July Dispatch

A Message from Our CEO - Andy Sauer

+++Follow Andy Sauer

JULY IS HERE... and it's gone.

Somehow July got the better of us all and passed us by, meaning August and the last few weeks of summer are upon us. Alarming to say the least. But time does fly when you're having fun they say. And we have had ourselves some fun.

This month was especially fun, as we finally got to release the first two episodes of our new podcast, The Watchers. This has been a labor of love for the team here, something we feel incredibly proud to put out into the world. The Watchers is a long form conversational podcast where we deep dive into people and their experiences being protectors in society. It's my answer to what I want to watch/hear about in my chosen profession of cybersecurity. I hope you'll check it out and that you'll find value in it!

Episode 1 features former FBI Deputy Director Andrew McCabe who shared a ton of insight about how the FBI functions to protect our society. Episode 2 features former NASA CIO Renee Wynn, who shared some of her lessons learned in an illustrious career of public service. Episode 3.. well, you'll have to wait a few more days, but only a few!?

Outside of our work on The Watchers, the team here has been deeply focused on ensuring we are ready to support our partners in the coming months as CMMC "gets real". Like so many of you, we're anxiously awaiting the final rule and how it might impact our plans to date. It's enough to be a full-time job??

Shields Up,

Andy Sauer

Let's Connect on LinkedIn: https://sblu.us/Andy?

Check out the Watchers on YouTube: https://thewatchers.io/YouTube

CMMC UPDATE

The Final Rule is expected to be published in Q4 of this year. That could mean CMMC "goes live" as early as this winter.

?The CMMC Program train remains on its expected tracks for a 4th quarter arrival by way of federal rulemaking. While nobody can say for certain the exact date the program will go live, there is mounting evidence of a release in the fall. This would mean the rollout of CMMC begins toward the end of the year with the first wave of CMMC assessments being completed.

As a reminder, the CMMC program going?official?doesn't mean all contractors need to instantaneously achieve certification. DoD's intention is to roll this out in stages starting with a select number of contracts, meaning you are unlikely to be?required to achieve certification in the first wave. That said, there is an expectation that early adopters will have a competitive edge by being certified. In any case, keep in mind that CMMC certification preparedness comes as the result of many months of work building up a robust cybersecurity program. Keep making progress!

TECH CORNER WITH BEN

Ben Wheat our Chief Technology Officer offers insights and what's new, or not so new, in the world of technology.

+++ Follow Ben

• ?Evaluating your M365 Maturity With so many places to configure settings within the M365 ecosystem, using open-source tools or scripts can be a huge boon to your ability to effectively use the M365 suite. This month we're highlighting some tools that can give you a new, perhaps better, view of your current implementation and your current security posture. Remember, a key component of good security is?continuous monitoring and evaluation of the effectiveness of controls.
• ScubaGear? Automation to Assess the State of Your M365 Tenant Against CISA's Baseline (source: github.com) Secure Cloud Business Applications (SCuBA),evaluate your M365 cloud against a baseline. This is a great tool in compliment to Secure Score and can help track 'point in time' reporting against a baseline.
• Microsoft Analyzer-Suite: A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID (source: github.com)
• Perform analysis on a variety of M365 areas? ?Get-ADSignInLogsGraph → ADSignInLogsGraph-Analyzer v0.1 Get-MFA → MFA-Analyzer v0.2 Get-OAuthPermissions → OAuthPermissions-Analyzer v0.2 Get-RiskyDetections → RiskyDetections-Analyzer v0.2 Get-RiskyUsers → RiskyUsers-Analyzer v0.2 Get-UALAll → UAL-Analyzer v0.3 Get-Users → Users-Analyzer v0.1 Get-TransportRules → TransportRules-Analyzer v0.1
• LearingKijo.MDEtester:?MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint (source: github.com)

Validate the settings you've setup for MDE are as you expect. Security products are not set and forget hoping to catch some bait. These are tools that should continually maintained and tuned as time goes on. Make sure that you are getting the behavior you expect from them.?

BLOG

Small Business Series Blog #6 Incident Response and Backup Testing

READ THE BLOG HERE

Recent Articles:?

• Network Hardening: Through the Lens of Small Business Operations.
• Optimizing your Access Management, Zero Trust, & Allow-Listing Strategy.
• Security Documentation is Essential for GRC and Audit Preparation.
• How DIB Businesses Can Choose and Protect ERPs and CRMs.?
• How to Share Files Within the Defense Industrial Base (DIB)

The Watchers

A New Podcast Produced by Sentinel Blue

The Watchers is a profile in the people who are looking out for the rest of us. From national security to cybersecurity, regulators to military operators, these are the people who are on the wall for us.

Check out our first 2 episodes!

E1 - Join Andrew McCabe, former FBI Acting Director, as he shares his journey from high-profile cases like 9/11 and Benghazi to his current roles as a cybersecurity advisor, podcast host, and CNN contributor. Discover his impactful career and continued contributions to public service

E2 - Explore the impressive career of Renee Wynn, who dedicated over 20 years to the EPA before becoming NASA's Chief Information Officer. At NASA, she led major digital transformation efforts and launched its first global cybersecurity program. Now retired, Renee remains active as an advisor, board member, and community leader.

COMING UP!

Join us at AFCEA TechNet Indo-Pacific - October 22-24, 2024! Visit Us at Booth: Booth 637

Copyright ? 2024 Sentinel Blue. All Rights Reserved.

Subscribe to our Newsletter.

Subscribe to our The Watchers Podcast.