Blog

UBS Forums – CISO Round Table – SOC Modernization

Looking forward to speaking and participating with esteemed CISOs in the community.

Please join us and register



Join me at NASSCOM DSCI AISS 2021

Organizations depending upon their maturity curve of their Cyber Security Journey would be interested in solutions like EDR and XDR. A lot of times these terms often creates a lot of myths and confusion.

I am happy to return to AISS 2021 and speaking on this important topic. Hope to you see you all.

Please register here




Threat Hunting on SQL Server with Azure Sentinel

For years Microsoft SQL Server has served as a backbone of critical applications for enterprises. Due to the nature of critical data stored on the SQL Server databases, it has always been a point of Interest for internal or external adversaries and one of the primary targets for exploitation.

 It is important to monitor all your SQL database instances and servers for any sign of threats.

Last week I posted a detailed blog post on Monitoring SQL Server with Azure Sentinel on Microsoft Azure Sentinel Official Blog. The blog talks about how to ingest logs from SQL Servers running on VMs, Parse the logs in readable format and then run various hunting queries and create alerts

You can read the detailed post here.

The Parser and hunting queries are also uploaded to Azure Sentinel Github repo.




Join me at Microsoft 360 Security Conclave

I’ll be speaking at Microsoft 360 Security Conclave on Integrated Cyber Threat Management last this week, we’ll talk about how modern cyber threats leveraging power of cloud to launch multi-staged attacks and how having an end to end visibility of the attack indicators across Identity, Endpoint, Apps and Infrastructure helps early detection and remediation.

If you are attending this event, please do stop by and say hi.

There are some other distinguished speakers lined up for you from Industry and Microsoft engineering.

See you there.

Iftekhar




Speaking at ET CIO virtual event.



My Session at Digital Governance Tech Summit 2019, New Delhi – Security Considerations for Moving to Cloud.

Digital tech

I’ll be speaking at Digital Governance Tech Summit 2019, New Delhi on

Security considerations while moving to the cloud” –  1615 Hrs, 27th August 2019


In this session, learn about various security considerations organizations to make while moving to cloud, shared responsibilities between cloud provider and end customers.

If you happen to be participating in this conference, please do stop by and say hi.

There are other great sessions in this conference presented by elite Microsoft speakers and other industry veterans like Keynote by Ananth Maheshwari, President Microsoft India and Amitabh Kant, CEO, Niti Aayog, Govt of India.

You can find the list of entire list of sessions and tracks here

I look forward to have some of you in the session and discuss more on your secure cloud journey.

Cheers

Iftekhar




Best Practices in configuring Office 365 Anti Phishing Policy

Office 365 Advanced Threat Protection enables additional layer of protection against malicious URLs, Malicious Attachments and Phishing campaigns.

In my previous posts we talked about these configurations, please click on the hyperlinks below to see those posts.

1. Best practices in configuring Office 365 Safe Attachments

2. Best Practices in configuring Office 365 Safe Links.

Today we’ll take a look at anti phishing policies which can be configured in Office 365 for protection against

  • 1. User Impersonation
  • 2. Domain Impersonation
  • 3. Domain Spoofing

User Impersonation : User Impersonation configuration allows organization to list down their top executives like CEO, CFO, Directors etc and any emails coming with the exact same display name and going to users will be quarantined/delivered to Junk as per the configuration.

Domain Impersonation : Domain Impersonation configuration protects against emails coming with similar typosquatted domains like yours. For eg. your organizations domain is Contoso.com and attackers may send emails after registering similar looking domains like Cont0so.com, Contoso-inc.com etc.

Domain Spoofing :  Domain spoofing configuration enables domain authentication like SPF, DKIM, DMARC to be enforced validating the origin of the emails as per the from address and block/quarantine/junk those emails which fails authentication.

I have created this video tutorial of Step by Step tutorial of the recommended configurations of Anti Phishing Policies in Office 365 Advanced Threat Protection.

Hope you like the videos, please do subscribe to the channel to be updated with future tutorials.

Cheers




Best Practices in configuring ATP Safe Link Policies in Office 365

One of the major attack vector used by threat actors are sending emails with malicious URLs. These emails without any malicious attachments usually has luring text which encourages users to click on a link to take any action and then take them to a Phishing URL or a webpage with malicious content.

For E.g. the email below, which looks like it has come from Microsoft to users and asking users to click on a URL which would lead to

Email

Office 365 Advanced Threat Protection enables Safe Link policy which protects users at the time of click by verifying the URL against threat intelligence for any phishing page or malicious content.

Please watch this video on how to configure Office 365 Safe Links with recommended configurations.

if you want to see a quick demo on how Office 365 Safe works, checkout the following video.

Cheers.




Best Practices in Configuring Office 365 ATP Safe Attachments

Security and End User Experience don’t often go hand in hand, the art is to find the right balance.

I often get asked how should I configure my Office 365 Advanced Threat Protection Safe Attachments policy to achieve maximum protection against modern day threats such as Zero Day Exploits, Macro Based trojans and other specially crafted malicious attachment.

In this video, we’ll go through some of the recommendations on configuring ATP Safe Attachment policy in Office 365.




Getting Spoofed emails delivered ? Common Office 365 Configuration Mistakes

In my previous post, we discussed how to detect Spoofed emails and build defenses against them.

If you were able to relate to some of these emails and you find them getting delivered to your user’s inbox, you may want to check some common misconfigurations on your Office 365 Tenant.

I have create this video to illustrate how these mistakes often open doors for these kind of emails to come in,

Do watch it and share your comments,