Time
6 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back submarines to the M s 3 65 Security Administration course.
00:05
I'm your senator Jim Daniels.
00:07
We're still on Model Three and Mystery 60 Foul threat protection, Threat management.
00:13
And we're gonna cover threat investigation and response
00:17
in this lesson. We're going to go over attacks Simulator.
00:21
We're going to look at automated investigation in response,
00:25
and we're going to look at as our sentinel as a scene
00:31
attacks simulator. Unless you run realistic attacks in areas within your organization,
00:35
you actually get to fish and attack your own users. This helps identify and find vulnerable users
00:43
before a real attack occurs.
00:46
So to get a tax simulator, you have to have the other 3 65 80 p
00:50
playing to his Allah cart
00:52
or is included in the Enterprise and building Security. Five. Sleep
00:57
as well as the M s. 3 65. 5. Sweet.
01:00
The texting letter has four million taxi condone.
01:03
They are spear fishing
01:06
with a credential harvest euro spearfishing with an attachment,
01:11
pastor of spray, same password against multiple accounts and brute force. What actually does a dictionary attack of multiple passwords against multiple accounts
01:22
for the spear phishing attack
01:23
you can use Microsoft template where you can create your own.
01:26
I always advise when you first get started with this.
01:30
Use the Microsoft template
01:33
kind of get used to do a small test group of users, preferably I T. Users
01:38
kind of see how it functions and then customize your own 10 place moving forward.
01:42
Each business will have their own unique points
01:47
that will draw their own users into click
01:51
town of the year. You may have something for tax return. You have something for an election may have something for Christmas.
01:57
Use this template or create your own.
02:00
H e mail is used to create the template body,
02:04
and you do have some variables. User name someone. So for if there's a whole,
02:08
um, template compendium,
02:10
when the Microsoft Support site, where you can get a list of all of the variables you can, including your template
02:15
custom landing page after credential, harvest or attachment open can be specified to direct
02:22
to your security program
02:23
what that means
02:24
when your user close and then there no link
02:27
you can actually take them to the page. When your security awareness program says, Hey,
02:31
I want to brush up
02:34
in these email safety tips.
02:37
You actually have reports. Assistance included success rate, average click time and the list of those compromised users that they went
02:45
all the way if they just click doing it
02:46
or if they went all the way and actually input their credentials.
02:51
Password attacks.
02:52
So passport spray is one passport attempted when any number of accounts
02:57
Dictionary attack is multiple passwords. Want any number of accounts
03:00
Passwords to attempt can be entered manually or for dictionary attacks. You can use the text file
03:07
depending on what kind of in this I sack.
03:12
Yeah,
03:13
security group. You may be part off. There's usually a yearly
03:17
most part of a passport list. You can take that as its X file, and you can actually
03:23
go against your users to see if that is one of their passwords
03:29
for the text file to be applauded for a password attempt,
03:32
it's one password per line.
03:35
The text file has to be less than 10 Meghan size
03:38
and less than 3000 passwords.
03:43
Users were N F. A. Enable will show a failed attempt. Even if the attack said password was successful,
03:50
this is intended and it just reinforces MF A. Because even If you know the users password, you still don't gain access to their account because you don't have that second factor of authentication. So be aware of that
04:03
air.
04:04
Whenever you say air, we hear the word air.
04:08
This is what I think of
04:10
Michael Jeffrey Jordan
04:12
Air Jordan,
04:14
the greatest basketball players of all time.
04:17
And
04:19
so in security.
04:23
We're actually looking at Automated investigation in response and, 03 65 Air
04:29
air capabilities include automated investigation processes in response to a well known threats that exist today.
04:35
In addition of this, it also has remediation actions that await your approval,
04:41
enabling your security up seen to respond to threats.
04:46
The process of air within 3 65 as an alert is triggered,
04:51
applicable security playbooks start.
04:55
It's intelligent because depending on the alert
04:57
is with playbook
04:59
will be turning.
05:00
In this situation, automated investigation can begin.
05:03
Remediation actions are recommended. The security team reviews as recommended actions, approves them or
05:11
rejects. Um,
05:13
all activities are tracked and can be viewed in these security and compliance center.
05:18
Here's an example of the air automated investigations and 03 65
05:24
for this. On the left hand side, this is the list of investigation at ease. So if you want to go directly into the investigation, you just click one the I D. And I'll take you up to the detail page when the very right you have filters
05:38
where you can say the investigation type. If you want a zap malware,
05:43
click on that and you will only see those their filters that you can do based on that, as well as the investigation status. If it's running, if it's starting, if it's pending an action, if it needs a sock team to come in and actually approve
05:58
in action,
05:59
you can filter based on that.
06:00
All right.
06:02
Do you know
06:03
the licensing levels that we talked about for attacks Simulator? Which license is the minimum needed for taxing the letter?
06:12
03 65 80 pp. One
06:15
in a fraud, stability and security E three Sweet
06:17
M s 3. 65 5 Sweet
06:20
office 3 65 e three
06:23
or sequel server 2014.
06:27
So you should just be able to eliminate Dean
06:30
Annie
06:31
so that will use a B and C.
06:35
Which one do you think ISS
06:38
correct? Answer is C. M s 3 65 85.
06:43
Remember, it's the 03 65. 80 p two,
06:47
which is included in the M S 3 65 Responsibly, as well as the enterprising building Security He five. Sweet
06:56
Azure Sentinel is a cloud Native Security information and Event manager Seen platform that uses bill in a. I
07:03
to help analyze large volumes of data across the Enterprise. Sentinel Iron Gates data from many sources, including users, applications,
07:13
servers and devices running on premise or in the cloud
07:16
an enclosed building connectors for on boarding of Popular Security solutions.
07:21
Collect data from any source
07:24
with support for open standard formats like CEF and sits along,
07:29
it allows you cling data at cloud skill
07:31
across all users devices, applications and infrastructure. One. Print and in multiple clouds
07:36
detect previously uncovered threats and minimize false positives. I use the analytics.
07:43
You can investigate threats with AI and hunt suspicious activities of skill.
07:47
You can even respond to incidents rapidly with bill in orchestration and automation of common tasks.
07:56
To recap. Today's lesson Attacks simulator runs realistic tax scenarios in your organization.
08:01
Automated investigation response capabilities include
08:05
automating investigation processes in response to well known threats that exist today
08:11
as your Sentinel is a cloud Native
08:13
Security information and Event manager platform that uses Bill in AI to help analyze large volumes of data across an organization.
08:22
Thank you so much for joining me for this lesson. I have to see for the next one take care.

Up Next

MS-500: Microsoft 365 Security Administration

The Microsoft 365 Security Administration course is designed to prepare students to take and pass the MS-500 certification exam. The course covers the four domains of the exam, providing students with the knowledge and skills they need to earn their credential.

Instructed By

Instructor Profile Image
Jim Daniels
IT Architect
Instructor