Microsoft Defender Threat Intelligence (MDTI) is the TI solution from Microsoft (previous RiskIQ) to detect 0-day and pre-firewall threats…

Microsoft Defender EASM (External Attack Surface Management) is the Microsoft (one of the two products from the RiskIQ acquisition, the 2nd product is MDTI) pre-firewall CSPM (Cloud Security Posture Management) tool. The tool detects and classifies vulnerabilities of external (internet connected) resources like IP, domain, etc. MDEASM Setup The setup of Microsoft…

The first part I describes the setup of the generic AZ3166 IoT device in Azure IoT services like the IoT Hub, agentless scanning features and the Microsoft Defender for IoT integration. The second part will go deeper into Azure Sphere MT3620 lab setup. …

This blog is part of two series. The first part describes the Azure IoT security basics overview and the setup of a hardware IoT device lab with the MXCHIP AZ3166 IOT-DevKit. The second part will go deeper into Azure Sphere. I am not an expert in Azure IoT (yet) so…

Ps. this is my personal view on the difference between OT & IoT with black&white glasses on, there are of course grey areas but I don’t want to make it too complex. Let’s first set the scene from the ‘better’ known IT (Information Technology) Security perspective. A bad actor has…

This blog is about setting up a lab environment for Microsoft Defender products which require network devices (switch). The following Microsoft Defender products are in-scope of this blog: Microsoft Defender for Endpoint Microsoft Defender for IoT (Enterprise IoT) I used a Cisco SG250 which is a 8-port managed switch with…

IoT (Internet of Things) devices are often unsecure by default (e.g. default admin username/password and/or not up-to-date software with vulnerabilties). Also these type of devices can be malicious (e.g. …

Let’s start with thanks and credits for the Azure AD Identity Protection product group for working closely together on the latest detection and remediation features. For our partner webinar Azure AD Identity Protection on Azure AD Workloads see https://www.youtube.com/watch?v=r_pPc6QhPlM In my previous blog Leaked credentials for Workload identities, I described…

Attack paths, for example LPE (Local Privilege Escalation) and RCE (Remote Code Execution) are TTPs (Tactics, Techniques and Procedures) used by black hat (bad actors) and/or white hat (ethical hackers) to get access to the environment. Microsoft Defender for Identity [MDI; Active Directory] and Microsoft Defender for Cloud [MDA; Azure…