Holistic Approach to Enhance your Security Posture

This month the ISSA Journal released my article, which is called Holistic Approach to Enhance your Security Posture. In this article I cover some important capabilities that must be in place to enhance the overall security posture of your organization. This is a vendor neutral approach, that will give you the general considerations and rationale behind…


Failed to connect to mdsd error in a Linux machine monitored by Azure Security Center

Some customers are already monitoring Linux machines using Security Center for a quiet sometime, many of them just want to visualize security recommendations for Linux platform. Some Linux machines monitored by Security Center, may experience the error described in the title of this blog post, this error appears in the log as shown below: XXXX…


Unable to start Azure ATP Service

Take in consideration a scenario where you deployed Azure ATP, and after the service has worked for some time, one day the service Azure Advanced Threat Protection Sensor keeps on Starting, and after some time it quits (doesn’t show any status), it comes back to Starting, and keeps on this loop. If you go to…


Exploring Microsoft Antimalware Alert in Azure Security Center

Azure Security Center leverages Microsoft Antimalware engine to trigger antimalware related alerts such as the one shown below: While this alert brings awareness about the current threat status, which in this case it was remediated, sometimes you want to know more information about the threat itself (threat name, process, etc). You can use the Search…


Recap of Microsoft Inspire + Ready

Last week I had the opportunity to attend Microsoft Inspire and Ready in Las Vegas. It was great to meet Microsoft Partners at the Azure Security booth, where I was primarily demoing Azure Security Center. Below the top five questions that I received: 1) Where my customer can learn more about Azure Security Center and…


Enhance your Cybersecurity Posture to Handle Current Threats

Last January, Erdal Ozkaya and I released a new book called Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics. As part of the book’s promotion, we delivered a webinar to Packt about some of the topics that we cover in this book. Now you can watch the first 30…


Going beyond the signature with behavior analytics in Azure Security Center

One of the benefits of using Azure Security Center as your cloud workload protection is the capability to quickly detect threats in your environment based on known patterns. This is not only about matching signatures but going beyond that by understanding the common techniques used by threat actors. By using behavioral analytics, Security Center analyzes…


Detecting Suspicious PowerShell Activity in Azure Security Center

Adversaries may use PowerShell scripts as a defense evasion technique, or to establish persistence. The use of PowerShell to attack systems is not new, it was successfully leveraged in many different attack campaigns in the past, and it is still a growing trend. For this reason is important to follow some core principals to protect…


Detecting Persistence in Azure Security Center

According to Mitre Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), Persistence is “any access, action, or configuration change to a system that gives an adversary a persistent presence on that system”, which is a common technique used by adversaries to keep a communication channel open with the attacked resource. The use of Run and RunOnce registry…


Integrating Azure Function with Azure Security Center Playbook

The Playbook feature in Azure Security Center leverages Azure Logic Apps to create a comprehensive workflow that can be used to aggregate a set of procedures to be executed when a certain condition takes place. The demo that I presented at Ignite 2007 shows the integration with Slack, and how the Security Center alert can…