Lock Down and Look Out: Windows Security Blogs
Security remains a top of mind issue across the board. The recent worldwide sweep of the WannaCry ransomware attack served as a reminder—not that we needed one—that cybersecurity seems to be a fire that simply refuses to be put out. And indeed it may never be. As our cybersecurity solutions and policies evolve, it seems the bad guys evolve just a couple of steps ahead. Thankfully, for every successful attack, there are many more successful defenses. If you’re looking to broaden your security knowledge, or just looking for some specific resources, take a trip through some of these Windows security blogs. They're sure to shore up your security smarts.
This is the latest word in security from Microsoft itself. The lead post right now announces that the Microsoft Security Intelligence Report Volume 21 is now available
. Besides tactical advice and analysis of the latest cybersecurity headlines, this blog is good place to find resources like this.
Posted by the Microsoft Secure Blog Staff, this post states, "The latest volume of the Microsoft Security Intelligence Report is now available for free download at www.microsoft.com/sir. This new volume of the report includes threat data from the first half of 2016 as well as longer term trend data on industry vulnerabilities, exploits, malware, and malicious websites. The report also provides specific threat data for over 100 countries/regions."
The post entitled "Security in agile development," written by Talhah Mir, Principal PM Manager, looks a good practical look at how agile development can have a direct impact on software. Mir writes, "Most enterprises' security strategies today are multifaceted—encompassing securing a variety of elements of their IT environment including identities, applications, data, devices, and infrastructure. This also includes driving or supporting security training and changes in culture and behavior for a more secure enterprise. But, security really starts at the fundamental core, at the software development level. It’s here that security can be "built in" to ensure that applications meet the security requirements of enterprises today and are aligned to a holistic, end to end security strategy."
Other posts, like Cybersecurity and cyber-resilience – Equally important but different, by Paul Nicholas, Senior Director of Trustworthy Computing take a high level philosophical look at the current state of cybersecurity, the larger scale trends, and what we're likely to face in the future. Nicholas writes, "The October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology's pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome than in the past."
Bruce Schneier, a distinguished security expert who has written 13 books on the topic, is a fellow at Harvard University and appears regularly on a host of TV and radio programs. His blog explores policy and current events as well as in-the-trenches tips.
In this post, he covers the NSA decision to no longer collect information solely based on message content: "Earlier this month, the NSA said that it would no longer conduct "about" searches of bulk communications data. This was the practice of collecting the communications of Americans based on keywords and phrases in the contents of the messages, not based on who they were from or to."
If you are still searching for info on WannaCry, Schneier covers it here: "Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware. It's a simple scam. Encrypt the victim's hard drive, then extract a fee to decrypt it. The scammers can't charge too much, because they want the victim to pay rather than give up on the data. But they can charge individuals a few hundred dollars, and they can charge institutions like hospitals a few thousand. Do it at scale, and it's a profitable business."
Here, he discusses an extremely interesting discovery regarding HP laptops: "This is a weird story: researchers have discovered that an audio driver installed in some HP laptops includes a keylogger, which records all keystrokes to a local file. There seems to be nothing malicious about this, but it's a vivid illustration of how hard it is to secure a modern computer."
This is a solid, in-depth resource that gets sufficiently technical to satisfy the deepest security geeks. Penned by Randy Franklin Smith, some recent posts include:
In this post, Work Smarter—Not Harder: Internal Honeynets Allow You to Detect Bad Guys Instead of Just Chasing False Positives
, he discusses how honeynets could change the detection game: "Log collection, SIEM and security monitoring are the journey not the destination. Unfortunately, the destination is usually a false positive. This is because we’ve gotten very good at collecting logs and other information from production systems, filtering that data and presenting it on a dashboard. But we haven't gotten that good at distinguishing events triggered by bad guys from those triggered by normal every day activity. A honeynet changes that completely."
This entry, Tracking removable storage with the Windows Security Log, discusses auditing the removeable storage access in Windows: "With data breaches and Snowden-like information grabs I'm getting increased requests for how to track data moving to and from removable storage such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access."
Auditing Privileged Operations and Mailbox Access in Office 365 Exchange Online reveals how important monitoring the email inbox actually is: "E-mail remains one of the most heavily used communications mediums within organizations today. With as much as 75 percent of your organization's intellectual property stored in e-mail, Microsoft Exchange is for all practical purposes a treasure trove of organization’s most valuable secrets—just waiting for inappropriate access."
This blog is a great technical resource for IT teams. There's a lengthy list of topics covered that span the range of platforms you're tasked with supporting and securing.
What are some of your favorite Windows security blogs? Drop me a line at email@example.com!
Posted by Lafe Low on May 19th, 2017 at 2:21 PM