Microsoft Sentinel in Unified Security Operations: Real-World SOC Scenarios
In today’s complex threat landscape, SOCs must evolve to be more agile, intelligent, and unified. This session explores how Microsoft Sentinel empowers modern SOCs by delivering a cloud-native, scalable, and AI-driven SIEM and SOAR solution.
Through real-world scenarios, I’ll demonstrate how Sentinel integrates across your security ecosystem to detect, investigate, and respond to threats more effectively with practical insights into how organizations are leveraging MS Sentinel to unify data, automate response, and enhance visibility across hybrid and multi-cloud environments.
Unified Network Security at Scale: Azure Firewall + Firewall Manager in Action
In a world where cloud environments are growing rapidly and becoming increasingly complex, maintaining consistent and scalable network security is a top priority. This keynote dives into how Azure Firewall and Azure Firewall Manager work together to deliver centralized, cloud-native network protection across distributed environments.
Whether you're managing a hybrid network or a multi-cloud architecture, this session will equip you with the tools and strategies to simplify operations, strengthen your security posture, and scale with confidence.
Securing SaaS: Real-case scenario with Microsoft Defender for Cloud Apps
In today’s cloud-first world, organizations rely heavily on SaaS applications to drive productivity, collaboration, and innovation. But with this shift comes a new set of security challenges—data sprawl, shadow IT, and evolving threat vectors that traditional tools can’t fully address.
In this session, I’ll demonstrate how Microsoft Defender for Cloud Apps empowers security teams to gain deep visibility, enforce granular controls, and detect threats across their cloud ecosystem. Through real-world scenarios and practical insights, we’ll demonstrate how to build a proactive, intelligent, and scalable cloud security strategy that aligns with Zero Trust principles.
Incident investigations and threat hunting with Microsoft Sentinel, Defender XDR, Security Copilot
Simulate attacks with the Microsoft Defender portal, with an isolated domain controller and client device.
Investigate the incident for the simulated attack. Review generated alerts. Automated and manually investigation and remediation. Resolve the incident. Prioritize incidents. Manage incidents. Examine automated investigation and response with the Action center. Use advanced hunting. Expert training on advanced hunting scenarios
Microsoft Security Exposure Management
I will demonstrate practically Microsoft Security Exposure Management product feature in Defender XDR suite: a comprehensive security solution offering a unified perspective on your company's assets and workloads. With Security Exposure Management we can enhance asset details with crucial security insights, empowering proactive management of attack surfaces, safeguarding vital assets, and addressing exposure risks effectively.
Security Copilot in Microsoft Unified Security Operations workshop
Agenda:
1. Microsoft Copilot for Security overview
2. Core features of Microsoft Copilot for Security
3. Embedded experiences of Microsoft Copilot for Security
4. Explore use cases with Microsoft Copilot for Security
5. Security Copilot Demo Lab
- Onboarding Security Copilot
-Setup and provision Security Capacity in Azure
-Setup environment
-Prompting in Microsoft Copilot for Security
-Try promptbooks
6. Incident investigation with Microsoft Sentinel and Defender XDR and Security Copilot , real use cases scenario
Power of attack simulations in Microsoft Unified Security Operations
During a hands-on lab, we simulated an attack on an isolated AD DS domain controller and Windows device using a Fileless PowerShell script with process injection and SMB recon. My goal was to investigate, remediate, and resolve the incident effectively with threat hunting activity. I utilized Unified Security Operations with Microsoft Sentinel, Defender XDR and Security Copilot for comprehensive security measures and automatic attack disruption.
Microsoft Security Exposure Management
I will demonstrate practically Microsoft Security Exposure Management product feature in Defender XDR suite: a comprehensive security solution offering a unified perspective on your company's assets and workloads. With Security Exposure Management we can enhance asset details with crucial security insights, empowering proactive management of attack surfaces, safeguarding vital assets, and addressing exposure risks effectively.
Securing the Future: A Hands-On Guide with Defender XDR, Sentinel and Security Copilot
In this interactive session, audience will gain practical insights into modern security operations using Microsoft's advanced security tools: Defender XDR, Sentinel, and Security Copilot. The session will cover:
Unified Threat Detection and Response: Learn how Defender XDR and Sentinel work together to provide comprehensive threat detection and response capabilities across endpoints, identities, emails, cloud apps, and workloads.
Incident Management: Explore real-world scenarios of incident detection, investigation, and automated response using Sentinel and Defender XDR. Understand how to leverage these tools to streamline your security operations center (SOC) workflows.
Proactive Threat Hunting: Dive into advanced threat hunting techniques with Sentinel's Kusto Query Language (KQL) and see how unified hunting across Defender XDR data enhances threat visibility and response.
AI-Powered Security Operations: Discover how Security Copilot uses generative AI to assist in incident response and threat hunting, providing actionable insights and simplifying complex security tasks.
Restricted Management Administrative Units in Microsoft Entra ID
RMAUs are designed to protect privileged users and groups from unauthorized modifications by restricting management permissions to specific administrators. My focus will be on practical use cases scenarios
From Zero to Hero with Azure Web Application Firewall
Web Application Firewall provides centralized protection of your web applications from common exploits and vulnerabilities. Web applications are increasingly targeted by malicious attacks that exploit commonly known vulnerabilities. I will practically demonstrate WAF deployment scenarios with Azure Application Gateway, Azure Front Door, and Azure Content Delivery Network (CDN) service.
Data Security Posture Management for AI
Data Security Posture Management (DSPM) for AI is a proactive approach to securing AI systems in Microsoft Purview by continuously assessing risks including Microsoft Security 365 Copilot, mitigating vulnerabilities, and protecting AI models, data, and infrastructure with DLP polices and data assessment. Focus on practical use cases.
Key aspects of DSPM include:
Data Discovery: Identifying where sensitive data is stored across various cloud services and environments.
Data Classification: Categorizing data based on sensitivity to prioritize security measures.
Risk Assessment: Evaluating the security posture of data stores and applications to identify vulnerabilities.
Policy Enforcement: Implementing and enforcing security policies to protect sensitive data.
Incident Detection and Response in Microsoft Unified Security Operations
Microsoft’s Unified Security Operations platform integrates several powerful tools to enhance incident detection and response. This platform combines Microsoft Sentinel and Microsoft Defender XDR with Security Copilot to provide a comprehensive security solution.
Azure DDoS Protection simulation training
It’s a good practice to test your assumptions about how your services respond to an attack by conducting periodic simulations:
- Validate how Azure DDoS Protection helps protect your Azure resources from DDoS attacks.
- Optimize your incident response process while under DDoS attack.
- Document DDoS compliance.
- Train your network security teams.
Azure Network Security
Azure offers a comprehensive suite of network security services to protect your applications and cloud workloads from cyberattacks
Agenda:
- Hub and Spoke topology with Azure
- Network Security Groups (NSG)
- Application Security Groups
-Service Endpoints
- Private Endpoints
- Azure Application Gateway
- Web Application Firewall
- Azure Front Door
- ExpressRoute
- Azure Firewall
- Azure DDoS protection
Unifying XDR, SIEM and Security Copilot in Security Opertions
In the rapidly evolving world of cybersecurity, the role of artificial intelligence (AI) is becoming increasingly important. With the sheer volume and complexity of threats, a holistic approach to cybersecurity is necessary, and AI is proving to be a crucial element in detecting and fighting against advanced attacks.
Now Microsoft Defender, XDR, Microsoft Sentinel, and Microsoft Security Copilot are available as a unified experience, all your alerts, incidents, playbooks, and policies in one place with more AI, more automation, and an unparalleled view of emerging threats enriching it all. One dashboard to manage defenses. A single portal for threat investigation, detection, and response. A single command center built on a common data model to help you manage your SOC and work faster. One place to investigate all incidents. Making incident triage more straightforward, investigation more seamless and insights more holistic. One place to search and hunt for threats across all data. Simplified with help from Security Copilot, translating natural language to KQL. Copilot is generating all the queries, and these are, and you need to know KQL now.
During this session, Microsoft Security MVP, MCT Uros Babic will be speaking about the future of cybersecurity incident response with AI. Real stories incident investigations with Microsoft Defender XDR, Sentinel and Security Copilot will be presented.
Driving Microsoft’s transformation with Data and AI
Get started with Azure AI Services
2. Azure AI services
Azure Machine L earning
Cognitive Services
Azure OpenAl Services
3. Microsoft Copilot
4. AI for Security
5. Al Shared responsibility model
6. Accelerate cloud-native app innovation with Azure and Al
Manage Identity and Access in Microsoft Entra ID
Entra ID is the core of any secure solution you will build on Azure. You need to know verify who is accessing your systems, what they have access to, and monitor how they are using your solutions
How to Forensic Investigate Security Incidents in Microsoft Azure
When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a VM is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This ssession discusses the forensic acquisition methodology of an Azure VM and discusses an assumed scenario to divide the whole process into multiple steps
Active Directory Incident Response and Remediation in Microsoft Azure
Azure AD incident response explores how Azure AD investigates, manages and responds cybersecurity incidents. It involves skills, knowledge and experience with best practices to protect Azure Active Directory on day to day IR operations, remediation techniques and describes Azure AD incident response - life cycle, proces and tools.
Festive Tech Calendar 2024 Sessionize Event
Azure User Group Sweden User group Sessionize Event
Cyber Back to School Sessionize Event
Azure Back to School 2024 Sessionize Event
Gimme-Cloud-Talks-Global-Azure-2024 Sessionize Event
Festive Tech Calendar 2023 Sessionize Event
Microsoft Azure Serbia Meetup Group User group Sessionize Event
Azure Back to School 2023 Sessionize Event
Gimme-Cloud-Talks-Global-Azure-2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top