Threat Management Plan Part 2: Threat Investigation and Response
6 hours 59 minutes
Welcome back submarines to the M s 3 65 Security Administration course.
I'm your senator Jim Daniels.
We're still on Model Three and Mystery 60 Foul threat protection, Threat management.
And we're gonna cover threat investigation and response
in this lesson. We're going to go over attacks Simulator.
We're going to look at automated investigation in response,
and we're going to look at as our sentinel as a scene
attacks simulator. Unless you run realistic attacks in areas within your organization,
you actually get to fish and attack your own users. This helps identify and find vulnerable users
before a real attack occurs.
So to get a tax simulator, you have to have the other 3 65 80 p
playing to his Allah cart
or is included in the Enterprise and building Security. Five. Sleep
as well as the M s. 3 65. 5. Sweet.
The texting letter has four million taxi condone.
They are spear fishing
with a credential harvest euro spearfishing with an attachment,
pastor of spray, same password against multiple accounts and brute force. What actually does a dictionary attack of multiple passwords against multiple accounts
for the spear phishing attack
you can use Microsoft template where you can create your own.
I always advise when you first get started with this.
Use the Microsoft template
kind of get used to do a small test group of users, preferably I T. Users
kind of see how it functions and then customize your own 10 place moving forward.
Each business will have their own unique points
that will draw their own users into click
town of the year. You may have something for tax return. You have something for an election may have something for Christmas.
Use this template or create your own.
H e mail is used to create the template body,
and you do have some variables. User name someone. So for if there's a whole,
um, template compendium,
when the Microsoft Support site, where you can get a list of all of the variables you can, including your template
custom landing page after credential, harvest or attachment open can be specified to direct
to your security program
what that means
when your user close and then there no link
you can actually take them to the page. When your security awareness program says, Hey,
I want to brush up
in these email safety tips.
You actually have reports. Assistance included success rate, average click time and the list of those compromised users that they went
all the way if they just click doing it
or if they went all the way and actually input their credentials.
So passport spray is one passport attempted when any number of accounts
Dictionary attack is multiple passwords. Want any number of accounts
Passwords to attempt can be entered manually or for dictionary attacks. You can use the text file
depending on what kind of in this I sack.
security group. You may be part off. There's usually a yearly
most part of a passport list. You can take that as its X file, and you can actually
go against your users to see if that is one of their passwords
for the text file to be applauded for a password attempt,
it's one password per line.
The text file has to be less than 10 Meghan size
and less than 3000 passwords.
Users were N F. A. Enable will show a failed attempt. Even if the attack said password was successful,
this is intended and it just reinforces MF A. Because even If you know the users password, you still don't gain access to their account because you don't have that second factor of authentication. So be aware of that
Whenever you say air, we hear the word air.
This is what I think of
Michael Jeffrey Jordan
the greatest basketball players of all time.
so in security.
We're actually looking at Automated investigation in response and, 03 65 Air
air capabilities include automated investigation processes in response to a well known threats that exist today.
In addition of this, it also has remediation actions that await your approval,
enabling your security up seen to respond to threats.
The process of air within 3 65 as an alert is triggered,
applicable security playbooks start.
It's intelligent because depending on the alert
is with playbook
will be turning.
In this situation, automated investigation can begin.
Remediation actions are recommended. The security team reviews as recommended actions, approves them or
all activities are tracked and can be viewed in these security and compliance center.
Here's an example of the air automated investigations and 03 65
for this. On the left hand side, this is the list of investigation at ease. So if you want to go directly into the investigation, you just click one the I D. And I'll take you up to the detail page when the very right you have filters
where you can say the investigation type. If you want a zap malware,
click on that and you will only see those their filters that you can do based on that, as well as the investigation status. If it's running, if it's starting, if it's pending an action, if it needs a sock team to come in and actually approve
you can filter based on that.
Do you know
the licensing levels that we talked about for attacks Simulator? Which license is the minimum needed for taxing the letter?
03 65 80 pp. One
in a fraud, stability and security E three Sweet
M s 3. 65 5 Sweet
office 3 65 e three
or sequel server 2014.
So you should just be able to eliminate Dean
so that will use a B and C.
Which one do you think ISS
correct? Answer is C. M s 3 65 85.
Remember, it's the 03 65. 80 p two,
which is included in the M S 3 65 Responsibly, as well as the enterprising building Security He five. Sweet
Azure Sentinel is a cloud Native Security information and Event manager Seen platform that uses bill in a. I
to help analyze large volumes of data across the Enterprise. Sentinel Iron Gates data from many sources, including users, applications,
servers and devices running on premise or in the cloud
an enclosed building connectors for on boarding of Popular Security solutions.
Collect data from any source
with support for open standard formats like CEF and sits along,
it allows you cling data at cloud skill
across all users devices, applications and infrastructure. One. Print and in multiple clouds
detect previously uncovered threats and minimize false positives. I use the analytics.
You can investigate threats with AI and hunt suspicious activities of skill.
You can even respond to incidents rapidly with bill in orchestration and automation of common tasks.
To recap. Today's lesson Attacks simulator runs realistic tax scenarios in your organization.
Automated investigation response capabilities include
automating investigation processes in response to well known threats that exist today
as your Sentinel is a cloud Native
Security information and Event manager platform that uses Bill in AI to help analyze large volumes of data across an organization.
Thank you so much for joining me for this lesson. I have to see for the next one take care.