Azure introduced new Fusion Detection for Ransomware!

Hi Cloud Marathoners,

This week a new service – Fusion Detection for Ransomware has been announced. These Fusion detections correlate alerts that are potentially associated with ransomware activities that are observed at defense evasion and execution stages during a specific timeframe. 

What is Ransomware?

Ransomware attack is a type of attack that involves using specific types of malicious software or malware to make a network or system inaccessible for the purpose of extortion – ‘ransom’.

There is no doubt that ransomware attacks have taken a massive turn in being the top priority as a threat to many organizations. A recent report released by PurpleSec revealed that the estimated cost of ransomware attacks was $20 billion in 2020 and with downtime increasing by over 200% and the cost being 23x higher than 2019.

Preventing such attacks in the first place would be the ideal solution but with the new trend of ‘ransomware as a service’ and human operated ransomware, the scope and the sophistication of attacks are increasing – attackers are using slow and stealth techniques to compromise network, which makes it harder to detect them in the first place.

AI in action with Azure Sentinel for help!

Good new is that #azuresentinel 🔥 is constantly getting more efficient by introducing #AI in action – Sentinel #fusion!

In order to help your analyst quickly understand the possible attack, Fusion provides you with a complete picture for the suspicious activities happened on the same device/host by correlating signals from Microsoft products as well as signals in network and cloud. Supported data connectors include:

”With Fusion detection for ransomware that captures malicious activities at the defense evasion and execution stages of an attack, it gives security analysts an opportunity to quickly understand the suspicious activities happened around the same timeframe on the common entities, connect the dots and take immediate actions to disrupt the attack.”

Microsoft is commited to release new multistage attack scenarios detected by Fusion in Azure Sentinel. You could keep an eye on there Azure Sentinel Fusion page and get latest updates there 🙂

Stay tuned for more Azure automation & Security related posts.

Fᴏʟʟᴏᴡ ᴍᴇ 🎯 ᴀɴᴅ become ᴀ #cloudmarathoner ⛅🏃‍♂️🏃‍♀️ – 𝐋𝐄𝐓’𝐒 𝐂𝐎𝐍𝐍𝐄𝐂𝐓 👍

#microsoftsecurity
#security
#infosec
#cybersecurity

 1,177 Reads

Study Guide for Azure Security Technologies (AZ-500)

Hello friends,

Updates: This exam had a number of changes from the mid 2020 till now. I have updated exam objectives and some of the listed references to be up-t0-date..

I am back with a new study guide AZ-500: Azure Security Technologies Associate.

This is a very important exam for anyone who puts security at the core of a solution – deployed into Azure Cloud environment. In this respect, it is invaluable for any professional whose responsibilities include: maintaining the security posture, identifying, and remediating vulnerabilities by using a variety of security tools, implementing threat protection, and responding to security incident escalations.

By the way, you could also check out the following study guides, if interested 👌👍

By learning this topic, you as a candidate will gain strong skills in scripting and automation; a deep understanding of networking, virtualization, and cloud N-tier architecture. Your strong familiarity with cloud capabilities and products and services for Azure is very critical to succeed.

Getting AZ-500 Microsoft Azure Security Technologies Associate

In this section, you will get to know the official exam objectives, free Microsoft Learn materials and additional materials that I have used. On a high level, the skills that are measured in this exam are:

Actually, you could find this information on the official Microsoft exam website.

Useful resources that helped me along the way:

Here are the references which will serve you a way for successful digestion of the security materials. I would like to thank Pete Zerger – a Microsoft MVP & Cybersecurity Strategist for his informative content & professional support. He has really valuable posts and training courses on the LinkedIn platform.

There were many breaks in my study where I paused to search for Azure Security documentation on Microsoft Docs. However, discovering the GitHub repo from AzureMentor highly helped me to save some time, while getting familiar with exam objectives.

Thus, the @AzureMentor GitHub pages on Azure-AZ-500-Study-Guide have direct links into each high level objective as well as outlined items within it.

I would like to thank my family and kids for providing me with the opportunity to complete my journey. Big thanks to close friends and #linkedinfaily for continued support.

That’s all friends! Hope this sharing will encourage you to start your own cloud journey.

And as always, feel free to get connected and leave your comment(s). The whole LinkedIn family will benefit from your suggestions and feedback.

 610 Reads