Microsoft open sources CodeQL queries used to hunt for Solorigate activity

Credit to Author: Eric Avena| Date: Thu, 25 Feb 2021 16:00:47 +0000

We are sharing the CodeQL queries that we used to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate so that other organizations may perform a similar analysis.

The post Microsoft open sources CodeQL queries used to hunt for Solorigate activity appeared first on Microsoft Security.

Read more

Advice for incident responders on recovery from systemic identity compromises

Credit to Author: Jenny Erie| Date: Mon, 21 Dec 2020 22:03:06 +0000

Customers across the globe are asking for guidance on recovering their infrastructure after being impacted by Solorigate. DART walks you through remediation steps as well as some longer term mitigations.

The post Advice for incident responders on recovery from systemic identity compromises appeared first on Microsoft Security.

Read more

Empower your analysts to reduce burnout in your security operations center

Credit to Author: Jim Flack| Date: Tue, 28 Jul 2020 17:30:26 +0000

Strategic use of automation and metrics can help you create a continuous learning culture that keeps your team engaged in the work

The post Empower your analysts to reduce burnout in your security operations center appeared first on Microsoft Security.

Read more

Hello open source security! Managing risk with software composition analysis

Credit to Author: Jim Flack| Date: Mon, 20 Jul 2020 20:00:35 +0000

Software composition analysis guides the selection and management of open source components to help you reduce your security risk.

The post Hello open source security! Managing risk with software composition analysis appeared first on Microsoft Security.

Read more

How to gain 24/7 detection and response coverage with Microsoft Defender ATP

Credit to Author: Jim Flack| Date: Wed, 06 May 2020 19:00:12 +0000

Security incidents don’t happen exclusively during business hours: attackers often wait until the late hours of the night to breach an environment.

The post How to gain 24/7 detection and response coverage with Microsoft Defender ATP appeared first on Microsoft Security.

Read more

Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2

Credit to Author: Jim Flack| Date: Tue, 05 May 2020 01:00:36 +0000

This blog wraps up the day in the life of a SOC analyst on the investigation team with insights on remediating incidents, post-incident cleanup, and impact of COVID-19 on the SOC. This is the sixth blog post in the series.

The post Lessons learned from the Microsoft SOC—Part 3c: A day in the life part 2 appeared first on Microsoft Security.

Read more

Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry

Credit to Author: Jim Flack| Date: Wed, 22 Apr 2020 19:00:52 +0000

By working with governments, trade organizations, and suppliers, the utility industry can improve security across the supply chain.

The post Defending the power grid against supply chain attacks: Part 3 – Risk management strategies for the utilities industry appeared first on Microsoft Security.

Read more