as an attachment or in a better link, Email
05:13
is the preferred delivery mechanism for malware.
05:16
It's been that way for quite some years now.
05:19
I can't breach
05:21
is when the user's account is compromised
05:24
such a, it could be used by an attacker to access resources.
05:28
Count. Credentials are a high value target.
05:30
N F A is a top recommended mitigation method.
05:34
If you have enough. A it's 99.9% less likely to be compromised.
05:41
If you are ever in a situation to where you want to implement in F A and you have arguments against it,
05:46
that's assistant speaks for itself.
05:48
It stops identity compromised attacks
05:53
1% against password cracking attempts
05:56
by enabling directory controls against most of all fell Dogan attempts.
06:00
Take a lockout.
06:01
You can do that prim and out of directories you not to do it in the cloud for the cloud managed accounts.
06:06
Elevation of privilege. In this scenario, Attackers compromised one account and is now working to increase the power.
06:15
If the administrators share the same machine and the machine gets compromised, it becomes easy for the attacker to figure out how to log onto the share machine
06:24
and run a credential harvesting tool.
06:27
It's recommended to use MF a special with admin accounts or ones that access sensitive content
06:33
data. Extra traction. You see me from house as data and data, quite frankly, I don't have a clue when the proper pronunciation. So I go back and forth to satisfy both thoughts of opinion data. Exfiltration,
06:47
data exfiltration. See, I just did it right. There is the unauthorized retrieval of data from a computer or a service
06:56
protecting your service from account breaches. An elevation and privileges will be your first step in protecting your data.
07:02
Some of the ways you can protect against data exfiltration
07:06
access control with a C. L's
07:09
external sharing policies,
07:11
least privileged access
07:13
that a classification schemes and deal P data loss prevention.
07:17
All of these souls should be used because it is a defense and depth. It's a layer of furch
07:24
when attacker delish heard at a usual in a way to make recovery difficult.
07:29
Ransomware is a very of this attack
07:31
where the attacker compromises the network, encrypts the data and demands a payment to get the decryption key
07:38
data spillage.
07:40
Kevin's famous chili
07:42
you've ever watched the office.
07:44
You know, Kevin's famous chili was so proud of it. Hide up. This chili's amazing. Brings it into the office,
07:51
see what happen
07:54
He spilled everywhere.
07:55
It occurs when protected, that is transferred to a system that doesn't provide the same level of protection.
08:01
A. I P. As your information protection is effective at preventing exposure of data outside the tenant. It applies protection at the foul level. It travels with the foul, no matter where it is that
08:13
a few of the other attacks that are of no
08:16
password cracking. It's when attacker has acquired access from the application servers or data store that allows him to try meaning different password combinations.
08:26
Use this more password. Lock out for this. Use that threshold.
08:30
Use the can't walk out.
08:33
Malicious Insider
08:35
One of your approve users is performing elicit activities in your tenant.
08:39
Prevent this.
08:41
Ensure your accounts are secure privileges. Orwell managers and trends and your dad is well protected.
08:48
Quiz
08:50
and technique orders An email header so it appears
08:54
to have been sent from a trusted source is known as what?
08:56
Fishing
08:58
spoofing
09:00
data, exfiltration or malware? Which one do you think it is? The right answer is spoofing.
09:11
Remember spoofing. Think of deception. Think of deceiving
09:16
spoofing. It appears to have been sent,
09:20
so it is deceiving the user into believing the emails from somebody that is not from
09:26
Kevin McCallister had a plan for robbers, right? He had a plan.
09:30
He didn't just let them have free reign in the house.
09:33
He wanted to show them
09:37
that he was ready. He wanted to slow them down by any means necessary
09:41
by slowing them down
09:43
It Baltin time buying them time it allow the cops to respond and decrease the value of the robbery to the criminals.
09:52
All of these
09:54
were any means necessary whether it is a hot iron to the face,
09:58
whether it is a blow towards across your head, whether it is a torrential, a on your face or a BB gun through the pet door,
10:07
all of these slowed and hampered the robbers progress.
10:11
Where am I going with that?
10:13
One of your goals as a security professional
10:16
is to
10:18
ruined the Attackers. Internal investment.
10:22
If you increase the cost of attack,
10:24
it makes your environment less of looking for. It makes it less value when you interrupt their playbook Plan of attack
10:33
and couple that with agile incident, response and recovery.
10:37
Even automated response and recovery Attackers, costs of attack increases.
10:41
The goal
10:43
is to make the cost of attack greater than the return.
10:46
Have you ever heard the phrase the juice isn't worth the squeeze.
10:50
Apply this year.
10:52
You want to have different layers and different mechanisms
10:56
to stop
10:58
slow down.
10:58
Kingdom back a step, reduced their progress toe where they just give up.
11:03
They're going to go to the person as a open backdoor.
11:07
Attackers want something. They want something of value.
11:11
If you spend 10 hours of your day
11:15
where you make $50 an hour to get a sale that is worth $100
11:20
that wasn't a good investment of your time. Don't make it worth their time.
11:24
The M S 3 65 security center has various layers and various tools that you can apply within your environment to slow the hackers down to decrease their return on investment of the time. And the resource is they put into compromising your environment.
11:41
So, to recap this lesson now, where is often received an email as either an attachment, one embedded leak that goes to a malicious site or a foul
11:50
Protecting services from account breaches,
11:54
an elevation and privileges is the first step in protecting data.
11:58
Raising the cost of an attack reduces the likelihood if threat is materialized,
12:03
remember, make it difficult for them.
12:07
Thank you for joining me in this lesson.
12:09
Hope to see you back for the next one. Take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor