Spherium Consulting Group

🚀Discover how transforming security from the inside out can protect your organization in today's digital landscape. 🎓Read more in our latest blog post! https://lnkd.in/d3Sp8dHk

🎉 Happy Holidays from Spherium Consulting Group! 🎉 Your trust inspires us to provide the best solutions and support.

🛡⚔️ASR rules provide comprehensive protection by reducing attack surfaces and mitigating risks associated with common exploitation techniques. Today, we will explore the most important ASR rules and their functions.🎓🎓🎓

📌Passwordless Authentication and Its Growing Importance https://lnkd.in/dJmDbSu5

In our previous article, we explored the fundamentals of Attack Surface Reduction (ASR). In this article, we’d like to guide you through a deeper examination, starting with the core principles behind ASR rules. 🎓🎓🎓

🔍 Quick Overview: Continuous Access Review 🔐 Quick Overview: M365 Entra ID Conditional Access M365 Entra ID Conditional Access is a crucial security feature that allows organizations to enforce access policies dynamically. By continuously monitoring and evaluating user access, this feature ensures that only the right individuals can access critical resources, reducing risks associated with outdated or unnecessary permissions. Next week, I'll be diving deeper into how this feature can enhance your organization's security posture in an upcoming article. Stay tuned for insights on optimizing Conditional Access in your environment! #CyberSecurity #M365 #ConditionalAccess #IAM #EntraID #Security #CyberSecurity #AccessManagement #ContinuousAccessReview #IAM #Security, #ConditionalAccess.

Defender for Endpoint and Hidden Desktop Attacks. Microsoft Defender for Endpoint can detect suspicious processes running on hidden desktops. With the rise of ransomware and RDP compromises, attackers often use hidden desktops and hidden virtual network computing (hVNC) to evade detection. Microsoft introduces the 'DesktopName' field, allowing security analysts to identify and investigate these hidden processes. The article explains the technical details of these exploits and showcases Defender's advanced detection capabilities, helping organizations maintain comprehensive endpoint security. What are Hidden Desktop Attacks? Hidden desktops are used by attackers to conceal their activities. By creating hidden desktops within Windows user sessions, attackers can interact with the system undetected. They exploit Windows Station objects to run malicious processes on a separate GUI. Real-Life Example: In a hospital's IT system, an attacker gains access and creates a hidden desktop within a hospital administrator's session. While the administrator works, the attacker uses the hidden desktop to advance his lateral movement attack, further compromising the hospital's network. Implementation in Sentinel: We have started to add this KUSTO query to our client's Analytic Rule in Sentinel: DeviceProcessEvents | where Timestamp > ago(1d) | where FileName == "msedge.exe" | extend DesktopName = tolower(todynamic(AdditionalFields).DesktopName) | where isnotempty(DesktopName) | where DesktopName != "winsta0\\default" // Ignore instances on primary interactive desktop  and DesktopName !has "sbox"   // Filter out sandbox processes | project Timestamp, FileName, DesktopName, ProcessCommandLine | order by Timestamp desc Have you encountered hidden desktop attacks in your environment? Share your experiences or ask questions in the comments!

Exciting News for IT Security Professionals! 🚀 Microsoft Defender for Endpoint now enhances device control with BitLocker, offering improved flexibility and security. Key features include: - Granular control over BitLocker-encrypted devices. - Seamless management of removable storage. - Enforcement of encryption policies. - Management of policy exceptions. This integration supports hybrid work environments by combining robust policy enforcement with advanced encryption. Ensure comprehensive endpoint security and data protection with this powerful update. Learn more about this update and its benefits here. hashtag #CyberSecurity, #ITSecurity, #MicrosoftDefender, #BitLocker,#DataProtection, #Intune, #M365Security

Attack Surface Reduction (ASR) aims to minimize the pathways through which attackers can successfully intrude on protected assets. 🎓Read more👉 https://lnkd.in/dnjxGn8G

𝑴𝒊𝒄𝒓𝒐𝒔𝒐𝒇𝒕 𝑫𝒆𝒇𝒆𝒏𝒅𝒆𝒓 𝒇𝒐𝒓 𝑪𝒍𝒐𝒖𝒅 𝑨𝒑𝒑𝒔 is a powerful tool that provides comprehensive security for your cloud applications and services. Read more 👉🏻🎓 https://lnkd.in/dxXPSshh