Threat Vector: Dumpster Diving
One man’s trash is another man’s breach. The term “dumpster diving” is used to refer to looking through discarded items from the organization to get additional information. A malicious actor does not necessarily have to go through a literal dumpster to find information discarded by the organization, but it is a good place to start. […]
Which Microsoft Security License Should I Get?
Spend 30 minutes deciding instead of months researching. Microsoft is delivering best-in-class cloud security products that are being held back by a very complex licensing system. Industry research organizations like Gartner stated this point explicitly in its most recent Magic Quadrant evaluation for endpoint protection platforms. CyberMSI routinely explains Microsoft licensing to its customers. In […]
Entities Recognized by Microsoft Sentinel and the Investigation Graph
Get more value out of your Microsoft Sentinel incidents with entities. Microsoft Sentinel has a limited set of entities that it will recognize while gathering information about a security incident. We discussed some of these entities in our blog about Alert Enrichment, but we did not get an opportunity to go over the recognized entities […]
Threat Vector: Network Scanning
Poor configuration could lead to malicious actors knowing your network better than your admins. Network scanning is an essential active reconnaissance tool used when looking for avenues to breach an organization. If network and security admins do not have a solid understanding of network scanning and how to reduce the impact of the scans, malicious […]
Change Management with Microsoft Sentinel
Stay on top of a SIEM that is constantly evolving. Microsoft Sentinel is constantly being updated by Microsoft security engineers. This is great for security analysts because they are constantly getting new features to work with. It is also good for admins, but the constant updates also create challenges because there is no formal change […]
Detecting Nobelium Activity with Microsoft Cloud Security Tools
Work with Microsoft and the community to prepare. The recent Nobelium email phishing campaign has been in the news a lot lately because of the threat that it poses to organizations world over. A single user clicking on the malicious link could result in a sophisticated breach where C2 servers take control of devices in […]
Threat Vector: Publicly Available Information
Information Posted Online Can Be a Stepping Stone for a Breach. As part of our commitment to staying on the forefront of cybersecurity, CyberMSI will be writing a series of threat vector blogs, starting with publicly available information. Posting too much information about your organization on the internet and social media can provide malicious actors […]
Common Causes for Ransomware Attacks
Learn from Past Incidents to Prepare for Future Ones. Ransomware has been a hot topic in the cybersecurity community for a while because it seems like everyone is getting hit. There are also massive consequences for getting hit, especially for industries that cannot afford to have operations interrupted for long. In this blog, we will […]
Custom Monitoring with Microsoft Sentinel Watchlists
Import Custom Data from Functionally Anywhere. Microsoft Sentinel users were recently given the option to insert their own data into Sentinel using Watchlists. This has opened a world of possibilities for security analysts and admins alike because they can include data that they have gathered from functionally any area they can think of to improve […]