How can we help?
As the recent events of December 2020 has shown us all, cyber attacks and breaches can happen at any moment.
On Tuesday 9th February 2021, Managing Director, Federico Charosky and Senior Security Engineer, Ben Docherty discussed the latest threat analysis, IOCs and lessons learnt of one of the biggest and most complex cyber-attacks of all time; Solorigate (also referred to as SUNBURST by FireEye).
Event suited for; CISO/Sentinel Security Engineers & Professionals; Technical capability using Microsoft Ecosystem; Azure Sentinel, Microsoft 365 Defender and Azure Defender.
Event Schedule 12:00-13:30
Welcome from Federico Charosky, Managing Director – Quorum Cyber
- Analysing the Solorigate Security Breach
Microsoft Azure Sentinel – Live Demonstration with Ben Docherty, Senior Security Engineer at Quorum Cyber
- Intro and TI for monitoring
- Script read through
- Post-compromise – example trigger and pointing to further investigation
- What Supply Chain Attacks are and how to defend
Microsoft Defender XDR & Increasing Resilience
Q&A & Close
Is there an easy way to learn KQL?
Yes. Microsoft has made the KQL query course work free. There is a KQL course free on Pluralsight and also in the Microsoft Learn environment. Check it out here
There is also a Ninja Course for Azure Sentinel and Ninja Course for Defender both of which take you through how to improve, get updated and refresh your knowledge.
How effective have you found MS endpoint protection tools to be for organisations with mixed OSs (windows, mac and linux)?
There is a lot of confusion out there between EDR and XDR.
XDR is not a product. XDR is an ecosystem of capabilities. The idea is that your eXtending (hence the x) the coverage of what you are able to see in your organisation to every dimension possible. So your Microsoft Defender XDR environment, your ecosystem, is all the different products within it – you have Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security, Azure Defender (which is for protecting cloud workloads) – all these components pull together to form what is called Microsoft Defender XDR; the extended, detection and response capability.
In terms of how effective we have found it – it enables us to do OUR job really well. It provides the ability to have Defender for Endpoint (previously Defender ATP) running in all our Customers servers and endpoints regardless of the OS; whether Mac, Windows or Linux; and to have a unified view.
It can then extend, as well, to Identity (Azure AD, AD On-Prem), cloud workloads (everything running in Azure); it can actually extend to cloud workloads running in other clouds using Azure Arc. So, by extending the ability for you to view across the full spectrum and then using Sentinel to do the insights of; what is an incident, what assets are effected what entities are affected; and then drive that automation into, so you can go and enrich or react across that full spectrum, makes our job extremely effective.
From our perspective it is one of the most powerful products out there in the EDR and definitely in the XDR space.