Blue Security
Subscribed: 45Played: 745
Subscribe
© Andy Jaw & Adam Brewer
Description
A podcast for information security defenders (blue team) on best practices, tools, and implementation for enterprise security.
208 Episodes
Reverse
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Entra Suite, a new package from Microsoft that includes various Entra products and solutions. They provide an overview of each component, including Entra Private Access, Entra Internet Access, Entra ID Governance, Entra ID Protection, and Entra Verified ID. They highlight the benefits and use cases of each component and discuss the pricing options. They also emphasize the importance of using open standards and collaboration in the identity space.
----------------------------------------------------
YouTube Video Link: https://youtu.be/9zlC8NmBEp8
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-suite-now-generally-available/ba-p/2520427
https://learn.microsoft.com/en-us/entra/global-secure-access/concept-private-access
https://learn.microsoft.com/en-us/entra/global-secure-access/concept-internet-access
https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview
https://learn.microsoft.com/en-us/entra/id-governance/licensing-fundamentals
https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection
https://learn.microsoft.com/en-us/entra/verified-id/decentralized-identifier-overview
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss various resources and methods for getting training and learning about Microsoft and other technology solutions. They cover topics such as official documentation, certification tracks, Ninja training, Microsoft Mechanics, the Tech Community, customer connection programs, building a personal lab, and the importance of having a supportive network.
Takeaways
- learn.microsoft.com is the official documentation and training resource for Microsoft products and solutions.
- Microsoft offers certification tracks for various roles and technologies, and free training is available for these certifications.
- Ninja training provides deep dives and technical content on security, compliance, and other Microsoft products.
- Microsoft Mechanics is a YouTube channel and podcast that offers bite-sized videos on various Microsoft technologies.
- Building a personal lab using virtualization software or cloud services is a great way to gain hands-on experience.
- Having a supportive network of coworkers and friends who are curious and willing to share experiences can greatly enhance learning and professional growth.
----------------------------------------------------
YouTube Video Link: https://youtu.be/5cgUfci9M9c
----------------------------------------------------
Documentation:
https://rodtrent.substack.com/p/all-the-microsoft-ninja-training
https://www.youtube.com/@MSFTMechanics
https://www.youtube.com/@MicrosoftSecurity
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/bg-p/MicrosoftSecurityandCompliance
https://aka.ms/joinccp
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss several cybersecurity news stories. They cover the hack of the Trump campaign's emails by Iranian hackers, the breach of the National Public Data records, and Microsoft's new requirement for admins to enable multi-factor authentication (MFA). They also touch on the importance of data privacy and the need for companies to be responsible stewards of consumer data.
Takeaways
-Iranian hackers targeted the Trump campaign's emails in an attempt to influence the US presidential election.
-The breach of the National Public Data records compromised personal information for billions of individuals, highlighting the need for stronger data privacy regulations.
-Microsoft is enforcing the use of multi-factor authentication (MFA) for admins to enhance security and reduce the risk of account takeovers.
-Companies should prioritize data security and be responsible stewards of consumer data, minimizing data collection and protecting it from unauthorized access.
----------------------------------------------------
YouTube Video Link: https://youtu.be/xFPPyec6GJQ
----------------------------------------------------
Documentation:
https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
https://npd.pentester.com/search
https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft's Defender for Storage, a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage. They highlight the three major impacts on data workloads: malicious file uploads, sensitive data exfiltration, and data corruption. The solution offers activity monitoring, malware scanning, and sensitive data threat detection. They also mention the pricing model, the integration with Microsoft Purview, and the ease of deployment using Azure Policy and Logic Apps.
Takeaways
-Defender for Storage is a cloud-native security solution for Azure Blob Storage, Azure Files, and Azure Data Lake Storage.
-The solution protects against malicious file uploads, sensitive data exfiltration, and data corruption.
-It offers activity monitoring, malware scanning, and sensitive data threat detection.
-Integration with Microsoft Purview allows for seamless inheritance of sensitivity settings.
-Deployment can be done through the Azure portal, Azure Policy, or infrastructure as code using the REST API.
-Logic Apps can be used to automate responses and streamline security operations.
-A pre-purchase plan is available for Defender for Cloud workloads, offering programmatic discounts and predictable billing.
----------------------------------------------------
YouTube Video Link: https://youtu.be/_DNCcy4V5Uo
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
LinkedIn: https://www.linkedin.com/company/bluesecpod
YouTube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss new features and updates in Intune, including autopilot for existing devices, Intune enrollment attestation, and mobile application management (MAM). They explain how autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence. They also highlight the importance of monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards.
Takeaways
- Autopilot for existing devices allows organizations to enroll on-premise joined devices into autopilot using config man and a task sequence.
- Monitoring device enrollments and implementing security measures such as requiring a pin for app access and blocking third-party keyboards are important for protecting corporate data.
-Intune enrollment attestation stores the MDM ID in the TPM of the device, preventing attacks that export the MDM device to attack other devices.
-Mobile application management (MAM) is a lightweight way to protect corporate data on unmanaged devices, and it can be used in conjunction with MDM on managed devices.
-MAM capabilities are now available for Windows 365 and AVD clients on Windows, iOS, PadOS, and Android clients, allowing for more secure access to corporate data.
----------------------------------------------------
YouTube Video Link: https://youtu.be/R8GYUQjr7ds
----------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-upcoming-changes-for-deploying-windows-autopilot-for/ba-p/4181554
https://learn.microsoft.com/en-us/autopilot/existing-devices
https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-attestation#resources
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/mam-preview-for-windows-365-and-azure-virtual-desktop/ba-p/4171051
https://learn.microsoft.com/en-us/mem/intune/protect/mobile-threat-defense
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender CSPM (Cloud Security Posture Management). They explain that CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations. They highlight the key capabilities of CSPM, including automation, monitoring and managing IaaS, SaaS, and PaaS platforms, and ensuring regulatory compliance. They also introduce Defender CSPM, a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security. They mention the inclusion of Entra Permissions Management and external attack surface management in Defender CSPM. They emphasize the value of Defender CSPM for regulatory compliance and the ease of reporting on security posture against specific standards.
Takeaways
-CSPM is the process of monitoring cloud-based systems and infrastructure for risks and misconfigurations.
-Defender CSPM is a paid subscription service that offers additional features such as agentless scanning, container vulnerability assessments, and DevOps security.
-Defender CSPM includes Entra Permissions Management and external attack surface management.
-Defender CSPM is valuable for regulatory compliance and provides ease of reporting on security posture against specific standards.
----------------------------------------------------
YouTube Video Link: https://youtu.be/lqvWnxyQqVs
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction
https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction#protect-cloud-workloads
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-devops-environment-posture-management-overview
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode of the Blue Security Podcast, Andy and Adam discuss the aftermath of the CrowdStrike failed software update. They express empathy for those impacted by the incident and discuss the importance of collaboration in the cybersecurity industry. They also explore the need for transparency from security vendors and the potential impact on cybersecurity teams and funding. The conversation touches on the level of access that security solutions have and the need for a balanced approach. They emphasize the importance of having an incident response plan and implementing deployment rings for security updates.
----------------------------------------------------
YouTube Video Link: https://youtu.be/_ajB1t89VrQ
----------------------------------------------------
Documentation:
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://www.linkedin.com/posts/racheltobac_lets-get-actionable-criminals-will-attempt-activity-7220134391350538240-8ZNN/
https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Summary
In this episode, Andy and Adam discuss a blog post titled 'Cybersecurity is Full' that challenges the hype around cybersecurity careers. They explore the saturation of the field, the value of certifications and conferences, the optional nature of cybersecurity in organizations, and the stress and challenges of the industry. They emphasize the importance of having a strong foundation in technology before pursuing a career in cybersecurity and the need for organizations to prioritize cybersecurity as an enabler for their business. They also highlight the ongoing need for cybersecurity professionals and the rewarding nature of the field.
Takeaways
-Cybersecurity careers have been hyped up in recent years, leading to a saturation of the field, especially at the entry level.
-Certification programs and conferences in cybersecurity can be expensive and may not always provide quality content or training.
-The optional nature of cybersecurity in organizations means that it can be cut when budgets are tight, but there is a minimum level of investment required.
-A strong foundation in technology and a basic understanding of concepts like TCP/IP and DNS are essential before pursuing a career in cybersecurity.
-Cybersecurity professionals need to be persuasive and able to sell the value of cybersecurity to their organizations.
-The cybersecurity industry is still growing, and professionals have the opportunity to make a difference and protect against malicious threat actors.
----------------------------------------------------
YouTube Video Link: https://youtu.be/B0roPpJKKpU
----------------------------------------------------
Documentation:
https://cyberisfull.com/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss Defender for Servers, a cloud security solution offered by Microsoft. They explain that Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers. They discuss the different plans available, including Plan 1 and Plan 2, which offer varying levels of endpoint protection and vulnerability management. They also highlight the inclusion of Cloud Security Posture Management (CSPM) in both plans. The hosts emphasize the vendor-agnostic nature of Defender for Servers, which can be used in AWS, GCP, and on-premises environments.
Takeaways
-Defender for Servers is part of the larger Defender for Cloud umbrella and is designed to protect cloud infrastructure, specifically servers.
-There are two plans available for Defender for Servers: Plan 1 and Plan 2. Plan 1 offers endpoint protection, while Plan 2 includes additional features such as XDR, EDR, and regulatory compliance capabilities.
-Both Plan 1 and Plan 2 include Cloud Security Posture Management (CSPM), which provides security recommendations and secure score assessments.
-Defender for Servers is vendor-agnostic and can be used in AWS, GCP, and on-premises environments. It is available for both Windows and Linux VMs.
-Defender for Servers is priced on a consumption-based model, allowing customers to pay only for what they use.
----------------------------------------------------
YouTube Video Link: https://youtu.be/-jG2BFPS45o
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-select-plan
https://learn.microsoft.com/en-us/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers
https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss recommended settings for Exchange Online Protection (EOP) and Microsoft Defender for Office (MDO). They explain that EOP is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection. They also highlight the importance of the secure by default feature in EOP and the use of admin submissions to report false positives and false negatives. They caution against using methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies, as these can bypass important security measures. They emphasize the need for organizations to regularly review and clean up their EOP policies to ensure effective email security.
Takeaways
-Exchange Online Protection (EOP) is the core security for M365 subscriptions, providing anti-malware, anti-spam, and anti-phishing protection.
-The secure by default feature in EOP ensures that high-confidence phishing and malware emails are blocked, regardless of any overrides or exceptions.
-Admin submissions should be used to report false positives and false negatives, allowing Microsoft to review and improve filtering rules.
-Methods like Outlook safe senders, IP allow listing, and allowed senders list within anti-spam policies can bypass important security measures and should be avoided.
-Regularly reviewing and cleaning up EOP policies is essential to maintain effective email security.
----------------------------------------------------
YouTube Video Link: https://youtu.be/guRhC1yVJYI
----------------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide
https://learn.microsoft.com/en-us/defender-office-365/secure-by-default
https://learn.microsoft.com/en-us/defender-office-365/advanced-delivery-policy-configure#use-the-microsoft-defender-portal-to-configure-third-party-phishing-simulations-in-the-advanced-delivery-policy
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss three cybersecurity news stories. They talk about a small town in Massachusetts that lost over $445,000 in an email scam, the Biden administration's ban on Kaspersky antivirus software, and a cyber attack on Crown Equipment, a forklift manufacturer. The main takeaways from the conversation are the importance of cybersecurity training, the need for secure remote access methods, and the impact of employee satisfaction on cybersecurity.
Takeaways
-Cybersecurity training is crucial to prevent email scams and social engineering attacks.
-Secure remote access methods should be deployed and unauthorized remote access software should be blocked.
-Employee satisfaction and trust in the company can reduce the risk of insider threats.
-Small organizations and state and local governments are vulnerable to cyber attacks and should prioritize cybersecurity measures.
----------------------------------------------------
YouTube Video Link: https://youtu.be/YdTo2kej4VQ
----------------------------------------------------
Documentation:
https://www.cybercaptcha.com/news/small-massachusetts-town-scammed-out-of-445000-in-shocking-email-hack/
https://www.bleepingcomputer.com/news/security/biden-bans-kaspersky-antivirus-software-in-us-over-security-concerns/
https://oicts.bis.gov/kaspersky/
https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss three main topics: the unauthorized user access at Snowflake, the cybersecurity issue at Finley Automotive Group, and the cyber threats surrounding the upcoming Olympics in Paris. They highlight the importance of implementing strong security controls like multi-factor authentication and regular credential rotation. They also emphasize the need for organizations to assess their data storage practices and only retain necessary customer information. The hosts discuss the challenges faced by auto dealerships in securing their outdated systems and the potential risks associated with cyber threats during major events like the Olympics.
Takeaways
-Implement strong security controls like multi-factor authentication and regular credential rotation to protect against unauthorized access.
-Assess data storage practices and only retain necessary customer information to minimize the risk of exposure in the event of a cyber attack.
-Auto dealerships face challenges in securing their outdated systems and should prioritize updating their technology infrastructure.
-Major events like the Olympics are attractive targets for cyber threats, and organizations should be vigilant in detecting and mitigating potential risks.
-Collaboration between security organizations and threat intelligence providers is crucial in monitoring and addressing cyber threats.
----------------------------------------------------
YouTube Video Link: https://youtu.be/IuVBExmLsvg
----------------------------------------------------
Documentation:
https://thehackernews.com/2024/06/snowflake-breach-exposes-165-customers.html?utm_source=tldrinfosec&m=1
https://www.reviewjournal.com/business/source-findlay-operations-nearly-idled-losses-mount-from-cyberattack-suit-filed-3069083/
https://blogs.microsoft.com/on-the-issues/2024/06/02/russia-cyber-bots-disinformation-2024-paris-olympics/
https://www.recordedfuture.com/hurdling-over-hazards-multifaceted-threats-to-the-2024-paris-olympics
----------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
----------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the updates and clarifications made by Microsoft regarding the security concerns surrounding the Recall feature on Copilot Plus PCs. They highlight the changes, such as the option to proactively enable Recall during the out-of-box experience, the requirement of Windows Hello enrollment and proof of presence for accessing Recall, and the additional layers of protection, including just-in-time decryption and encrypted search index database. They also delve into the concept of Windows Hello Enhanced Sign-In Security and its benefits. The conversation emphasizes the importance of user choice and the balance between privacy and productivity.
Takeaways
-Microsoft has addressed the security concerns surrounding the Recall feature on Copilot Plus PCs by providing updates and clarifications.
-The Recall feature will be turned off by default during the out-of-box experience, giving users the choice to enable it proactively.
-Windows Hello enrollment and proof of presence are required to access Recall, ensuring authentication and physical presence.
-Additional layers of protection, such as just-in-time decryption and encrypted search index database, have been implemented to enhance security.
-Windows Hello Enhanced Sign-In Security provides an additional level of security to biometric data by leveraging specialized hardware and software components.
-The balance between privacy and productivity is important, and Microsoft allows users to choose whether to enable Recall and provides options for filtering and managing snapshots.
----------------------------------------------------
YouTube Video Link: https://youtu.be/PJhMStnm-SE
-----------------------------------------------------------
Documentation:
https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
The conversation covers three primary themes: Ticketmaster data breach, Slack's data scraping, and Windows Recall feature. The Ticketmaster breach is discussed in detail, highlighting the stolen data, phishing risks, and the importance of password management. The conversation then shifts to Slack's data scraping controversy, addressing concerns about privacy and opt-in policies. Finally, the Windows Recall feature is explored, focusing on its local processing, privacy controls, and security implications.
Takeaways
-Data breaches pose significant risks, emphasizing the importance of password management and vigilance against phishing scams.
-Privacy concerns arise from data scraping practices, highlighting the need for transparent opt-in policies and user control.
-The Windows Recall feature offers advanced search capabilities but raises security considerations, emphasizing the importance of local processing and privacy controls.
----------------------------------------------------
YouTube Video Link: https://youtu.be/V9eR7lRck7k
-----------------------------------------------------------
Documentation:
https://www.cbsnews.com/news/ticketmaster-breach-what-to-know-about-protecting-your-data-cbs-news-explains/
https://www.securityweek.com/user-outcry-as-slack-scrapes-customer-data-for-ai-model-training/
https://www.windowscentral.com/software-apps/windows-11/windows-recall-faq-everything-you-need-to-know
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss the security and privacy announcements from Microsoft Build. They cover topics such as AI content safety, Copilot capabilities, security enhancements in Microsoft Edge, and new Windows security features. They also touch on the deprecation of NTLM and the introduction of Copilot Plus PCs with Qualcomm's new dev kit for Windows. Overall, the episode highlights the advancements in security and innovation in the Windows ecosystem.
Takeaways
-Microsoft announced new security and privacy features at Microsoft Build
-AI content safety enhancements were introduced to protect AI applications
-Copilot capabilities were expanded to provide information and context from knowledge in documents and files
-Microsoft Edge for Business received improvements in defense against data leaks and vulnerabilities
-New Windows security features were announced, including virtualization-based security, personal data encryption, and attestation
-NTLM deprecation is planned for the second half of 2024
-Copilot Plus PCs with Qualcomm's new dev kit offer enhanced performance and battery life
-The Windows ecosystem is experiencing a paradigm shift with innovation and competition
----------------------------------------------------
YouTube Video Link: https://youtu.be/zhn_t9X3ATQ
-----------------------------------------------------------
Documentation:
https://news.microsoft.com/build-2024-book-of-news/
https://blogs.windows.com/windowsdeveloper/2024/05/21/unlock-a-new-era-of-innovation-with-windows-copilot-runtime-and-copilot-pcs/
https://www.microsoft.com/en-us/security/blog/2024/05/20/new-windows-11-features-strengthen-security-to-address-evolving-cyberthreat-landscape/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss Microsoft Entra Private Access and Endpoint Privilege Management. Entra Private Access is a modern secure edge solution that allows remote users to access on-premise applications in a micro-segmented manner. It enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users. Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without giving them complete local admin access. It also supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
Takeaways
-Microsoft Entra Private Access is a modern secure edge solution for remote users to access on-premise applications in a micro-segmented manner.
-Entra Private Access enables granular app segmentation, MFA, and privileged access to domain controllers for on-premise users.
-Endpoint Privilege Management, part of the Intune Suite, allows administrators to set policies for standard users to perform privileged actions without complete local admin access.
-Endpoint Privilege Management now supports approved elevations, where users can request support approval for elevated permissions directly from the application context menu.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ye3s2SNhqao
-----------------------------------------------------------
Documentation:
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-private-access-for-on-prem-users/ba-p/3905450
https://techcommunity.microsoft.com/t5/microsoft-intune-blog/endpoint-privilege-management-adds-support-approved-elevations/ba-p/4101196
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube:
https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode of the Blue Security Podcast, Andy and Adam discuss two important topics: Microsoft's pledge for greater transparency in identifying and determining root causes for security vulnerabilities, and the increasing sophistication of USB malware attacks in industrial organizations. They provide insights into Microsoft's Secure Future Initiative and the importance of security in the OT and IoT networks. They also offer practical tips for strengthening USB security and data exfiltration prevention.
Takeaways
-Microsoft is pledging greater transparency in identifying and determining root causes for security vulnerabilities in their products and services.
-The Secure Future Initiative aims to transform software development, implement new identity protections, and improve transparency and vulnerability responses.
-USB malware attacks in industrial organizations are increasing in sophistication, with attackers using USB devices to establish silent residency in industrial control systems.
-Organizations should strengthen USB security by blocking or allowing USB devices based on an allow list, scanning USB devices for malicious processes or files, and implementing attack surface reduction rules.
-Data exfiltration prevention is crucial, and organizations should consider implementing full disk encryption, data loss prevention (DLP) rules, and sensitivity labeling to protect sensitive data.
-Visibility and inventory of OT and IoT devices are essential for developing a security strategy, and solutions like Defender for IoT and OT can provide network-based security and inventory management.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/aveWb4fjOek
-----------------------------------------------------------
Documentation:
https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
https://www.honeywell.com/us/en/news/2024/04/cybersecurity-in-2024-usb-devices-continue-to-pose-major-threat
https://learn.microsoft.com/en-us/defender-endpoint/configure-real-time-protection-microsoft-defender-antivirus
https://learn.microsoft.com/en-us/defender-endpoint/attack-surface-reduction
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
The 17th annual Verizon Data Breach Investigation Report reveals key findings and trends in cybersecurity. The report highlights the increase in vulnerability exploitation for initial access, the continued prevalence of human error in breaches, the rise of pure extortion attacks, and the limited impact of generative AI in the cybersecurity landscape. Recommendations include implementing robust threat and vulnerability management programs, focusing on user education and data protection, and exploring the use of generative AI for defensive purposes. The report serves as a valuable resource for organizations looking to enhance their cybersecurity strategies.
Takeaways
-Vulnerability exploitation for initial access nearly tripled in 2023, highlighting the need for robust threat and vulnerability management programs.
-Human error remains a significant factor in most breaches, emphasizing the importance of user education and data protection measures.
-Pure extortion attacks are increasing, signaling a shift away from encryption ransomware as threat actors seek quicker and easier ways to profit.
-Generative AI has yet to make a significant impact in the cybersecurity landscape, but organizations should consider leveraging it for defensive purposes.
-The Verizon Data Breach Investigation Report provides valuable insights and recommendations for organizations looking to enhance their cybersecurity strategies.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/ajqbA9zPUbA
-----------------------------------------------------------
Documentation:
https://www.verizon.com/business/resources/reports/dbir/2024/summary-of-findings/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the growing threat of mobile device threats. They highlight the recent mass password reset and account lockout of Apple IDs and the potential for a mobile wormable event. They explore the conditions necessary for a mobile wormable attack, including the development of zero-click exploits, the abuse of contact lists for further spread, and the lack of clear mitigations from telecommunications and mobile device companies. They also discuss the limitations of lockdown mode and the importance of endpoint protection for mobile devices.
Takeaways
-Mobile devices have become ubiquitous in corporate environments and are vital for both security and operations.
-The conditions necessary for a mobile wormable attack are already in place, including the development of zero-click exploits and the abuse of contact lists for further spread.
-Lockdown mode and mobile threat detection (MTD) solutions can provide some risk mitigation for mobile devices, but they have limitations and limited visibility.
-Endpoint protection for mobile devices, including mobile device management (MDM) and MTD, should be part of an organization's risk mitigation strategy.
-Enterprises should consider implementing baseline security measures for mobile devices, such as a minimum six-digit passcode and keeping the operating system up to date.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/lxWveot8AF4
-----------------------------------------------------------
Documentation:
https://www.macrumors.com/2024/04/27/apple-id-accounts-logging-out-users/
https://go.recordedfuture.com/hubfs/reports/CTA-2024-0416.pdf
https://www.wired.com/story/apple-lockdown-mode-hands-on/
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
In this episode, Andy and Adam discuss the importance of VDI (Virtual Desktop Infrastructure) in security and enterprise architecture. They highlight the security benefits of VDI, such as separating end user environments from the underlying physical hardware, centralized management of baseline images and patches, and the ability to keep sensitive data in the data center. They also explore the shared responsibility model in cloud computing, where the cloud provider is responsible for the security of the infrastructure, but the end users are responsible for protecting their data and assets stored in the cloud.
Takeaways
-VDI provides security benefits by separating end user environments from the underlying physical hardware and centralizing management of baseline images and patches.
-The shared responsibility model in cloud computing means that while the cloud provider is responsible for the security of the infrastructure, the end users are responsible for protecting their data and assets stored in the cloud.
-Understanding the shared responsibility model is crucial for security practitioners to ensure they are defending their organization's data effectively.
-Minimizing the use of IaaS and on-premises models in favor of PaaS and SaaS models can reduce the organization's security responsibilities and provide better security.
-It's important to know what you're responsible for in terms of data protection and security when using cloud services.
-----------------------------------------------------------
YouTube Video Link: https://youtu.be/wdguHOGjs2Q
-----------------------------------------------------------
Documentation:
https://x.com/itguysocal/status/1769052129111707877?s=46&t=wVpJpdH7u2mDZZDEtx3bMg
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://aws.amazon.com/compliance/shared-responsibility-model/
https://cloud.google.com/architecture/framework/security/shared-responsibility-shared-fate
-----------------------------------------------------------
Contact Us:
Website: https://bluesecuritypod.com
Twitter: https://twitter.com/bluesecuritypod
Linkedin: https://www.linkedin.com/company/bluesecpod
Youtube: https://www.youtube.com/c/BlueSecurityPodcast
-----------------------------------------------------------
Andy Jaw
Twitter: https://twitter.com/ajawzero
LinkedIn: https://www.linkedin.com/in/andyjaw/
Email: andy@bluesecuritypod.com
-----------------------------------------------------------
Adam Brewer
Twitter: https://twitter.com/ajbrewer
LinkedIn: https://www.linkedin.com/in/adamjbrewer/
Email: adam@bluesecuritypod.com
Comments
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States