Mark's List

...of Cybersecurity Resources frequently sent to customers and colleagues. (Last updated January 2023). https://aka.ms/markslist - Twitter: @MarkSimos Mastodon: https://infosec.exchange/@markasimos#

Share and enjoy!

Recent Updates

• Added Baselines and Benchmarks section with links to Microsoft Cloud Security Benchmarks, Windows Security Baselines, Microsoft 365 (Office Apps), and Microsoft 365 Golden configuration
• Added Assessment for CAF Secure - https://aka.ms/cafsecure-assess
• Added descriptive names for each link in CDOC blog series - 1. Organization | 2a. Organizing Teams | 2b. Career Paths and Readiness | 3a. SecOps Tooling | 3b. Day in the life: Investigation | 3c. Day in the life: Remediation | 3d. Zen and the Art of Threat Hunting

Cybersecurity Laws

• Immutable Laws of Security +10 Laws of Cybersecurity Risk - https://aka.ms/securitylaws

Overview of Microsoft Guidance

This is an overall guidance map for Microsoft security guidance (slide is also in the MCRA)

• Microsoft CISO Workshop - Guidance on modernizing security program and strategy with Zero Trust principles (16 videos totaling ~4 hours + downloadable PDF of slides)
• Cloud Adoption Framework (Secure Methodology) - Security Program and Strategy Guidance aka.ms/CAFsecure - (Videos at aka.ms/CAFSecure-Videos, Assessment at aka.ms/cafsecure-assess)
• Microsoft Cybersecurity Reference Architectures (MCRA) - aka.ms/MCRA (Videos at aka.ms/MCRA-Videos)
• Microsoft Security Documentation - aka.ms/securitydocs
• Best Practice Documentation and Videos - https://docs.microsoft.com/en-us/security/compass/microsoft-security-compass-introduction
• Mapping to NIST CSF and ISO 27001 - aka.ms/CyberMapping

Ninja Training

• Microsoft 365 Defender >??https://aka.ms/m365dninja
• Microsoft Defender for Office 365 >??https://aka.ms/mdoninja
• Microsoft Defender for Endpoint >??https://aka.ms/mdeninja?
• Microsoft Cloud App Security >??https://aka.ms/mcasninja?
• Microsoft Defender for Identity >??https://aka.ms/mdininja
• Microsoft Sentinel - Become an Azure Sentinel Ninja: The complete level 400 training - Microsoft Tech Community | Skill-Up Site
• Microsoft Defender for IoT - Microsoft Azure Defender for?IoT?Training - Microsoft Tech Community
• Microsoft Defender Threat Intelligence - Become a Microsoft Defender Threat Intelligence Ninja: The complete level 400 training
• ?Microsoft Defender for Cloud - Become an Azure Security Center Ninja
• Insider Risk Management - Become a Insider Risk Management Ninja
• Microsoft Purview Information Protection - https://aka.ms/MIPNinja
• Microsoft Purview Data Loss Prevention - https://aka.ms/DLPNinja

Interactive Guides

• Microsoft Cybersecurity Reference Architectures (MCRA) - Capabilities?
• Microsoft Cybersecurity Reference Architectures (MCRA) - Zero Trust User Access?
• Microsoft Cybersecurity Reference Architectures (MCRA) - People?

Threat Intelligence / Recent Events

• Microsoft Digital Defense Report (MDDR) - current analysis of threat landscape - https://aka.ms/MDDR
• Cyber Threat Activity in Ukraine - https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/

• Solorigate / SUNBURST - https://aka.ms/solorigate

Ransomware, Extortion, and Destructive attacks

• Security Guidance - Detailed mitigation plan for attacks including Objectives and Key Results (OKRs) for 10 security initiatives, links to technical procedures, recommended team members, checklists, and more?

• Backup Guidance - Backup and restore guidance to ensure you can rapidly continue business operations after these attacks (which intentionally target backups)

Zero Trust Resources

• Zero Trust Commandments - Clear definition of what is and isn't Zero Trust (successor to the original Jericho Forum? Commandments)
• The Open Group Zero Trust Core Principles - Definition of Zero Trust and principles from the organization that hosted the original Jericho Forum?.
• Microsoft Main Zero Trust Page – Overview and links to resources, assessments, etc.
• Zero Trust Resource Center - technical resources to implement Zero Trust
• Zero Trust Overview (Recording | Slides) - Zero Trust: Security Through a Clearer Lens session
• Zero Trust Business Plan - and metrics for leaders and executives
• Microsoft’s IT Learnings - from (ongoing) Zero Trust journey
• Vision Paper – Microsoft’s maturity model describing the Zero Trust journey
• eBook – summarizing dynamics of Zero Trust and how Microsoft technology supports it today

Privileged Access and Identity

• Your Pa$$word Doesn't Matter - https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
• Securing Privileged Access Main Page (https://aka.ms/SPA) - Complete strategy, prescriptive roadmap, and implementation steps for reducing organizational risk from these attack techniques (used in human operated ransomware as well as advanced targeted data theft attacks). This includes a
• Rapid Modernization Plan (RAMP) – https://aka.ms/SPA-RAMP
• Securing Workstations – https://aka.ms/PAW?
• Privileged Access Strategy - https://aka.ms/SPA-Strategy
• Success criteria for strategy - https://aka.ms/SPA-Success
• Security levels - https://aka.ms/SPA-levels
• Securing Accounts – https://aka.ms/spa-account?
• Securing Intermediaries – https://aka.ms/spa-intermediary
• Securing Interfaces – https://aka.ms/spa-interface
• Deploying a privileged access solution - https://aka.ms/deploySPA
• Enterprise access model (update of Tier Model) - https://aka.ms/AccessModel

Additional Resources:

• Credential Theft Demonstration (~10 minutes) - https://aka.ms/credtheftdemo
• RSA Conference Presentation - Co-presentation with Tony Sager of the Center for Internet Security (CIS) on this aspect of critical hygiene - https://aka.ms/criticalhygiene-rsac

Incident Response and Recovery

• IR Resource Page (https://aka.ms/IR) with links and pointers
• IR Reference Guide - Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
• NIST Guide for?Cybersecurity Event Recovery - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
• Microsoft's Detection and Response Team (DART) - https://aka.ms/DART

Baselines and Benchmarks

• Microsoft Cloud Security Benchmarks - https://aka.ms/benchmarkdocs?
• Windows Security Baselines - https://aka.ms/securitybaselines
• Microsoft 365 (Office Apps) - https://learn.microsoft.com/deployoffice/security/security-baseline?
• Microsoft 365 Golden configuration - https://aka.ms/goldenconfig

?

Cybersecurity for Business Leaders

• Security Return on Investment (ROI) Video (1.5 minutes) - https://www.youtube.com/watch?v=maQh35MdFKY
• Cybersecurity Resilience - https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop-module-1#part-2-cybersecurity-resilience-1350
• Zero Trust Business Plan - and metrics for leaders and executives

Security Operations (SecOps) / [Center] (SOC)

• SOC Process Framework - Azure Sentinel Workbook with detailed guidance on roles, processes, and much more.
• Videos - (Program Overview | Technology Overview)
• Incident Response (IR) Overview - https://aka.ms/ir
• CDOC Poster?- https://aka.ms/minutesmatter
• CDOC Blog Series - 1. Organization | 2a. Organizing Teams | 2b. Career Paths and Readiness | 3a. SecOps Tooling | 3b. Day in the life: Investigation | 3c. Day in the life: Remediation | 3d. Zen and the Art of Threat Hunting

Operational Technology (OT) Security

• Azure Defender for IoT - Documentation Site
• OT Security reference architecture in MCRA includes Purdue model, differences between IT and OT security, and more.
• Defender for IoT - Microsoft Azure Defender for?IoT?Training - Microsoft Tech Community
• Azure IoT Security resources

Enterprise Patch Management

• Enterprise Patch Management Guidance from NIST (SP800-40)
• Patching as a Social Responsibility

Azure and Multi-Cloud Security

• Azure Security Top 10 best practices - documentation and videos
• Microsoft Cloud Security Benchmarks - Microsoft's security best practices, including security baselines to rapidly configure security for the most popular azure services
• Well Architected Framework - Security Guidance focused on protecting workloads
• Azure Security Documentation - https://aka.ms/AzureSecInfo
• Feature Updates - https://azure.microsoft.com/en-us/updates/?status=all

Azure Sentinel

Microsoft's Cloud Native SIEM and SOAR capability

• Azure Sentinel Documentation
• Project VAST dashboard - Discover old insecure protocols creating risk

Office 365 Security

• Prioritized Recommendations - Roadmap of security recommendations for protecting Office 365 against top attacks and prioritize by things to do in the first 30 days, first 90 days and beyond.
• Feature updates - https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=

Application/Development Security

• Innovation Security - CAF Secure discipline describing program and strategy guidance
• DevSecOps Controls - CAF Secure article describing key technical controls