Latest Insights and Cybersecurity Resources
Token Theft Part 2 - Defensive
Defenders should focus on those users who trigger multiple alerts rapidly. For example, a risky sign-in followed closely by indicators of persistence techniques, such as mailbox rule creation.
Two detection sources are very helpful in detecting and alerting of token theft attacks, for example: Azure Active Directory Identity Protection and Microsoft Defender for Cloud Apps
Token Theft Part 1 - Offensive
An increasing number of cyber-attacks employ techniques to bypass multi-factor authentication (MFA) which allows criminals the ability to access corporate networks with limited ability by security teams to detect these threats.
The difference between a SOC and a SIEM and do...
Organisations looking to improve their cybersecurity posture are faced with many buying decisions, terminology and technology. The terms SIEM and SOC are sometimes incorrectly used interchangeably so what is the difference between them and do you need both?