M365 Unified Security Portal - Top 5 Threats & Tools to Simplify Your Security Investigations With Joe Kuster - Catapult Systems
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
M365 Unified Security
Portal
Top 5 Threats & Tools to Simplify Your Security Investigations
With Joe Kuster
Housekeeping
• Interactive Q&A - please put questions in
chat window as we go
• Slides & recording will be sent out later
Joe Kuster
Director of Security &
Compliance Solutions
Catapult Systems
Today’s content is a live demo
beware the demo gremlins
Introducing Catapult
3
Transforming organizations for today’s modern world
Serving all 50 states, Canada and the Caribbean
Top .01% of
Microsoft Partners
3 Advanced Specializations
15 Gold Competencies
2 Silver Competencies
20,000+ projects
completed over 27 years
M365 Unified Security
Portal
Top 5 Threats & Tools to Simplify Your Security Investigations
With Joe Kuster
Security Signals are Distributed
5
Investigations get complex in a hurry
Unified Security Portal
6
https://Security.Microsoft.com
What about SIEM / SOARs?
Licenses?
8
• The licenses you have will determine what
features/functionality are available.
• M365 E5 includes everything and is what is
used in today’s demo
• If you need a license breakdown, ask for a
follow up call (it can get involved).
Onboarding Requirements
9
https://Security.Microsoft.com
• Data available will depend on what features you have deployed.
• Defender for Endpoint
• Settings > Endpoints > Onboarding
• Microsoft Endpoint Management / Intune
• Variable agent deploy process
• Azure AD Identity Protection – enable in cloud
• Defender for Office 365 – enable in cloud
• Cloud App Security – enable in cloud
• Defender for Identity – DC Sensors
Device Inventory
Top Threats & Tools
Data Leaks
1
Attack Simulation Lab
Ransomware/Malware
2 Phishing
Phishing Tests
3 Risky User Behavior Learning Hub
4 Vulnerabilities Secure Score
5 Threat Hunting (The kitchen sink)
Threat Intelligence
Web Content FilteringRansomware / Malware
Phishing
Vulnerabilities
User Risk
1. User connected to TOR (anonymous IP)
2. Hostile TOR node attacked and breached account with Password Spray
3. Successful login using credentials 24 hours laterThreat Hunting
Additional Tools
Device Inventory
Attack Simulation Lab
Q&A Joe Kuster Security & Compliance Solutions Director Catapult Systems Joe.Kuster@catapultsystems.com
M365 Security Assessment
20
Assess your Microsoft 365 Security Health.
M365 is a great step toward creating a modern workplace, but often the security
dashboards, options and settings within M365 can be overwhelming.
An award-winning security expert inspects your tools, enables security features you may
not realize you already own, and identifies those you should with a M365 assessment of
your security health.
What you get:
Discovery Phase: Enablement of select M365 tools
In-Person Briefing: A comprehensive review of your current security status, including any risky activities
detected
M365 Security Roadmap: Recommendations along with a timeline to help you prioritize actions to be taken
Security Assessments Findings Document: A full report that outlines the findings and relevance in easy to
understand language and recommendationsHow did we do? 21
Take our survey to let us know.
We appreciate your feedback!You can also read
