Link to English podcast

El podcast de seguridad de Azure  

Podcast bi-semanal dedicado a la seguridad, privacidad, cumplimiento e identidad de la nube Azure de Microsoft. Alojado por expertos en seguridad de Microsoft Gladys Rodriguez, David Sanchez, Marcelo di Iorio y Javier Soriano. Conoce al equipo.

  Listen on Spotify     Listen on Google Play Music  Listen on Amazon Podcasts 

  Episodio 30 - 28 de Mayo, 2024 ['Azure Security Podcast - Novedades del evento RSA!]

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud, Entra y Microsoft Defender XDR tras la conferencia de RSA. Ademas contamos con invitado especial Gustavo Gomez ( ) quien nos cuenta las buenas practicas acerca de la proteccion de datos y cumplimiento






Microsoft Sentinel
- SOC optimization esta en GA


Microsoft Identity
- Multi-tenant Orgs en GA
- Custom Authentication Extensions en GA
- Groups write-back from Entra ID to Active Directory en GA
- Quick Microsoft Entra Verified ID setup en GA
- Microsoft Entra ID Goveranance: Lifecycle workflows service limits en GA
- Passkeys in Microsoft Authenticator app en Public Preview
- Entitlement Management: assign Microsoft Entra roles en Public Preview
- Lifecycle workflows: support for mover workflows en Public Preview

Microsoft Defender for Cloud
- Defender for Containers is now generally available (GA) for AWS and GCP
- Risk prioritization is now the default experience in Defender for Cloud
- Defender for open-source relational databases updates
- Update to recommendations to align with Azure AI Services resources


Microsoft Defender XDR
- Microsoft Security Exposure Management is in Public Preview


Links

  Episodio 27 - 18 de Diciembre, 2023 ['Azure Security Podcast - Ignite y las novedades en Ciber Seguridad']





Microsoft Sentinel
- Unified Security Operations
- Attack disruption extended to SAP
- SOC optimization
- Enrichment widgets


Microsoft Identity
- MS Entra @Ignite
- What's new In Microsoft Entra
- Conditional Access: Token protection (preview)
- Automated ServiceNow Ticket Creation with Microsoft Entra Entitlement Management Integration - Tutorial: Automated ServiceNow Ticket Creation with Microsoft Entra Entitlement Management Integration

Microsoft Defender for Cloud
- Agentless container posture for AWS in Defender for Containers and Defender CSPM (Preview)
- Defender for DevOps is part of Defender CSPM and is GA now
- Microsoft Entra Permissions Management is integrated with Defender CSPM in MDC (Preview)
- Defender for Cloud is enabled with Security CoPilot (Private Preview)
- Defender for Cloud is integrated with Service Now ITSM (Public Preview)
- Defender for API is GA

Microsoft Defender XDR
- Microsoft 365 Defender is Defender XDR
- Defender for Cloud alerts are integrated with Defender XDR

Microsoft Security
- Announcing Microsoft Secure Future Initiative to advance security engineering
- Strengthening identity protection in the face of highly sophisticated attacks

Links

  Episodio 26 - 15 de Octubre, 2023 ['Azure Security Podcast - Ultimas novedades despues de un largo paron']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud, Entra y Microsoft 365 Defender




Microsoft Sentinel
- New incident experience GA
- Content Hub GA
- New simplified pricing
- Power Platform solution
- Sentinel optimization workbook

Microsoft Identity
- What is new in Entra
- Microsoft Entra ID Governance
- Create a lifecyle workflow
- Review recommendations for access reviews
- Trigger Logic Apps with custom extensions in entitlement management

Microsoft Defender for Cloud
- Data Security Posture Management in public preview
- GitHub Advanced Security for Azure DevOps alerts in Defender for Cloud
- Sensitive data discovery for PaaS databases (Preview)
- General Availability (GA): malware scanning in Defender for Storage

Links

  Episodio 25 - 7 de Julio, 2023 ['Azure Security Podcast - Ultimas novedades antes de las vacaciones']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender




Microsoft Sentinel
- New analytic rule insights
- Under the hood of the new overview page
- Multi-destination DCRs

Microsoft Identity
- News around Microsoft Entra ID Governance
- Microsoft Entra Tech Accelerator 2/2
- New App Health Recommendations in Microsoft Entra Workload Identities
- Entra Innovations
- Reimagine Secure Access

Microsoft Defender for Cloud
- Defender for Server Direct Onboarding
- Cambios de precio en el plan de Defender CSPM
- Data Aware security posture management for GCP (Private Preview)
- Workbook for D-CSPM
- More scopes added to Defender for DevOps

Links

  Episodio 24 - 26 de Junio, 2023 ['Azure Security Podcast - Os contamos lo ultimo en Defender, Sentinel y Entra']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender




Microsoft Sentinel
- DNS essentials solution
- Sentinel SOAR for SAP workloads
- DCR (Data Collection Rule) kit

Microsoft Identity
- Microsoft Entra (Azure AD) blog
- Increasing Transparency into Azure Active Directory's Resilience Model, and check SLA
- Microsoft Entra External ID for customers documentation
- Conditional Access authentication strength is now GA!
- Cross-Tenant Synchronization for seamless application access is now GA!
- Announcing GA of Authenticator Lite (in Outlook)

Microsoft Defender for Cloud
- Desplegar Defender for Server para servidores on-premises y activar Defender for Endpoint sin necesidad de Azure ARC (General Available)
- Defender for DevOps para Azure DevOps tiene 2 recomendaciones nuevas: Code repositories should have code scanning findings resolved Code repositories should have infrastructure as code scanning findings resolved
- Github Advanced Security for Azure DevOps (Public Preview)
- Defender CSPM: Running container images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management)

Links

  Episodio 23 - 25 de Mayo, 2023 ['Azure Security Podcast - Monitorizar casos de uso de Compliance']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender. Tenemos invitado especial, Sebastian Zamorano ( ) que es Senior Consultant de Microsoft y especialist tecnico en Compliance y DLP, con quien charlamos del uso de varias herramientas para manejar el estado de cumplimiento de una organizacion y como crear reportes




Microsoft Sentinel
- New hunting experience
- Workspace manager
- Sentinel available in China
- Sentinel All-in-One

Microsoft Identity
- Modernizing Authentication Management
- Azure AD Certificate-Based Authentication (CBA) on Mobile now Generally Available!
- Activate my Azure resource roles in Privileged Identity Management
- Public Preview: Token Protection for Sign-In Sessions


Microsoft Defender for Cloud
- Defender for CSPM es GA y se extendie el trial (gratis) hasta el 31 Julio
- Escaneo de vulnerabilidades de contenedores en el plan de Defender CSPM de forma agentless
- Inventario de contenedores sujetos a vulnerabilidades con el plan de Defender CSPM de forma agentless
- Defender for API (Preview)
- Defender for Server se puede activar para entorno on-prem sin necesidad de instalar primero Azure ARC (Private Preview)

Microsoft Defender 365
- Discovering internet-facing devices using Microsoft Defender for Endpoint

Links

  Episodio 22 - 19 de Abril, 2023 ['Azure Security Podcast - Novedades de Microsoft Secure! y Hablamos de Azure Key Vault y sus casos de uso']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender anunciadas en Microsoft Secure. Tenemos invitado especial, Emmanuel Bernal ( ) que es Cloud Security Architect y especialist tecnico en Key Management, con quien charlamos del uso de Azure Key Vault y soluciones de HSM en Azure




Microsoft Sentinel
- New MDTI connector
- Rebranding of MDTI rule
- Microsoft Purview Information Protection connector
- MDTI playbook

Microsoft Identity
- Entra Identity Governance with Entra Verified ID - Higher Fidelity Access Rights + Faster Onboarding
- Custom attributes for Azure Active Directory Domain Services now in Public Preview
- 2023 State of Cloud Permissions Risks report now published


Microsoft Defender for Cloud
- Defender for CSPM es GA - Data Security Posture Management dentro del plan de Defender CSPM (Preview) - New Defender for Storage plan with malware scanning (Preview)


Links

  Episodio 21 - 27 de Marzo, 2023 ['Azure Security Podcast - Experiencias de la monitorizacion de Sentinel dentro de Microsoft']

En este episodio Javier, Marcelo, Gladys y David charlan con Ricardo Jimenez Serrao que es Pricipal Security Engineer Manager ( ) Ricardo es responsable de la monitorizacion de Sentinel dentro de Microsoft





Links

  Episodio 20 - 23 de Febrero, 2023 ['Azure Security Podcast - Hablamos de Azure Policy y su caso de uso en Seguridad!']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender. Tenemos invitada especial, Kemley Nieva ( ) que es Prgram Manager de Azure Policy, con quien charlamos del uso de Azure Policy dentro de las iniciativas de seguridad para Defender for Cloud




Microsoft Sentinel
- New incident experience:
- Analytics rules Health & Audit Public preview
- Microsoft Purview Information Protection connector
- Microsoft 365 Defender connector is GA

Microsoft Identity
- Cross-tenant synchronization
- Microsoft Entra Permissions Management - Billable resources
- Permissions Management Resource Calculator (not official)


Microsoft Defender for Cloud
- The Endpoint protection (Microsoft Defender for Endpoint) component is now accessed in the Settings and monitoring page


Microsoft Defender for Endpoint
- Live Response is now generally available for macOS and Linux


Links

  Episodio 19 - 18 de Enero, 2023 ['Azure Security Podcast - 2023 nos trae muchas novedades de Seguridad']

En este episodio Javier, Marcelo y David nos cuentan las novedades de Sentinel, Defender for Cloud y Microsoft 365 Defender, y tambien como siembre lo ultimo en Identidad de Azure




Microsoft Sentinel
- New SOAR solutions:
- Content Hub enhancements:
- Switch functions to Azure KeyVault
- CEF via AMA:
- New Github Solution

Microsoft Identity
- Microsoft Entra – 5 identity priorities for 2023
- Manage your multi-cloud identity infrastructure with Microsoft Entra
- Entra Permissions Management


Microsoft Defender for Cloud
- New version of the recommendation to find missing system updates (Preview)


Microsoft Defender for Endpoint
- Live Response is now generally available for macOS and Linux


Links

  Episodio 18 - 22 de Diciembre, 2022 ['Azure Security Podcast - Feliz Cyber Navidad a Todos!']

En este episodio charlamos con los expertos de Sentinel, Defender for Cloud y Microsoft Identity sobre las ultimas novedades, entre ellas destacando importantes anuncios dentro de Microsoft Defender for Endpoint




Microsoft Sentinel
- 250+ solutions in Content Hub
- SNOW bi-directional sync
- Run playbooks on entities
- Incident tasks


Microsoft Identity
- New Admin Center Unifies Azure AD with Other Identity and Access Products
- Introducing enhanced company branding for sign-in experiences in Azure AD
- Introducing Machine Learning based recommendations in Azure AD Access reviews
- Streamline Amazon Business access with Microsoft Azure AD
- End user passwordless utopia
- Advances in Azure AD resilience - Microsoft Community Hub
- Azure AD Certificate-based Authentication (CBA) on Mobile - Microsoft Community Hub

Microsoft Defender for Cloud
- Announcing express configuration for vulnerability assessment in Defender for SQL
- Validate Defender for Containers protections with sample alerts
- Governance rules at scale (Preview) )


Microsoft Defender for Endpoint
- Zeek is now generally available as a component of Microsoft Defender for Endpoint
- Built-in protection is now generally available


Links

  Episodio 17 - 15 de Noviembre, 2022 ['Azure Security Podcast - Sentinel es lider en el Magic Quadrant de Gartner!']

En este episodio charlamos con los expertos de Sentinel, Defender for Cloud y Microsoft Identity sobre las ultimas novedades, entre ellas destacando el anuncio de Microsoft Sentinel como lider reconocido por Gartner en el Magic Quadrant




Microsoft Sentinel
- Sentinel named leader in Gartner quadrant
- CommonSecurityLog schema changes
- Updated MSSP Playbook


Microsoft Identity
- Embrace and Secure Multicloud with Entra Permissions
- Authentication strength - choose the right auth method for your scenario! - Microsoft Community Hub
- Advanced Microsoft Authenticator security features are now generally available! - Microsoft Community Hub
- Empowering SOCs with Azure AD Identity Protection in Microsoft 365 Defender - Microsoft Community Hub
- Public Preview: Conditional Access filters for apps - Microsoft Community Hub
- Advances in Azure AD resilience - Microsoft Community Hub
- Azure AD Certificate-based Authentication (CBA) on Mobile - Microsoft Community Hub

Microsoft Defender for Cloud
- Protect containers in your entire GKE organization with Defender for Containers
- Governance rules at scale (Preview)
- Agentless scanning for Azure and AWS machines (Preview)
- Defender for DevOps (Preview)
- Regulatory Compliance Dashboard now supports manual control management and detailed information on Microsoft's compliance status
- Defender Cloud Security Posture Management (CSPM)

Links

  Episodio 16 - 14 de Octubre, 2022 ['Azure Security Podcast y las novedades de Ignite en Seguridad!']

En este episodio charlamos con los expertos de Sentinel, Defender for Cloud y Microsoft Identity sobre las novedades anunciadas en Ignite en Defender for Cloud, Sentinel, Identidad y Microsoft Entra




Microsoft Sentinel
- Microsoft Sentinel: What's New at Microsoft Ignite
- UEBA Essentials solution
- IoT/OT solution
- SOC-ML Anomalies are GA:
- Windows DNS for AMA

Microsoft Identity
- Identity at Microsoft Ignite 2022
- Defend your users from MFA fatigue attacks :
- Microsoft named IAM Company of the Year
- Microsoft Entra change announcements - September 2022 train
- Save time and money, reduce risk with Microsoft Entra provisioning updates


Microsoft Defender for Cloud
- Announcing the Microsoft Cloud Security Benchmark
- Attack path analysis and contextual security capabilities in Defender for Cloud (Preview)
- Agentless scanning for Azure and AWS machines (Preview)
- Defender for DevOps (Preview)
- Regulatory Compliance Dashboard now supports manual control management and detailed information on Microsoft's compliance status
- Defender Cloud Security Posture Management (CSPM)
- MITRE ATT&CK framework mapping is now available also for AWS and GCP security recommendations
- Defender for Containers now supports vulnerability assessment for Elastic Container Registry (Preview)

Links

  Episodio 15 - 20 de Septiembre, 2022 ['Azure Security Podcast vuelve de las vacaciones - Novedades antes de Ignite']

En este episodio charlamos con los expertos de Sentinel, Defender for Cloud y Microsoft Identity sobre las ultimas novedades justo antes de la conferencia Ignite




Microsoft Sentinel
- SAP solution is now generally available
- New Threat Intelligence features in Microsoft Sentinel
- UEBA: New Azure resource Entitiy page, new data sources
- Discover the power of UEBA anomalies in Microsoft Sentinel
- Automation tips & tricks series

Microsoft Identity
- Microsoft Entra Verified ID now GA:
- TOTP based MFA for AAD is now GA
- Dynamic automated access with Azure AD entitlement management
- MFA server migration tool
- Say good bye to unmanaged AAD accounts for B2B collaboration
- More news around Microsoft Entra Permissions Management

Microsoft Defender for Cloud
- Defender for Cloud integration with Azure Monitor Agent is now in Public Preview
- Vulnerabilities for running images are now visible with Defender for Containers on your Windows containers
- Container Security Workbook
- Integration with Entra Permissions Management
- Demystifying Dependencies and Pricing of Microsoft Defender for Cloud Multicloud Capabilities
- Microsoft Defender for Cloud PoC Series - AWS and GCP
- OMI CVE Vulnerability Dashboard

Links

  Episodio 14 - 12 de Julio, 2022 ['Microsoft Security no se va de vacaciones - Novedades en Sentinel, Defender for Cloud y Microsoft ENTRA']

En este episodio charlamos con los expertos de Sentinel, Defender for Cloud y Microsoft Identity sobre las ultimas novedades




Microsoft Sentinel
- Migration to Microsoft Sentinel made easy
- Integration with Microsoft Purview DLP
- Alert trigger in automation rules

Microsoft Identity
- Microsoft Entra Permissions Management GA - Microsoft Entra Permissions Management is now generally available!
- Grupos anidados (nested groups) con grupos dinámicos en Azure AD
- Conditional Access y Identity Protection para Workload Identities
- Sincronización de grupos desde Azure AD hacia on-prem (groups writeback)

Microsoft Defender for Cloud
- Governance Experience
- Defender for Cloud for server. migration from MMA to new Unified Agent
- Updates to database plans
- Filtering alerts by IP Address and Resource Groups
- JIT (Just-in-time) access for VMs is now available for AWS EC2 instances (GA)

Links

  Episodio 13 - 1 de Junio, 2022 ['Se nos viene la Conferencia de Seguridad de RSA, Microsoft Entra y consejos practicos de Sentinel']

En este episodio charlamos con nuestro invitado especial Cristhofer Romeo Muñoz ( ) que es Program Manager de Sentinel y nos da consejos practicos para optimizar el uso de Sentinel. Descubrimos algunas de las novedades que vendran en RSA y Marcelo nos cuenta que es Microsoft Entra




Microsoft Sentinel
- Incident update trigger for automation rules and playbooks
- Relate alerts to incidents
- Similar Incidents

Microsoft Identity
- Microsoft Entra
- Announcements

Microsoft Defender for Cloud
- Governance Experience
- Multicloud settings of Servers plan are now available in connector level
- Multi Cloud posture management for Google GCP organization
- New Google GCP compliance frameworks added
- Just in Time access for AWS EC2 instances
- Add and remove the Defender profile for AKS clusters using the CLI

Links

  Episodio 12 - 9 de Mayo, 2022 ['Novedades de Microsoft Defender, Sentinel y Cloudknox']

En este episodio charlamos con Javier, Gladys y Marcelo sobre importantes novedades de Defender for Cloud, Microsoft Purview, Sentinel y Cloudknox




Microsoft Sentinel
- Cross-workspace view up to 100 workspaces
- Playbook support for Logic Apps Standard
- Sentinel Training Lab
- New watchlist actions available

Microsoft Identity
- Novedades sobre CloudKnox
- Novedades sobre cloud identity en Abril

Microsoft Defender for Cloud
- Microsoft Defender for Cloud new P1 and P2 plans to protect servers
- MDE Unified agent for 2012R2 and 2016 through MDfC P1 plan

Microsoft 365 Defender
- Microsoft Purview
- Microsoft Certified: Cybersecurity Architect Expert
- https://learn.microsoft.com

Links

  Episodio 11 - 31 de Marzo, 2022 ['Proteccion de la Informacion y herramientas de M365 Compliance']

En este episodio charlamos con Manon Edeline que es Security Customer Engineer en Microsoft España y especialista en Microsoft Compliance ( ). Manon nos cuenta cuales son las herramientas de la suite de Microsoft 365 Compliance y nos dan un enfoque practico sobre como un cliente deberia empezar a utilizarlas




Microsoft Sentinel
- Sentinel Hackazon
- Webinar fest!
- Large watchlist upload:

Microsoft Identity
- Novedades sobre CloudKnox después de un mes de anunciada la public preview
Conditional Access for Workload Identities
Entitlement Management custom workflows
Multi-stage access reviews
Custom roles for apps management
AuthN prompts analysis workbook
SalesForce Azure MFA integration
F5 builds value with easy identity management via Conditional Access

Microsoft Defender for Cloud
- Microsoft Defender for Cloud now supports Google Cloud Platform (GCP) and Amazon Web Services (AWS) in GA with its native CSPM and CWP for Servers, without any dependencies on Google and AWS 1st party tools
- Microsoft Defender for Cloud includes a separate Secure Score for each cloud (Azure, AWS and GCP)
- Microsoft Defender for Cloud Subscription coverage workbook

Links

  Episodio 10 - 3 de Marzo, 2022 ['Cloudknox! Importantes Novedades en Sentinel, Identidad y Defender for Cloud']

En este episodio charlamos sobre las ultimas novedades del pasado mes de Febrero, una de ellas de gran importancia como la Public Preview de la solucion de Cloudknox adquiridad por Microsoft. Marcelo nos cuenta cual es la apuesta de Microsoft para el Cloud Infrastructure Entitlement Management y la gestion de permisos para distintas cloud. Javier nos da un resume de 4 features super Importantes en Sentinel. Finalmente, David nos cuenta las novedades de Defender for Cloud y el nuevo soporte de postura de seguridad para monitorizar Google Cloud!




Microsoft Sentinel
- Basic Logs and Data Archive
- Data transformations
- MITRE heatmap
- ASIM is now built-in

Microsoft Identity
- Intro a CloudKnox Permissions Management

Microsoft Defender for Cloud
- Microsoft Defender for Cloud now supports Google Cloud Platform (GCP) with its native CSPM and CWP capabilities, without any dependencies on Google 1st party tools
- Microsoft Defender for Cloud now supports workload threat protection for Cosmos DB databases in Azure

Links

  Episodio 9 - 4 de Febrero, 2022 ['Respuestas a Incidencias de Ciberseguridad - Como responder a un incidente']

En este episodio charlamos sobre los elementros criticos que las empresas deben de poner en marcha para desarrollar un plan de respuesta a incidentes de ciberseguridad ( ). Anderson nos relatea su experencia trabajando con clientes de LATAM ayudando a gestionar un incidente de seguridad y su reflexion sobre los elementos criticos que llevan a una correcta implementacion de un plan de respuesta a incidentes.




Microsoft Sentinel
- Codeless connector platform. Create a codeless connector for Microsoft Sentinel
- IoT OT Threat Monitoring with Defender for IoT solution
- Into to KQL
- Advanced KQL workbook
- Support for MITRE techniques in Analytics Rules

Azure Active Directory
- [GA] Azure AD login for Linux VMs in Azure - Allows you to use Azure AD as a core authentication platform and a certificate authority to SSH into a Linux VM using Azure AD and openSSH certificate-based authentication. This allows you to centrally control and enforce Azure role-based access control (RBAC) and Conditional Access policies that manage access to the VMs.
- [Public Preview] Conditional Access overview dashboard - With this built-in dashboard in Azure AD you gain insights into your Conditional Access policy coverage without using Azure Monitor or Log Analytics. You learn which users, apps, device platforms, and locations are not covered by a policy yet, and have in-product security alerts that help you fill the gaps of existing Conditional Access policies.
- [Public Preview] Azure AD Connect multi-tenant synchronization - With this new topology you can sync the same object to multiple Azure AD tenants - either in the same Azure environment or in different environments such as the Azure Government or China cloud.
- [Public Preview] Azure AD login for Bastion enabled Windows and Linux VMs - Allows you to connect to your target VMs via Bastion using Azure CLI and expands your sign-in options to include local SSH key pair and Azure AD.
- [Public Preview] FSLogix profiles for Azure AD-joined VMs in Azure Virtual Desktop - Allows you to create an Azure Files share to store the FSLogix profiles and configure it to support Azure AD authentication. With this new capability, Azure AD can issue Kerberos tickets to access SMB shares.
- [Public Preview] Entitlement Management: Attribute collection in the Access Package request flow - Enables you to configure a set of attributes you want to collect from users to store on the user object. It is especially useful for onboarding external users, but can also be used for internal employee scenarios.
- [Public Preview] Automated key rotation in Azure Key Vault - Allows you to configure Azure Key Vault to generate a new key version at a defined schedule using a rotation policy.

Microsoft Defender for Cloud
- ARM related Alerts mapped to MITRE ATT&CK
- [Public Preview] Recommendations to enable Microsoft Defender plans on workspaces
- [Public Preview] Auto provision option to deploy the LA agent to Azure Arc-enabled machines
- [Public Preview] DNS Alert for known Log4Shell-related domains
- Active Alerts Workbooks
- Log4j Workbook

Links

  Episodio 8 - 17 de Diciembre, 2021 ['DevSecOps y Vulnerabilidad Log4j - Charlamos sobre la vulnerabilidad de Log4j y como las herramientas de Microsoft Defender, Sentinel y Github nos ayudan a detectar y prevenir el impacto de Log4j']

En este episodio charlamos sobre el impacto de la vulnerabilidad de Log4j y como las herramientas de seguridad de Microsoft nos pueden ayudar a la deteccion y prevencion del impacto de explotacion. Charlamos con Gisela Torres que es Cloud Solutions Architect en Microsoft España y especialista en DevOps ( ). Gisela nos cuenta buenas practicas de seguridad para integrar seguridad en el desarrollo del codigo desde el inicio del pipeline. Nos cuenta ejemplos de herramientas de codigo abierto o propias de Microsoft que son faciles de integrar tanto en Github como en Azure DevOps.




Microsoft 365 Defender Threat Intelligence Team
- Guia de Microsoft para prevenir, detectar, y cazar la CVE-2021-44228 Log4j 2 y su explotacion
- Listado de IOCs relacionados con este ataque (del Microsoft Threat Intelligence Center (MSTIC))

Herramientas de DevSecOps
- Como Github Advanced Security nos ayuda a detectar la exposicion de la vulnerabilidad de Log4j en el codigo a traves del analisis del contexto del codigo y las dependencias de librarias de software
- Integracion de Defender for Cloud y Github actions para tener visbilidad de que respositorios de Github son los causantes de crear vulnerabilidades en contenedores
- Ejemplos de herramientas de seguridad de codigo abierto que se pueden integrar facilmente con Github y Azure DevOps

Links

  Episodio 7 - 16 de Diciembre, 2021 ['Novedades en el ambito de Sentinel, Defender y Azure AD. Casos de uso interesantes de IoT, cumplimiento e Insider Risk']

En este episodio comentamos las novedades principales de Microsoft Seguridad en Sentinel, la suite de Defender y Azure AD. Tratamos casos interesantes donde en el entorno de la integracion de IT e IoT, y otros casos de uso donde clientes buscan detectar comportamientos abusivos entre usuarios




Sentinel:
- M365 Defender E5 offer para Sentinel
- AWS S3 connector para Sentinel
- Solucion Insider Risk Management para Sentinel
- Solucion Zero Trust (TIC 3.0) para Sentinel

Microsoft Defender
- Nuevo plan de Defender para contenedores y Kubernetes
- Nuevas deteccions de Defender para Storage
- Workbooks de Defender incluyen cumplimiento, vision global del Network security en Azure, postura de seguridad, vulnerabilidades
- Defender for Endpoint es capaz de descubrir dispositivos de IoT en la misma red

Azure AD servicios en GA en Diciembre
- Continuous Access Evaluation – Provides security and resilience benefits by issuing long lived tokens and being able to revoke user access in near real-time when risk is introduced, such as when a user changes their password, or the user moves to an untrusted location.
- Registration campaign for users to set up Microsoft Authenticator (Nudge) – Supports you to move your organization to be more secure by prompting users to adopt the Microsoft Authenticator. Prior to this feature, it was hard for an admin to push their users to set up the Microsoft Authenticator.
- Sign-up and sign-in with an Apple ID using Azure AD B2C – Enables you to configure sign-up and sign-in for users with an Apple ID in Azure AD B2C using predefined user flows or fully configurable custom policies.

Azure AD servicios en Public Preview en Diciembre
- Additional context in Azure Multifactor Authentication notifications – When a user receives a passwordless phone sign-in or push notification in the Microsoft Authenticator, they'll see the name of the application that requests the approval and the app location based on its IP address.
- Number matching in Azure Multifactor Authentication notifications – When a user responds to a push notification using Microsoft Authenticator, they'll be presented with a number. They need to type that number into the app to complete the approval
- Custom security attributes – Enables you to define business-specific attributes that you can assign to Azure AD objects. These attributes can be used to store information, categorize objects, or enforce fine-grained access control. Custom security attributes can be used with Azure attribute-based access control
- Conditional Access for workload identities – Adds support for Conditional Access policies being applicable to service principals in addition to users
- Conditional Access policy templates – Conditional Access templates are designed to provide a convenient method to deploy new policies aligned with Microsoft recommendations. The 14 policy templates are split into policies that would be assigned to user identities or devices
- Self-service password reset (SSPR) writeback using Azure AD cloud sync – When using the light-weight Azure AD Connect cloud sync instead of Azure AD Connect, you can now reset passwords of users from disconnected forests.
- Azure AD B2B guest user sign-in with an email address – When email as an alternate login ID is enabled in the home tenant, Azure AD users can perform guest sign in with non-UPN email on the resource tenanted endpoint.



Links

  Episodio 6 - 11 de Noviembre, 2021 ['Novedades de Microsoft Ignite y relatos sobre respuesta a Incidencias de Ciberseguridad']

En este episodio comentamos las novedades principales en Ignite en el plano de Defender, Sentinel y Azure AD, y charlamos con Fernando Rubio sobre su experiencia ayudando a clientes en los proceso de respuesta a incidentes de ciberseguridad ( ) . Fernando es Cyber Security lider del equipo de Customer Success Unit de Microsoft España, y nos cuenta su experiencia en el tipo de ataques sufridos en España recientemente, y nos ayuda a entender cual debe ser el proceso de respuesta al incidente y como se debe de ejecutar una reactivacion coordinada de los sistemas



Novedades de Ignite:

Sentinel:
- NRT rules
- Repositories public preview
- Content Hub
- Nueva experiencia de free trial (10GB/day for the first 31 day) con training lab

Microsoft Defender for Cloud
- Native multi-cloud support for AWS
- SQL recommendations enhancements
- Defender for Linux and MDE integration is GA
- Azure Purview integration
- Security recommendations and MITRE framework integration
- Microsoft Sentinel integration enhancements
- Microsoft threat and vulnerability management integration

Azure AD
- SLA 99.99. Autenticación - backup authentication service
- Mejoras en Conditional Access:
- Dashboard de overview para identificar oportunidades de mejora para mejorar la postura relacionada con políticas y en base a los patrones de cada organización
- Pre built-in templates
- Targeting más granular. Filtros para dispositivos y aplicaciones
- Policies para workload identities



Links

  Episodio 5 - 18 de Octubre, 2021 ['Experiencias de un CISO al entrar en Microsoft']

En este episodio charlamos con Carlos Manchado sobre la experiencia de un experto de Cyber Seguridad al entrar en Microsoft y del estado de la Cyber Seguridad en España ( ) . Carlos es Digital Security Advisor. Tambien comentamos las ultimas novedades en el area de Azure, Identidad, Sentinel y M365





Links

  Episodio 4 - 17 de Septiembre, 2021 [Microsoft y la vision de 'Identity and Network Access']

En este episodio charlamos con Javier Dominguez sobre la vision de Microsoft en la Identidad y nuevas tendencias vistas por los analistas ( ) . Javier es Principal PM Manager en la division de Identidad y Network Access. Charlamos sobre tendencias como Zero Trust, la vision de los analistas por converger soluciones de gobernabilidad, manejo del acceso y privilegios en una sola solucion que sea nativa al multi cloud y por consecuencia la apuesta de Microsoft con Cloudknox en esta area emergente que se conoce como 'Cloud Infrastructure Entitlement Management (CIEM)'. Javier tambien nos cuenta como la transformacion digital esta ayudando a mejorar la experencia comercial con clientes en canales digitales donde la identidad del cliente es clave

Tambien te contamos las ultimas novedades en el campo de la seguridad de Azure Defender y Sentinel



Links

  Episodio 3 - 28 de Julio, 2021 [Azure Security Center 'In the Field']

En este episodio charlamos con Fernanda Vela sobre su experiencia en el ambito de la postura de seguridad en la Nube ( ) . Fernanda es Program Manager y especialista de Azure Security Center en la parte de Postura de Seguridad y Secure Score

Tambien te contamos las ultimas novedades en el campo de la seguridad de Azure Defender, Sentinel e Identidad



Links

  Episodio 2 - 25 de Junio, 2021 [SimuLand: Comprender tecnicas de ataque de adversarios y mejorar la estrategia de detecciones]