This week, I had the opportunity to participate in the Microsoft Security Event via a virtual platform, where the highly anticipated announcement of Microsoft Security Copilot took place. Just as GPT-4 has revolutionized various industries, its impact on cybersecurity is equally groundbreaking.

During the event, I was thoroughly impressed by the innovative features and advanced capabilities of Microsoft Security Copilot, which is poised to significantly enhance security professionals’ operations. This cutting-edge solution brings the power of AI to the forefront, providing a valuable resource for security teams to stay ahead of ever-evolving cyber threats.

As we continually strive to offer the best in SOC-as-a-Service, I am eager to integrate Microsoft Security Copilot into our portfolio and deliver its impressive capabilities directly to our valued customers. By harnessing the potential of AI-driven security solutions, we can better protect businesses and organizations, ensuring a safer and more secure digital landscape for all.

Cybersecurity professionals face an uphill battle against relentless, sophisticated attackers in today’s digital landscape. The global shortage of skilled security professionals only exacerbates the problem, leaving an estimated 3.4 million unfilled positions in the field. The ever-increasing volume and velocity of cyber-attacks necessitate the development of innovative technologies to tip the scales in favor of defenders.

Microsoft Security Copilot is the first security product that harnesses the power of OpenAI’s GPT-4 generative AI to enable defenders to operate at the speed and scale of artificial intelligence. Unveiled at the inaugural Microsoft Secure event, Security Copilot combines advanced large language models with Microsoft’s security-specific models and global threat intelligence, informed by over 65 trillion daily signals.

Running on Azure’s hyper-scale infrastructure, Security Copilot is designed to provide an enterprise-grade, security and privacy-compliant experience. When prompted by a security professional, the AI deploys its cyber-trained model to maximize the value of large language model capabilities, augmenting analysts’ work and improving detection quality, response speed, and overall security posture. Security Copilot is a closed-loop learning system that continually learns from user interactions and feedback, enabling it to provide increasingly coherent, relevant, and valuable answers.

Integrated with Microsoft’s end-to-end security products and compatible with a growing ecosystem of third-party solutions, Security Copilot is a powerful, adaptive system designed to help organizations defend themselves at machine speed. By simplifying complex tasks, catching what other approaches might miss, and addressing the talent gap, Security Copilot empowers security professionals to focus their human ingenuity where it matters most.

Microsoft is committed to responsible AI practices, ensuring that your data remains your own, is not used to train foundation AI models, and is protected by comprehensive enterprise compliance and security controls. Security Copilot represents a new era in cybersecurity, leveraging advanced technology to support and enhance the essential human element of security.

In conclusion, Microsoft Security Copilot is set to revolutionize the cybersecurity landscape by leveraging the power of AI and GPT-4, equipping defenders with innovative tools to combat ever-evolving cyber threats effectively. As we integrate this groundbreaking solution into our SOC-as-a-Service offerings, our customers will benefit from enhanced protection and an increasingly secure digital environment. With its advanced capabilities, commitment to responsible AI practices, and seamless integration with existing security products, Microsoft Security Copilot marks the dawn of a new era in cybersecurity—one that fosters a perfect synergy between cutting-edge technology and human expertise.

 

 

Contact Us 

LinkedIn

Many of our customers are trying to understand what Microsoft Entra is. Many have heard terms such as Microsoft Entra Permissions Management or Microsoft Entra Workload Identities. In this short article, I will explain what Microsoft Entra Products are.

Microsoft has introduced a new product family called Microsoft Entra, which encompasses its identity and access capabilities. Entra includes Azure Active Directory (Azure AD), Cloud Infrastructure Entitlement Management (CIEM), and decentralized identity. The aim is to provide secure access to everything for everyone through identity and access management, cloud infrastructure entitlement management, and identity verification.

In a hyperconnected world, trust and security have become crucial. Microsoft Entra aims to act as a trust fabric for the entire digital ecosystem, protecting any user’s access to apps and resources and securing and verifying every identity across hybrid and multi-cloud environments. The product family will also discover and govern permissions in multi-cloud environments and simplify user experiences with real-time intelligent access decisions.

The following are the products that compose the Microsoft Entra Family of products:

  • Microsoft Azure Activity Directory: Most of us should be familiar with the Microsoft AAD. It is a cloud-based identity and access management service that helps organizations manage and secure user access to applications and resources. It acts as a central hub for user identity management, enabling single sign-on (SSO) across multiple applications, multi-factor authentication (MFA), and conditional access policies to ensure secure access. Azure AD simplifies user management by offering features such as self-service password reset, device management, and integration with on-premises Active Directory environments. With Azure AD, organizations can manage internal and external users, including employees, partners, and customers, streamlining access control and improving overall security.
  • Microsoft Entra Permissions Management: Microsoft Entra Permissions Management is a Cloud Infrastructure Entitlement Management (CIEM) solution that helps organizations manage and enforce the principle of least privilege across their multi-cloud environments. It provides comprehensive visibility into permissions for all identities, including users and workloads, as well as their actions and resources across public cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform. Entra Permissions Management enables organizations to detect, right-size, and monitor permissions by offering insights into unused and excessive permissions, reducing their attack surface and mitigating the risk of data breaches. This solution simplifies the management of permissions and access controls, ensuring a consistent and secure experience for identity and security teams in a multi-cloud setting.
  • Microsoft Entra Verified ID: Microsoft Entra Verified ID is a product offering based on decentralized identity standards, aiming to enable secure digital interactions while respecting privacy. It allows individuals and organizations to control what information they share, when they share it, with whom they share it, and, when necessary, to revoke access. Verified ID implements industry standards to make portable, self-owned identity possible, showcasing Microsoft’s commitment to an open, trustworthy, interoperable, and standards-based decentralized identity future. Decentralized identity creates numerous potential scenarios that can improve efficiency and trust in various aspects of life, such as business transactions, background checks, and healthcare. Microsoft Entra Verified ID promotes secure and private interactions, empowering users to take control of their digital identity and share their data more privacy-consciously.
  • Microsoft Entra Workload Identities: Microsoft Entra Workload Identities is a feature that extends the reach of access control and risk detection capabilities within Azure Active Directory to cover applications and services hosted in the cloud. It allows organizations to securely assign and manage identities for any app or service hosted in Azure AD, enabling more granular control over access rights and a more consistent security posture across their digital ecosystem. By integrating workload identities into the Microsoft Entra suite, customers can better manage and govern access permissions and mitigate risks associated with unauthorized access. This feature enhances security and simplifies the process of implementing and managing access controls for applications and services within multi-cloud environments.
  • Microsoft Entra Identity Governance: Microsoft Entra Identity Governance is a solution that addresses the challenges associated with provisioning and managing access rights for users, such as employees and partners, within an organization. It automates identity lifecycle management processes for onboarding and offboarding users, streamlining the assignment and management of access rights and monitoring and tracking access as user attributes change. By implementing Identity Governance, organizations can improve IT and individual productivity, reducing delays in granting access to new employees and guest users. This solution also helps maintain a smoothly functioning supply chain. It enforces formal or automated processes for reprovisioning or deactivating users’ accounts when their roles change or they leave the organization, enhancing overall security and compliance.

The Microsoft Entra family of products delivers comprehensive identity and access management solutions for organizations operating in a hyperconnected world. By encompassing Azure Active Directory, Entra Permissions Management, Entra Verified ID, Workload Identities, and Identity Governance, Microsoft Entra addresses a wide range of security and access needs across multi-cloud environments.

Azure Active Directory is the backbone for user identity management, providing single sign-on, multi-factor authentication, and conditional access. Entra Permissions Management offers a Cloud Infrastructure Entitlement Management solution to enforce the principle of least privilege and manage permissions across public cloud platforms. Entra Verified ID enables secure, privacy-focused digital interactions based on decentralized identity standards. At the same time, Workload Identities extend access control and risk detection capabilities to applications and services hosted in Azure AD.

Lastly, Identity Governance automates identity lifecycle management processes for onboarding, offboarding, and managing user access rights, improving overall security and compliance. By offering a comprehensive and integrated suite of products, Microsoft Entra empowers organizations to maintain secure access, streamline identity management, and protect data across their entire digital ecosystem.

 

 

Contact Us 

LinkedIn

There is a lot of classification of the various types of hackers but the terms “hacker,” “cybercriminals,” and “identity thief” are often interchangeably used.Cybercrime is a criminal activity that involves computers, networked devices, and networks. It is defined as a crime in which a computer or object is used as a tool to commit the crime. 

 

Cybercrime is at an all-time high, costing companies and individuals billions of dollars a year. Moreover, with the expansion of global cyber-criminal networks and credit, increased opportunities and financial incentives have created various types of cybercriminals that pose a significant threat to governments, businesses, and individuals alike.  

 

Identity theft is one of the oldest Internet crimes that gained prominence in the early years of the Internet. Identity thieves are cybercriminals who attempt to access the personal data of their victims, such as names, addresses, telephone numbers, places of work, bank accounts, credit card data, and social security numbers. They then use this information to make financial transactions and imitate their victims for personal gain.  

 

Identity thieves target organizations that store people’s personal information, such as schools and credit card companies. Cybercriminals also target the private information and business data of individuals that are stolen and resold. However, the primary effect of cybercrime is financial, which includes many different types of for-profit criminal activities such as ransomware attacks, email and Internet fraud, identity fraud, and attempts to steal financial accounts, credit cards, and other payment card information. Also, there are groups motivated to commit cybercrime for non-financial reasons such as revenge, states wanting to disrupt opposite governments for political purposes, protest over a cause or belief, terrorism, and much more.

 

Large, organized crime groups find new ways to commit old crimes online, treat cybercrime like business, and form global criminal communities. These illegal communities share strategies and tools and can join forces to carry out coordinated attacks.  

 

In general, we could categorize cyberthreat actors into four distinct groups that apply different cyberattack tactics and have specific motivations to act. They are: 

 

Cybercriminals 

 

These threat actors focus on making money. The key to preventing cybercriminals is to make their actions more expensive than profitable so that they turn to a different target. They may be members of organized crime gangs or petty criminals who seek to capitalize on technology to seal and sell data to make money. 

 

The key points to consider for this category of cyberthreat actors are: 

 

  • Cybercriminals are driven by profit. Reducing potential profits can deter a cybercriminal’s interest in the attack strategy and thus reduce their time invested into committing it. 
  • Many cybercriminals are freelancers who take on different jobs for a fee. They can be hired by any company or state that needs to do some hacking without their own hands dirtying the work, and they’ll get to it with just one phone call from someone in need. 
  • Large, organized cybercrime groups are the modern-day mafia. They operate over a global network. Organized crime is shifting its focus from physical robberies to cybercrime. This means less risk for arrest and higher profit potentials – a perfect match! 
  • Some cybercriminal organizations are getting so good at hacking into people’s information that they even set up call centers dedicated to specific attacks, such as making phone calls to deliver socially engineered attacks or sending phishing emails. These criminals will go through the same steps of setting up an actual business – providing full-time jobs for employees and all the benefits a company would offer its workers. 

 

Hacktivists 

 

Their convictions drive these threat actors. Anonymous, an infamous hacktivist group that targets people or organizations they feel have violated human rights or other political agendas and need to be punished, is a prime example of this. Defending against these hackers is different from defending against typical cybercriminals because they do not care about money; they simply want “justice” for what has been done in violation of social norms according to their perception and understanding of right and wrong. 

 

The key points to consider for this category of cyberthreat actors are: 

 

  • It is not uncommon for hacktivists to be associated with conspiracy theories, including those involving anti-government concepts. In addition, they will often use technology to manipulate data for political purposes. 
  • Hacktivists who are motivated by a cause rather than profit make it much more likely that they will target specific entities, especially when compared to financially driven adversaries. 
  • Hacktivists have caused major breaches. Some notable ones would include the Sony data breach and Sony Playstation network hack by the LulzSec group. In 2012, the Anonymous group shut down the CIA’s website for more than 5 hours. 
  • Hacktivists can contract cybercriminals to help with their mission as well as for burst support based on the issue they are addressing or pay hackers a bounty if they find vulnerabilities in an organization’s system. 

 

State-sponsored actors 

 

These threat actors are similar to hacktivists because they are driven by a cause based on the state that sponsors them. Most governments have invested money into cyberwarfare research and development, with many of these countries supporting hacking operations as well. Any large-scale war will include disruption or destruction of infrastructure using cyber exploitation tactics like malware infections, denial-of-service attacks (DDoS), data breaches, etc., which means that any government’s critical infrastructure – such as power grids or nuclear reactors – must take special measures to defend against these threat actors. 

 

The key points to consider for this category of cyberthreat actors are: 

 

  • There is an elite class of state-sponsored cybercriminals that are very well funded. 
  • Most countries have limited knowledge of what other nations’ cyber capabilities look like “under the hood.”  
  • International-based crimes pose a difficult challenge for enforcing laws against such crimes. 
  • State-sponsored cybercrime is typically a very targeted attack that often goes unnoticed until it’s too late. It’s referred to as an advanced persistent threat, or APT for short. 
  • Many organizations are not equipped to hold their own against a state-sponsored attack. 

 

Cyberterrorists 

 

Terrorists are living in the digital age, and they’re not afraid to use any means necessary. Modern-day terrorists have technology on their side–technology that can be used for harm or good depending on who’s using it. From a malicious hacker causing widespread panic with an attack like WannaCry, to cyberterrorists leveraging pre-built scripts against vulnerable networks of systems; these threats come from everywhere now more than ever before because we live in such a connected world today where everything is interconnected through computers and devices which makes us all susceptible at one point or another to some type of social engineering scheme by someone looking just for our bank account number or trying to use your credentials to get access to organizations you may have access to. 

 

The key points to consider for this category of cyberthreat actors are: 

 

  • Terrorists have wanted to use cyberterrorism for some time now, and there are a number of ways they can do so. Cybercriminals often work as independent contractors who specialize in causing destruction; this is true with terrorists too. 
  • Cyberterrorists have changed the cybersecurity industry, prompting requirements for multifactor authentication and improved password policies in order to reduce the risk of global events caused by cyberterrorism. 
  • With cyberattacks on the rise, many people are justifiably concerned about their privacy and security. The compromised systems of some unwitting victims became part of an attack when they unwittingly helped spread malware through a phishing email or acted as gateways to networks during a hacking attempt. 

 

Another type of threat actors is often overlooked is the Insider threat. Insider threats are people – employees or former employees, contractors, business partners, or suppliers – who have legitimate access to an organization’s networks and systems and uses this access to obtain personal data or disclose sensitive information. Insider threats are more common in industries such as healthcare and finance, government institutions and can put information security at risk. They can be challenging to detect because threat actors often have legitimate access to an organization’s systems and data. 

 

Cybersecurity is an ongoing battle that many businesses and organizations have trouble keeping up with. The threats are constantly changing, which can make it difficult to assess the best way to protect your business or organization from cybercriminals who want nothing more than get your data for their own gain. Consider cybersecurity as a part of your strategic plan- don’t wait until disaster strikes before taking action! Ensure all devices in use by employees are secured against malicious viruses, spyware, malware, etc., and do not store sensitive information on any device without encryption software enabled. 

 

 

Contact Us 

LinkedIn

Protecting patients and staff from workplace violence, theft, and other risks is a top priority in today’s healthcare environment. Surveillance cameras are one of the most effective tools for achieving this goal – but how do you know which type to use? This blog post will explore the risks associated with surveillance cameras in healthcare facilities and best practices for implementing them effectively! 

Many customers ask questions about best practices of surveillance cameras and HIPPA expectations in the healthcare industry because patients are considered “PHI – Protected Health Information” and subject to HIPAA regulations. Nearby surveillance should protect the identities of innocent bystanders while still providing security for those in need. 

Installing surveillance camera systems in medical facilities can help prevent and deter theft and violent behavior. Hospitals, doctors’ offices, dentists, pharmacies—all are allowed to install cameras for most areas of the facility except those with obvious privacy issues such as bathrooms or computers. This means you could find them at entrances, exits, fire escape points, elevators, closets–even corridors! But what about waiting rooms? Yes, these have been subject to security breaches before, and cameras are allowed in waiting rooms. 

HIPAA safety rules require administrative, physical, and technical safeguards to protect patient privacy and security. Password protection is a basic security precaution required by HIPAA compliance programs for maximum protection of your information. Also, like every other type of electronic data, the files must be encrypted at rest, meaning even when it is not in use, it must be encrypted. Check with your camera system provider to make sure proper encryption is in place. 

If you’re concerned about camera location, remember that surveillance cameras cannot capture images of anyone who is changing clothes, injecting themselves, or other activities that compromise privacy. Surveillance footage should only be used for security purposes, and any recording can occur in public areas. To avoid privacy breaches from recordings on the premises, make sure there’s an adequate distance between monitoring devices and patient rooms at all times 

HIPAA violations can occur when health facilities place surveillance cameras in positions that capture private patient data displayed on computer screens. You should install cameras and avoid capturing computer screens within their field of view. The camera used to monitor patients must be accessible only by appropriate clinical staff members, not employees walking past or nearby during monitoring times because they have access to every room. 

The primary areas of risk when installing the cameras are: 

  • Installing the cameras in the wrong place 

  • Failure to configure and implement proper controls, policies, and procedures in compliance with regulation 

  • Failure to provide appropriate guidance and awareness training to employees who might be in charge of the footages 

    

The number of surveillance systems in the marketplace varies from consumerlevel systems such as Amazon Ring Doorbell to commercial graded systems such as ADT Systems. Whichever system you might choose must provide end-to-end encryption. For those using Amazon Ring, they have rolled out end-to-end encryption only this last January/2021. You can visit Ring’s support page to determine if your device supports end-to-end encryption and how to configure it. 

To summarize: a hospital, doctor’s office, dental practice, or pharmacy may install CCTV equipment anywhere except bathrooms or computer screens as long as it doesn’t violate HIPAA safety rules. Remember to use password protection and ensure the data is encrypted even when stored at rest. And never film patients while they change their clothing, operating rooms undergoing a procedure, or administering any drugs or medicine! 

 

 

Passwordless Technology – Why Should You Consider It? 

 

Passwordless authentication means that you never have to enter a password again in everyday digital life. You can use more secure authentication options, such as the fingerprint reader, face unlocks, or push notifications that you can respond to on almost any device, from Windows to Android and iPhonePasswordless authentication has some significant advantages, such as not having to remember complex passwords, there is less re-typing of passwords when the user mistypes them the first time, and it is safer.  

As the corporate world becomes aware of the security risks associated with stolen and shared passwords, alternative security systems are coming under the spotlight. Several alternative authentication methods do not include passwords, such as hardware tokens or objects where the user verifies his identity using a biometric method or a device such as a physical feature that belongs to him (such as a thumbprint). Although these methods involve different approaches, all Passwordless authentication methods have one thing in common: the user authentication data is never stored together with the password in the system.  

 

Passwordless authentication is the new buzzword in secure authentication and identity and access management (IAM). Passwords are the number one target for cybercriminals, according to the Verizon 2020 Data Breach Investigation Report8oof the breaches involve weak or stolen passwords. Passwordless replaces the deficiencies of traditional passwords to protect IT security more effectively.  

 

Most organizations still use traditional passwords as a central authentication method. However, Passwordless authentication methods and multifactor authentication methods will evolve. For example, please take a look at Trusona; it is a new technology that connects with different AD solutions allowing users to authenticate with QR code as an example, generated each time the user attempts to log in. Therefore the user will never have to have a password. Another example would be Yubico; they use open standards and multiple protocols to create a YubiKey, a small USB key you plug on the device you want to authenticate. It authenticates you based on your digital fingerprinting. The well-known problems with passwords should encourage companies to use IAM, MFA, and Passwordless authentication. 

 

Industry leaders are pushing for stricter authentication standards, such as the FIDO Alliance, which promises simpler, stronger authentication and advocates the abolition of passwords. FIDO organization is developing technical specifications that define an open, scalable, interoperable set of mechanisms that reduce passwords’ reliance on authenticating users.  

 

In general, binary authentications such as passwords, two-factor authentication (2FA), and multifactor authentication (MFA), which includes biometric data, are more vulnerable to fraud because of their binary nature. Currently, focusing on the complexity of passwords promotes the reuse of credentials, increases the total cost of ownership (TCO) associated with password resets and helpdesk calls, and does nothing to improve overall security.  

 

Some MFA methods are more secure than others and rely on SMS tokens, but not all. Legacy MFA solutions combine the storage of a secret password, PIN, or reply with a compromised secondary device such as a smart card, hardware token, or a one-time code sent via SMS to the user’s device.  

 

The security of a Passwordless authentication system depends on the proof of identity required in place of the password and its implementation. For example, secure push notifications from account holders are considered more secure than a password. SMS codes from mobile devices are considered less secure because SMS is an insecure communication channel, and there have been several documented attacks on SMS authentication systems.  

 

Passwordless technology promises that it increases usability, streamlines authentication, and increases security by removing the password as a vulnerability in the authentication.  

 

To make Passwordless technologically possible, the organization must have a solid foundation of Identity Management System. The leader in the market is Microsoft providing the platform of Identity Management that allows for interconnectivity with 3rd-party tools that enhance the end-user authentication experience. For organizations that have not yet considered Passwordless solutions, the time to look at it is now, even if you are only considering implementing it later. Future considerations might impact decisions you make now. 

 

 

 

 

Sources: 

[0]: https://duo.com/blog/passwordless-authentication-going-beyond-the-hype-with-3-key-considerations 

[1]: https://www.avatier.com/blog/should-you-implement-passwordless-authentication/ 

[2]: https://www.securitymagazine.com/articles/92330-is-passwordless-authentication-the-future 

[4]: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/10-reasons-to-love-passwordless-1-fido-rocks/ba-p/2111918 

[5]: https://doubleoctopus.com/security-wiki/authentication/passwordless-authentication/ 

[6]: https://www.onelogin.com/learn/passwordless-authentication 

[7]: https://medium.com/keylesstech/why-you-must-go-passwordless-89da725d16da 

[8]: https://www.techradar.com/news/passwordless-authentication-what-is-it-and-why-do-it