Browsed by
Category: Cloud App Security

Honeypot: The Last Reconnaissance

Honeypot: The Last Reconnaissance

After reading this fantastic article on the Technet Community about the Attack Kill Chain, I realized I still needed to get this blog out. This blog will be about how you could set up some simple honeypot detections by creating some canary accounts to make sure you are protected against some insider threats. I am going to divide this blog into multiple parts: 1.Introduction 2.Honeypot document 3.Creating the document 4.Logging with alert policies 5.Logging with mcas policies 6.Results 1.Introduction Making…

Read More Read More

MCAS: Judgement Day

MCAS: Judgement Day

This blog will be about how I broke my own Microsoft Cloud App Security instance. Cloud App Security is a fantastic product, it can help you discovering and protecting all that’s in your Microsoft 365 tenant. Some time ago I wrote an article on how to automate your Cloud App Security Enrollment. It can come in handy when you want to deploy all your custom made alerts to a new tenant. In the mean time I added a lot more…

Read More Read More

What Happened to Monitoring External Access to Your Data?

What Happened to Monitoring External Access to Your Data?

Some time ago I wrote a blog about securing your data in which I described that this is only the first step in making sure your data is safe.   For example, whilst working with Teams, did you think about the “shadow users”? These users are not members of your Teams / Microsoft 365 groups but can still somehow access your data.  It’s very easy for an employee to share the whole Teams general folder within the Sharepoint site without you noticing. An employee just has to click on “share” to begin sharing it…

Read More Read More

Along came MCAS Automation

Along came MCAS Automation

This blog will show you, how you could import your MCAS template with all your preconfigured rules into MCAS by using PowerShell. Tips and tricks are included at the end of this blog. How to best explain how MCAS works?  Microsoft Cloud App Security is a Cloud Access Security Broker that supports various deployment modes including log collection, API connectors, and reverse proxy. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats…

Read More Read More