According to Varonis latest report 53% of companies had over 1000 sensitive files open to every employee. The possibility to lose or get these files exposed to external actor is getting high everyday. On the other hand IBM mentioned that the average cost of data breach worldwide is 3.9 Million US$. There is no doubt that we are living in the era of the data where hackers and malicious actors are trying to access. More and more companies are investing in different technologies to prevent data leakage or data loss, however this is very difficult nowadays with the cloud presence. Back in the old ..read more

As we are closing year 2019, I am sharing few thoughts and providing a quick summary on the latest NIST Zero Trust Architecture (ZTA) best practices. This is a quick good read for your vacation ahead of something we need to focus on in 2020. Zero Trust Architecture best practices is the new way of thinking especially for cloud first companies. This is the new security culture.   Introduction All companies nowadays are designing solutions and applications working and living on the cloud as the main back end, which is consumed by mobiles and remote roaming devices on the front end. While this fu ..read more

In my previous blog post, I highlighted the problem with Identity protection especially in our nowadays cloud and mobile environment. Protecting the identity is the main and first priority for security professionals. Dependence on passwords alone will not help. Moving to MFA is crucial because sometimes its the only protection available for your identity. In this post I am going to explain the new passwordless cloud authentication and how to enable Microsoft Azure Active directory passwordless option.   Why Passwordless Cloud Authentication? According to Verizon data breach report more than 80 ..read more

In this blog post, I am trying to share few tips on Microsoft 365 MFA policy and how to enable it using the new admin center. Microsoft 365 MFA policy is the evolution of the previous Microsoft Azure MFA and Office 365 MFA and its actually built on the same components. However, with the new admin center you have a more flexible and easy way of implementation.   Cloud / Business Shared Responsibility A lot of people or organizations believe we are safe if we are moving to the cloud, unfortunately this is not true, in addition several companies got breached on the cloud. Back to the fundamentals ..read more

Microsoft Defender ATP Indicators of Compromise IoC Most organizations don’t realize they are under attack until its too late. In fact, a recent study revealed that it can take more than 200 days to discover that you are compromised. In this blog post, I am going to help you understand how Microsoft Defender ATP Indicators of compromise IoC helps you detecting these attacks. Also how you can add custom IoCs and apply them on your machines. By the end of this blog post, you can enable and configure the Defender IoCs and protect your company.   Introduction to Indicators of Compromise IoC Indica ..read more

Office 365 SPF, DKIM and DMARC In this post we will be discussing how to protect your mail flow using Office 365 SPF DKIM and DMARC. These are mainly authentication protocols and mechanisms relying mainly on DNS to protect your mail from phishing and spoofing. Introduction The electronic email system is considered the main entry point for attacks on your domain or organization. Whether its a Microsoft Exchange on-premise server or Office 365 Software as a service, the same threat applies. Spoofing and Phishing attacks comes as the number one attack vector according to F5 report. Kaspersky also ..read more

In my previous article, I introduced Azure Sentinel basic configuration and different connector options as office 365. Another type of connector will be shown in this article which is the Palo Alto connector. This is one of the rich features of Azure Sentinel by having different connectors to Microsoft as well as another 3rd party solutions.   Why Palo Alto connector with Azure Sentinel Connector ? The power of any SIEM whether its traditional or cloud SIEM as Sentinel is to aggregate and collect logs from multiple different sources. On the other hand the Firewall device on the edge of your co ..read more

Microsoft Azure Sentinel is the latest SIEM offering based on the cloud power, artificial intelligence and Machine learning. In this article I will share the configuration of Azure Sentinel and how to add connectors from different platforms. For Instance connecting Office365 to Azure Sentinel. Why Azure Sentinel ? Microsoft Azure Sentinel is a modern SIEM (Security Information Event Management) solution based on cloud. Azure Sentinel can connect all your organizations assets whether on-premise or any cloud. In addition to that the built in AI and Machine learning capabilities deliver real accu ..read more

This article will explain Azure AIP and Palo Alto integration. Microsoft Azure AIP is very powerful tool , however many users are looking to stretch its features to Non-Microsoft applications. Therefore this article will deal with integration with Palo Alto Firewalls and i will follow up with other articles on different integrations with Azure AIP. Azure AIP Introduction Microsoft Azure AIP is the cloud based solution offering by Microsoft in the Information Rights Protection domain. Azure AIP solution is handling the whole document life cycle from initiation, classification, labeling, and mon ..read more

Introduction Windows 10 RDP black screen was recently reported by several Microsoft users on the internet on different forums. Microsoft Windows Server 2019 includes several new features especially for Hyper-V and the Security in general (another topic for discussion later) and I have been working intensively with it for the last few weeks. On the other side from the client side, the latest Windows 10 update had some problems and Microsoft rolled it back and re-released it again late 2018. I was hesitant to roll it back to my main working laptop until i run full testing and check the community ..read more