SHAREPLICITY
  • Home
  • What we do
  • About Us
  • Reach Out
  • Resources
  • Blog

Idea  Write  Learn

Microsoft Defender Security Center

8/5/2019

0 Comments

 
Over the past few years, Microsoft has implemented better Security features into all of its cloud offerings. Microsoft Defender capabilities are now very sophisticated and offer deep inspection into not only cloud services but also on-premises from Windows 10 devices.
 
The "Microsoft Defender Security Center" is your central entry point to identify,  potential breach activity, overall security score, and threat analytics.
 
If you have the required license, you can access the dashboard from here: https://securitycenter.windows.com/dashboard.
 
Once authenticated, the primary Security operations dashboard loads displaying the following:
 
  • Active Alerts
  • Active automated investigations
  • Automated investigations statistics
  • Machines at risk
  • Users at risk
  • Machines with sensor issues
  • Service health
  • Detection sources
  • Daily machines reporting
 
Each report allows you to click into further details. For example, clicking on the "Suspicious process injection observed" takes me to all the features needed to investigate further.
Picture
Upon clicking further, firstly, you are presented with base details of the overall issue and recommended actions. The actions drop down allows you to drill deeper and see, for example, the "Timeline" of events.
Picture
For example, looking deeper into this injection, we can see that an "Anomalous memory allocation" was identified within "PowerShell."
Picture
Clicking further into the backdoor reveals the command line used as well as process name, execution time, and process id.
Picture
Going back to the specific injection, we can use the "Alert process tree" to see the identified anomalous process.
Picture
To get a better view of attacks like this, we can expand the menu item "Automated investigations" and click the first sub menu item.
Picture
Clicking into any of the same observed injections will display the "Investigation graph" that identifies any Alerts, Machines, Key findings, Entities, Logs and offers specific Actions.
Picture
If we now click on the "Threats found" icon, the "Key findings" are listed.
Picture
If we now click on a row, we can then complete the "Approve or Reject" action.
Picture
As you can see, the tooling is excellent at traversing an observed anomaly or malicious attack. If we expand the "Threat & Vulnerability Management" menu and click "Dashboard," we get a breakdown of our security posture based on a detailed analysis of the tenant.
Picture
You can also see in the bottom table a list of software that either needs patching, is out of date or is vulnerable.
Picture
Clicking onto the "Windows 10" row displays further details. If you then click "Open software page," and then click "Update Windows 10", you are presented with a list of the "Exposed machines" and "CVEs" that are addressed by the various patches.
Picture
The last thing that is extremely helpful is the "Security recommendations." It provides a simple list of activities for completion, that will increase your overall security.
Picture
All in all, "Windows Defender ATP" and the other components of the "Microsoft Defender Security Center" are advanced enough to protect all areas of your cloud-connected infrastructure.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    July 2020
    June 2020
    March 2020
    February 2020
    August 2019
    July 2019
    June 2019

    Categories

    All
    Azure
    Cloud
    Microsoft
    Microsoft 365
    MVP
    Office Apps
    Office Services
    Renew
    Secure Score
    Security
    Security Center
    SharePoint
    White-paper
    Windows Defender

    RSS Feed

© 2021 SHAREPLICITY
  • Home
  • What we do
  • About Us
  • Reach Out
  • Resources
  • Blog