Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Guy who named ‘BlueKeep’ Windows flaw joins Microsoft Threat Protection

Azure Sentinel News Editor by Azure Sentinel News Editor
December 2, 2020
in SIEM
0
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
5.4kViews
301 Shares Share on Facebook Share on Twitter

Kevin Beaumont, the UK cybersecurity expert who named the wormable Windows BlueKeep bug, is joining Microsoft Threat Protection. 

Beaumont, a widely quoted security expert who’s run large security operations centers, has offered insights from the trenches into new attacks via his popular DoublePulsar blog and Twitter for the past few years, covering issues including WannaCry, NSA exploits, the rise of malicious Office macros, and BlueKeep. 

The move to Microsoft Threat Protection, which is responsible for Microsoft Defender antivirus, is notable in part because Beaumont has been “largely suspect” of cybersecurity vendors and “occasionally critical of Microsoft”. 

But he’s also a fairly big fan of Microsoft’s cloud-based SIEM Sentinel, which he’s used to monitor his BlueKeep honeypot. Microsoft credited Beaumont and Marcus Hutchins – the UK security researcher who halted the 2017 WannaCry outbreak and was later arrested in Las Vegas – with helping it catch the first attempts at exploiting BlueKeep, which Microsoft feared could be as bad as WannaCry. 

Rather than stand on the sidelines and criticize the cybersecurity industry, Beaumont reckons it’s time to “put my career where my mouth is” by joining the Redmond company. 

As he explains, the cybersecurity industry is in the “black and white era of television” at a time when organized criminal groups are using common tools and techniques to bring down large companies. 

“The sad truth is that organizations are getting attacked with whatever tools the attackers can gain access to, and quite often it’s not the most sophisticated or Hollywoodesque way in – it is what works,” he notes. 

He thinks Microsoft Threat Protection has the best answer for this, by helping organizations “spot commonalities between attacks, and provide top-down protection through the stack”.

According to Beaumont, his experience running a Security Operations Center with 100,000 endpoints revealed to him that “SIEM monitoring solutions suck” due to their price and complexity.

Organizations spend big on SIEM solutions because they want to know when hackers break into their network. Quite often SIEM integration projects descend into chucking data into a hole, the hole filling, then everybody ignoring the ugly hole as nobody wants to stare into the abyss of Too Much Suck,” he wrote.

But Sentinel is different. “Azure Sentinel’s vision is pretty simple – deploy it, send your logs to Azure, and let Sentinel provide both a traditional SIEM, and machine learning and threat hunting.”

kevinbeaumontbbcyoutube2020a.jpg

Cybersecurity expert Kevin Beaumont: The cybersecurity industry is in the “black and white era of television”.  Image: Kevin Beaumont/BBC/YouTube

Reference:https://www.zdnet.com/article/guy-who-named-bluekeep-windows-flaw-joins-microsoft-threat-protection/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

February 8, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
Microsoft suspends 18 Azure accounts tied to China-based hackers

Microsoft and Redis Labs collaborate to give developers new Azure Cache for Redis capabilities

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Microsoft unveils new DLP, 'Double Key Encryption' offerings

Vectra AI and Microsoft partner on security integration

New data from Microsoft shows how the pandemic is accelerating the digital transformation of cyber-security

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

WA strikes govt-wide cloud deal with Microsoft

Satya Nadella’s 5 Biggest Statements At Microsoft Ignite 2020

3 months ago
Microsoft and Docker collaborate on new ways to deploy containers on Azure

SolarWinds Post-Compromise Hunting with Azure Sentinel

2 months ago
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services

Creating an Azure Sentinel Taskbar and Start Menu Shortcut and Icon for Quick Access

2 months ago
Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

6 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News