Leveraging Microsoft Enterprise Mobility + Security (EMS) to Protect against Cyberattacks

I’ve been working with EMS since 2013 (when it was not really EMS – but the idea of People Centric IT), when I first delivered a presentation at Microsoft CSO Council – Fall 2013. We came along way to build a very solid platform, which includes using the Microsoft Threat Intelligence platform to identify cyberattacks, and suspicious activities. The video below gives you a brief overview about that:

As you could see in the video, we used Microsoft ATA to detect suspicious activities taking place on-premises. The Microsoft ATA Product Team out together a great attack simulation playbook that will enable you to test the following attack scenarios:

  • DNS Reconnaissance
  • Directory Services Enumeration
  • SMB Session Enumeration
  • Harvesting credentials (lsass.exe)
  • Overpass-the-Hash
  • Pass-the-Ticket
  • Remote Code Execution
  • Skeleton Key
  • DC Sync

The video also featured Cloud App Security, which is a great resource to help you to gain visibility to your app ecosystem and threat protection to your apps. The article Detect attacks before they cause damage, gives is an example of a very common scenario that can take advantage of Cloud App Security capabilities.