Searching for suspicious user in Azure Security Center

Last September during my presentation with Meir at Ignite, we talked about how powerful the new search capability in Azure Security Center is, the integration with Log Analytics gives you total control, and flexibility to find what you really need.  But how to really use this? First step is to read our core documentation regarding Search…


Validating Connectivity with Azure Security Center

Azure Security Center is now hybrid, which means that you can connect computers that are located on-premises, and also in other cloud platforms such as AWS. This onboarding process is well documented in this article. The agent installation is pretty straight forward, and this agent is the same one used for OMS Security, which has versions for Windows and…


Incident Response in Hybrid Cloud

I had a great time yesterday at Hacker Halted, my presentation was packed with great security professionals, great questions, and the networking was outstanding. My deck available here (in PDF format), and if you attended the session, make sure to connect with me via LinkedIn.


Ignite 2017 – Azure Security Center Domination!

I’ve been to all editions of Microsoft Ignite so far, 2015 in Chicago, 2016 in Atlanta, 2017 in Orlando, and I’ve never seen this level of excitement for Azure in general. Same applies to Azure Security Center, previous year was most likely: “What’s this Azure Security Center”, while this year was more like: “We are using Security…


Updates in Azure Security Center – September 2017 – Part 3

Here another wave of new features that were released today, this time in public preview, but fully documented below: Investigate Incidents and Alerts in Azure Security Center (Preview) Custom Alert Rules in Azure Security Center (Preview) Security Playbook in Azure Security Center (Preview) If you are planning to go to Ignite next week, here are…


Updates in Azure Security Center – September 2017 – Part 2

You thought we were done, didn’t you? Nope, it ain’t over yet, and here are the new articles that reflect new capabilities in Azure Security Center released today: Monitoring and processing security events Azure Security Center search Adaptive Application Controls in Azure Security Center (Preview) Partner and Solutions Integration in Azure Security Center That’s a…


Updates in Azure Security Center – September 2017

Today we are releasing a series of updates for Azure Security Center, and these updates are fully documented by our team. Make sure to check it out the articles that we just published: Onboarding to Azure Security Center Standard for enhanced security Data collection in Azure Security Center Threat Intelligence in Azure Security Center Monitoring…


Presentation at Ignite 2017 and New Book

This year I will be at Ignite working at the Azure Security Center booth, and I will also be speaking with my friend Meir Mendelovich about Azure Security Center. Our presentation is called: Respond quickly to threats with next-generation security operation, and investigation. If you are going to Ignite, make sure to stop by our presentation, we…


Azure Security Center – June Updates

I would like to share with you some updates that we had during this month in the Azure Security Center documentation, which directly reflect some changes in this service. The main changes are: Platform Migration: Beginning in early June 2017, Azure Security Center rolls out important changes to the way security data is collected and stored. These…


Mobile Application Management

Another great video from the Enterprise Mobility + Security Team, this one shows how to minimize the complexity of managing mobile capabilities both on-premises and in the cloud: