Alexander Benoit is Lead Security Analyst at sepago, where he manages and develops the consulting business with his team. His focus is on enterprise security and modern management for 10 years. He brings his everyday experience from the enterprise environment into the community actively. He is also MVP for Enterprise Security, a Certified Ethical Hacker, a Windows Insider MVP and Community Lead of “Trust in Tech” and the host of GeekSprech Podcast.
Since at least January 2020, threat actors have seized on the media attention surrounding the 2019 Novel Coronavirus (COVID-19) global pandemic to launch phishing campaigns designed to distribute malware to unsuspecting users. As of the date researches have yielded over 6,000 Indicators of Compromise (IOCs) and at least 15 distinct campaigns associated with 11 threat actors or groups distributing 39 different malware families and employing 80 various MITRE ATT&CK techniques. In this session we will talk about what we have discovered and how Microsoft security technology can help you protect even in challenging times like this.
In the era of extremely large amount of data and cyber-security talent shortage, ML seems to be an only solution. But whats behind the buzzword? Which scenarios can machine learning aid in solving the most common tasks including regression, prediction, or classification?
This session is an introduction to give practical technical understanding of the current advances and future directions of ML research applied to cyber-security. Based on real world scenarios we will have a look into Microsoft solutions, will discuss how they behave and where they get their intelligence from.
Through 2020, known vulnerabilities will play a role in more than 99.9% of attacks. Reducing the exposure to known vulnerabilities and misconfiguration, or stopping the threat before it happens, is the first and best defense against these attacks. Equally important is bringing together security and IT teams to empower them to be able to quickly and seamlessly remediate vulnerabilities. In this session, we will talk about Microsoft’s disruptive risk-driven threat & vulnerability management based on Microsoft Defender ATP signals. By leveraging the worldwide visibility of third party applications installed/running, embedded sensors, threat-intelligence, and endpoint protection technologies we will enable security teams to discover, prioritize and remediate known vulnerabilities and misconfiguration exploited by threat actors.
Mit Microsoft Threat Protection aggregiert Microsoft Daten von Microsoft Defender Advanced Threat Protection (Endpunkte), Office 365 ATP (E-Mail und Collaboration), Azure ATP sowie Azure AD Identity Protection (Identity) und Microsoft Cloud App Security (Apps). Analysten ist es damit möglich Incidents entlang der Kill-Chain zu behandeln, statt als einzelne Signale aus den jeweiligen Lösung. In dieser Session schauen wir uns dieses Vorgehen genauer an und analysieren anhand von echten Szenarien, wie und welche forensischen Maßnahmen wir zur Verfügung haben.