Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft 365 Security Series - Using Azure Active Directory to secure your Microsoft 365 Installation

Microsoft 365 (formerly Office 365) is a Software-as-a-Service (SaaS) that offers a cloud-based version of its popular software productivity suite, including MS Word, Excel, PowerPoint, Outlook, and OneNote. In contrast, Azure Active Directory (Azure AD) is an Infrastructure-as-a-Service (IaaS) that offers a cloud-based version of Active Directory to control identity management and access to virtual resources across an organization.

Implementing Security Controls

Defense-in-depth is the best strategy for reducing cybersecurity risk. Just like how a medieval castle uses layered defenses for its physical security, modern organizations implement layered security controls to protect the confidentiality, integrity, and availability of their information. The specific security controls implemented by an organization should be informed by its own risk appetite, regulatory requirements, and operational capabilities. This article covers different kinds of security controls organizations should consider adopting to protect their information assets.

How Microsoft 365 - E5 Can Help Protect Your Organization Against Phishing Attacks

Microsoft 365 E5 is an enterprise cloud-based suite of Microsoft Office productivity apps combined with advanced voice, analytics, security, and compliance services. It is an upgrade over lower tiers E1 and E3. Though threat protection features are included in all Microsoft or Office 365 subscriptions, an E5 license provides some advanced features.

Five Things to Know About the NIST CSF 2.0

The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) is undergoing a major update. Originally released in 2014, the NIST CSF is one of the most widely used cybersecurity frameworks helping organizations understand and manage their cybersecurity risk. NIST is currently updating the CSF to align with the latest cybersecurity trends and best practices, with the expected release date of the CSF 2.0 slated for the first quarter of 2024.

What Is Business Profile Hijacking & How You Can Protect Your Business

Search engines automatically create a business listing based on publicly available information, but they permit business owners to override this automatic listing by publishing their own. This listing may include business hours, slogan, geographical location, a website link, contact information, reviews, and images. Business owners are also permitted to respond to reviews. Recently, Sedara has seen incidents in which the attacker claims control over a business listing that they do not own.

Customizing Your Security Awareness Program

Security training can be an effective protection and detection measure, or just another training module for an employee to ignore and click through. Even if an organization is using pre-packaged security awareness training products, they can make the training more effective by customizing it to the organization. Here are some components you may consider when customizing your security program.

Security Awareness

Why is security awareness important when we have all of these appliances and software and hardware to protect us? Well, ultimately, attacks come down to a set of human eyes and a keyboard, and a mouse. And if a user is well educated and if they're trained well and they're astute, they can help prevent a security incident from ever happening or detect it.