Blue Security
Subscribed: 50Played: 820
Subscribe
© Andy Jaw & Adam Brewer
Description
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
219 Episodes
Reverse
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the recent T-Mobile breach attributed to Chinese state-sponsored hackers, emphasizing the importance of parsing corporate statements. They delve into the implications of cybersecurity threats, referencing a Sophos report detailing a five-year cat-and-mouse game with Chinese attackers. The conversation shifts to the rise of the new social media platform, Bluesky, exploring its potential to attract users from Twitter and its unique features.
----------------------------------------------------
YouTube Video Link:
----------------------------------------------------
Documentation:
https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-peoples-republic-china-prc-targeting-commercial-telecommunications
https://www.sophos.com/en-us/content/pacific-rim
https://www.bbc.com/news/articles/c8dm0ljg4y6o
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Bluesky: https://bsky.app/profile/bluesecuritypod.com
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Bluesky: https://bsky.app/profile/ajawzero.com
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss the challenges and strategies for securing seasonal and contingent workers using a Zero Trust approach. They emphasize the importance of managed devices, the complexities of hybrid domain joins, and explore alternative solutions such as cloud-based services. The conversation also touches on the significance of security policies and the need for exceptions in certain scenarios, ultimately advocating for a balanced approach to cybersecurity that enables business productivity.
----------------------------------------------------
YouTube Video Link: https://youtu.be/RsR0XsFWDjQ
----------------------------------------------------
Documentation:
https://kanenarraway.com/posts/bpo-security-zero-trust/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss the critical steps involved in offboarding employees, particularly focusing on Microsoft 365 environments. They cover essential practices such as blocking user sign-ins, managing mailbox contents, device management, and ensuring data protection. The conversation emphasizes the importance of modernizing device management strategies and highlights best practices for handling sensitive information during the offboarding process. The hosts also touch on the role of super users in document management and the implications of Teams chat storage.
----------------------------------------------------
YouTube Video Link: https://youtu.be/NaFv6MjJgEI
----------------------------------------------------
Documentation:
https://practical365.com/checklist-for-terminating-employees-with-microsoft-365-accounts/
https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/remove-former-employee?view=o365-worldwide
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer discuss critical cybersecurity insights, focusing on Active Directory security techniques, the implications of recent incidents involving Microsoft Defender for Endpoint, and the introduction of passwordless solutions for Apple devices. They emphasize the importance of foundational knowledge in cybersecurity, the need for robust security practices, and the evolution of identity management solutions in enterprise environments.
----------------------------------------------------
YouTube Video Link: https://youtu.be/ySylj7V0AY8
----------------------------------------------------
Documentation:
https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/detecting-and-mitigating-active-directory-compromises
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-s-safe-deployment-practices/ba-p/4220342
https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss Microsoft's 2024 Digital Defense Report, which highlights the evolving cyber threat landscape, the rise of ransomware, identity attacks, and DDoS attacks. They emphasize the importance of centering organizations around security, the shift towards passwordless authentication, and the impact of AI on cybersecurity. The conversation provides actionable insights for organizations to enhance their security posture and adapt to the changing threat environment.
----------------------------------------------------
YouTube Video Link: https://youtu.be/o7X4dH55dto
----------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy Jaw and Adam Brewer discuss Microsoft's Secure Future Initiative (SFI), which emphasizes security by design, default, and operations. They explore the initiative's six key security pillars, the impact of recent cyber incidents, and the ongoing progress in enhancing security measures across Microsoft. The conversation highlights the importance of employee accountability, governance, and the implementation of new security protocols, including fish resistant credentials and improved monitoring systems. The hosts reflect on the challenges and changes brought about by SFI and its implications for the future of cybersecurity at Microsoft.
----------------------------------------------------
YouTube Video Link: https://youtu.be/zHX2FCO8FdY
----------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/security/blog/2024/09/23/securing-our-future-september-2024-progress-update-on-microsofts-secure-future-initiative-sfi/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the BlueScarity Podcast, hosts Andy Jaw and Adam Brewer discuss the evolution of password guidelines, focusing on the recent updates from NIST and Microsoft. They explore the implications of these changes, emphasizing the importance of understanding human behavior in password security and the need for organizations to adopt passwordless solutions. The conversation highlights practical steps for reducing reliance on passwords while enhancing security through user education and modern authentication methods.
----------------------------------------------------
YouTube Video Link: https://youtu.be/MJ_h6TzMyEU
----------------------------------------------------
Documentation:
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/06/Microsoft_Password_Guidance-1.pdf
https://learn.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwide
https://pages.nist.gov/800-63-4/sp800-63.html
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the critical topic of token theft in identity management. They discuss the importance of multi-factor authentication (MFA) as a primary defense against identity attacks, the nature of tokens, and how attackers exploit vulnerabilities to steal these tokens. The conversation highlights the introduction of token binding as a new protective measure, practical steps organizations can take to reduce the risk of token theft, and the significance of detecting and investigating potential attacks. The hosts emphasize the need for managed and compliant devices, user training, and the implementation of conditional access policies to enhance security.
----------------------------------------------------
YouTube Video Link: https://youtu.be/xPHqA7JzPkY
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/how-to-break-the-token-theft-cyber-attack-chain/ba-p/4062700
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer celebrate four years of podcasting, reflecting on their journey and the importance of providing actionable insights to their audience. They discuss the significance of education in technology, particularly in relation to Microsoft products and the recent deprecation of WSUS. The conversation also covers the implications of Apple's latest OS release and the challenges faced by enterprise users. Finally, they emphasize the need for resilience in technology and the importance of having backup plans in place.
----------------------------------------------------
YouTube Video Link: https://youtu.be/cIcE-hXtCNs
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, hosts Andy Jaw and Adam Brewer delve into the world of containers, exploring their functionality, differences from virtual machines, and the importance of securing them. They discuss key tools like Docker and Kubernetes, and introduce Microsoft's Defender for Containers as a solution for managing security in containerized environments. The conversation emphasizes the simplicity and efficiency of containers, while also addressing the shared responsibility of security in modern application development.
----------------------------------------------------
YouTube Video Link: https://youtu.be/zjhIC4IoxgE
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-introduction
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss the key findings from IBM's report on the costs of a data breach in 2024. They cover topics such as the increase in the cost of data breaches, the use of security AI and automation, the cyber skills shortage, the challenges of shadow data, and the importance of insider risk management. They also highlight the need for password protection, fish-resistant MFA, and data consolidation, as well as the benefits of using generative AI tools. The episode concludes with a reminder to not be afraid of AI and to embrace its potential to enhance productivity and efficiency.
----------------------------------------------------
YouTube Video Link: https://youtu.be/mbwJGjg7g0s
----------------------------------------------------
Documentation:
https://www.ibm.com/downloads/cas/1KZ3XE9D
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Entra Suite, a new package from Microsoft that includes various Entra products and solutions. They provide an overview of each component, including Entra Private Access, Entra Internet Access, Entra ID Governance, Entra ID Protection, and Entra Verified ID. They highlight the benefits and use cases of each component and discuss the pricing options. They also emphasize the importance of using open standards and collaboration in the identity space.
----------------------------------------------------
YouTube Video Link: https://youtu.be/9zlC8NmBEp8
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-suite-now-generally-available/ba-p/2520427
https://learn.microsoft.com/en-us/entra/global-secure-access/concept-private-access
https://learn.microsoft.com/en-us/entra/global-secure-access/concept-internet-access
https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview
https://learn.microsoft.com/en-us/entra/id-governance/licensing-fundamentals
https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection
https://learn.microsoft.com/en-us/entra/verified-id/decentralized-identifier-overview
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss various resources and methods for getting training and learning about Microsoft and other technology solutions. They cover topics such as official documentation, certification tracks, Ninja training, Microsoft Mechanics, the Tech Community, customer connection programs, building a personal lab, and the importance of having a supportive network.
Takeaways
- learn.microsoft.com is the official documentation and training resource for Microsoft products and solutions.
- Microsoft offers certification tracks for various roles and technologies, and free training is available for these certifications.
- Ninja training provides deep dives and technical content on security, compliance, and other Microsoft products.
- Microsoft Mechanics is a YouTube channel and podcast that offers bite-sized videos on various Microsoft technologies.
- Building a personal lab using virtualization software or cloud services is a great way to gain hands-on experience.
- Having a supportive network of coworkers and friends who are curious and willing to share experiences can greatly enhance learning and professional growth.
----------------------------------------------------
YouTube Video Link: https://youtu.be/5cgUfci9M9c
----------------------------------------------------
Documentation:
https://rodtrent.substack.com/p/all-the-microsoft-ninja-training
https://www.youtube.com/@MSFTMechanics
https://www.youtube.com/@MicrosoftSecurity
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/bg-p/MicrosoftSecurityandCompliance
https://aka.ms/joinccp
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss several cybersecurity news stories. They cover the hack of the Trump campaign's emails by Iranian hackers, the breach of the National Public Data records, and Microsoft's new requirement for admins to enable multi-factor authentication (MFA). They also touch on the importance of data privacy and the need for companies to be responsible stewards of consumer data.
Takeaways
-Iranian hackers targeted the Trump campaign's emails in an attempt to influence the US presidential election.
-The breach of the National Public Data records compromised personal information for billions of individuals, highlighting the need for stronger data privacy regulations.
-Microsoft is enforcing the use of multi-factor authentication (MFA) for admins to enhance security and reduce the risk of account takeovers.
-Companies should prioritize data security and be responsible stewards of consumer data, minimizing data collection and protecting it from unauthorized access.
----------------------------------------------------
YouTube Video Link: https://youtu.be/xFPPyec6GJQ
----------------------------------------------------
Documentation:
https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
https://npd.pentester.com/search
https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft's Defender for Storage, a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage. They highlight the three major impacts on data workloads: malicious file uploads, sensitive data exfiltration, and data corruption. The solution offers activity monitoring, malware scanning, and sensitive data threat detection. They also mention the pricing model, the integration with Microsoft Purview, and the ease of deployment using Azure Policy and Logic Apps.
Takeaways
-Defender for Storage is a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage.
-The solution protects against malicious file uploads, sensitive data exfiltration, and data corruption.
-It offers activity monitoring, malware scanning, and sensitive data threat detection.
-Integration with Microsoft Purview allows for seamless inheritance of sensitivity settings.
-Deployment can be done through the Azure portal, Azure Policy, or infrastructure as code using the REST API.
-Logic Apps can be used to automate responses and streamline security operations.
-A pre-purchase plan is available for Defender for Cloud workloads, offering programmatic discounts and predictable billing.
----------------------------------------------------
YouTube Video Link: https://youtu.be/_DNCcy4V5Uo
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss new features and updates in Intune, including autopilot for existing devices, Intune enrollment attestation, and mobile application management (MAM). They explain how autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. They also highlight the importance of monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards.
Takeaways
- Autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence.
- Monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards are important for protecting corporate data.
-Intune enrollment attestation stores the MDM ID in the TPM of the device, preventing attacks that export the MDM device to attack other devices.
-Mobile application management (MAM) is a lightweight way to protect corporate data on unmanaged devices, and it can be used in conjunction with MDM on managed devices.
-MAM capabilities are now available for Windows 365 and AVD clients on Windows, iOS, PadOS, and Android clients, allowing for more secure access to corporate data.
----------------------------------------------------
YouTube Video Link: https://youtu.be/R8GYUQjr7ds
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-upcoming-changes-for-deploying-windows-autopilot-for/ba-p/4181554
https://learn.microsoft.com/en-us/autopilot/existing-devices
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-attestation#resources
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/mam-preview-for-windows-365-and-azure-virtual-desktop/ba-p/4171051
https://learn.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender CSPM (Cloud Security Posture Management). They explain that CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations. They highlight the key capabilities of CSPM, including automation, monitoring and managing IaaS, SaaS, and PaaS platforms, and ensuring regulatory compliance. They also introduce Defender CSPM, a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security. They mention the inclusion of Entra Permissions Management and external attack surface management in Defender CSPM. They emphasize the value of Defender CSPM for regulatory compliance and the ease of reporting on security posture against specific standards.
Takeaways
-CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations.
-Defender CSPM is a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security.
-Defender CSPM includes Entra Permissions Management and external attack surface management.
-Defender CSPM is valuable for regulatory compliance and provides ease of reporting on security posture against specific standards.
----------------------------------------------------
YouTube Video Link: https://youtu.be/lqvWnxyQqVs
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction#protect-cloud-workloads
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-devops-environment-posture-management-overview
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss the aftermath of the CrowdStrike failed software update. They express empathy for those impacted by the incident and discuss the importance of collaboration in the cybersecurity industry. They also explore the need for transparency from security vendors and the potential impact on cybersecurity teams and funding. The conversation touches on the level of access that security solutions have and the need for a balanced approach. They emphasize the importance of having an incident response plan and implementing deployment rings for security updates.
----------------------------------------------------
YouTube Video Link: https://youtu.be/_ajB1t89VrQ
----------------------------------------------------
Documentation:
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://www.linkedin.com/posts/racheltobac_lets-get-actionable-criminals-will-attempt-activity-7220134391350538240-8ZNN/
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss a blog post titled 'Cybersecurity is Full' that challenges the hype around cybersecurity careers. They explore the saturation of the field, the value of certifications and conferences, the optional nature of cybersecurity in organizations, and the stress and challenges of the industry. They emphasize the importance of having a strong foundation in technology before pursuing a career in cybersecurity and the need for organizations to prioritize cybersecurity as an enabler for their business. They also highlight the ongoing need for cybersecurity professionals and the rewarding nature of the field.
Takeaways
-Cybersecurity careers have been hyped up in recent years, leading to a saturation of the field, especially at the entry level.
-Certification programs and conferences in cybersecurity can be expensive and may not always provide quality content or training.
-The optional nature of cybersecurity in organizations means that it can be cut when budgets are tight, but there is a minimum level of investment required.
-A strong foundation in technology and a basic understanding of concepts like TCP/IP and DNS are essential before pursuing a career in cybersecurity.
-Cybersecurity professionals need to be persuasive and able to sell the value of cybersecurity to their organizations.
-The cybersecurity industry is still growing, and professionals have the opportunity to make a difference and protect against malicious threat actors.
----------------------------------------------------
YouTube Video Link: https://youtu.be/B0roPpJKKpU
----------------------------------------------------
Documentation:
https://cyberisfull.com/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender for Servers, a cloud security solution offered by Microsoft. They explain that Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers. They discuss the different plans available, including Plan 1 and Plan 2, which offer varying levels of endpoint protection and vulnerability management. They also highlight the inclusion of Cloud Security Posture Management (CSPM) in both plans. The hosts emphasize the vendor-agnostic nature of Defender for Servers, which can be used in AWS, GCP, and on-premises environments.
Takeaways
-Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers.
-There are two plans available for Defender for Servers: Plan 1 and Plan 2. Plan 1 offers endpoint protection, while Plan 2 includes additional features such as XDR, EDR, and regulatory compliance capabilities.
-Both Plan 1 and Plan 2 include Cloud Security Posture Management (CSPM), which provides security recommendations and secure score assessments.
-Defender for Servers is vendor-agnostic and can be used in AWS, GCP, and on-premises environments. It is available for both Windows and Linux VMs.
-Defender for Servers is priced on a consumption-based model, allowing customers to pay only for what they use.
----------------------------------------------------
YouTube Video Link: https://youtu.be/-jG2BFPS45o
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan
https://learn.microsoft.com/en-us/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States