Open in app

Sign In

Write

Sign In

Derk van der Woude
Derk van der Woude

235 Followers

Home

About

5 days ago

Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment

Microsoft Defender EASM (External Attack Surface Management) is the Microsoft (one of the two products from the RiskIQ acquisition, the 2nd product is MDTI) pre-firewall CSPM (Cloud Security Posture Management) tool. The tool detects and classifies vulnerabilities of external (internet connected) resources like IP, domain, etc. MDEASM Setup The setup of Microsoft…

4 min read

Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment
Connect Microsoft Defender EASM to Microsoft Sentinel for Incident enrichment

4 min read


Feb 13

Azure IoT Security part II | Azure Sphere

The first part I describes the setup of the generic AZ3166 IoT device in Azure IoT services like the IoT Hub, agentless scanning features and the Microsoft Defender for IoT integration. The second part will go deeper into Azure Sphere MT3620 lab setup. …

5 min read

Azure IoT Security part II | Azure Sphere
Azure IoT Security part II | Azure Sphere

5 min read


Feb 9

Azure IoT Security basics

This blog is part of two series. The first part describes the Azure IoT security basics overview and the setup of a hardware IoT device lab with the MXCHIP AZ3166 IOT-DevKit. The second part will go deeper into Azure Sphere. I am not an expert in Azure IoT (yet) so…

4 min read

Azure IoT Security basics
Azure IoT Security basics

4 min read


Jan 18

The difference between IoT and OT from a Security perspective

Ps. this is my personal view on the difference between OT & IoT with black&white glasses on, there are of course grey areas but I don’t want to make it too complex. Let’s first set the scene from the ‘better’ known IT (Information Technology) Security perspective. A bad actor has…

5 min read

The difference between IoT and OT from a Security perspective
The difference between IoT and OT from a Security perspective

5 min read


Jan 13

Microsoft Defender and network devices (lab setup)

This blog is about setting up a lab environment for Microsoft Defender products which require network devices (switch). The following Microsoft Defender products are in-scope of this blog: Microsoft Defender for Endpoint Microsoft Defender for IoT (Enterprise IoT) I used a Cisco SG250 which is a 8-port managed switch with…

5 min read

Microsoft Defender and network devices (lab setup)
Microsoft Defender and network devices (lab setup)

5 min read


Dec 30, 2022

Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT

IoT (Internet of Things) devices are often unsecure by default (e.g. default admin username/password and/or not up-to-date software with vulnerabilties). Also these type of devices can be malicious (e.g. …

5 min read

Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT
Detect malicious Raspberry Pi or Arduino devices via MDE device discovery and Enterprise IoT

5 min read


Dec 2, 2022

Azure AD Identity Protection - Risky Workload alert e-mail notification

Let’s start with thanks and credits for the Azure AD Identity Protection product group for working closely together on the latest detection and remediation features. For our partner webinar Azure AD Identity Protection on Azure AD Workloads see https://www.youtube.com/watch?v=r_pPc6QhPlM In my previous blog Leaked credentials for Workload identities, I described…

5 min read

Azure AD Identity Protection - Risky Workload alert e-mail notification
Azure AD Identity Protection - Risky Workload alert e-mail notification

5 min read


Nov 23, 2022

Micosoft Defender Attack Paths

Attack paths, for example LPE (Local Privilege Escalation) and RCE (Remote Code Execution) are TTPs (Tactics, Techniques and Procedures) used by black hat (bad actors) and/or white hat (ethical hackers) to get access to the environment. Microsoft Defender for Identity [MDI; Active Directory] and Microsoft Defender for Cloud [MDA; Azure…

4 min read

Microsoft Defender Attack Paths
Microsoft Defender Attack Paths

4 min read


Aug 14, 2022

Introduction into Microsoft Defender EASM (External Attack Surface Management)

Microsoft Defender EASM (External Attack Surface Management) is a new product in the Microsoft Defender family to provide and external multi-cloud (SaaS, PaaS & IaaS/on-premises) view of the attack surface of the online (internet-exposed) assets (known and unknown). The following assets are available in Microsoft Defender EASM: Domains (e.g. contoso.org)…

5 min read

Introduction into Microsoft Defender EASM (External Attack Surface Management)
Introduction into Microsoft Defender EASM (External Attack Surface Management)

5 min read


Aug 2, 2022

Microsoft Entra Verified ID sample setup and deployment

Disclaimer: the source for this blog is MicrosoftDocs below but itis not complete (e.g. publish .json files to the internet) and contains some errors. Tutorial - Issue Microsoft Entra Verified ID credentials from an application - Microsoft Entra In this tutorial, you run a sample application from your local computer that connects to your Azure Active Directory…docs.microsoft.com There is an error in de Rules JSON in the MicrosoftDocs, you can find the solution in my comment below from S-3-C-U-R-1-T-Y https://github.com/MicrosoftDocs/azure-docs/issues/96603 The MicrosoftDocs will be updated…

7 min read

Microsoft Entra Verified ID sample setup and deployment
Microsoft Entra Verified ID sample setup and deployment

7 min read

Derk van der Woude

Derk van der Woude

235 Followers

Chief Technology Officer @ Nedscaper

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech