In this episode of ThreatCast, Microsoft MVP Ru Campbell is joined by Kijo Girardi, Product Manager for XDR at Microsoft, to talk about the user journey following deployment, some of the tools Kijo has published on GitHub, and how customers can get the most out of their Microsoft Security investment.
Detailed Summary
With the Microsoft Security suite (and indeed any security solution), deployment is only the beginning. It’s not a case of set it and forget it. After taking the first step in your security journey with deployment, focus must shift to operationalising your new tools to get the most from your investment, both in terms of financial ROI and maximised security.
Ru and Kijo discuss their top tips for making the transition from deployment to continuous security a smooth one, touching on daily processes, best practice, environment-specific challenges, and preparing for the worst-case scenario to ensure readiness.
When protecting your organisation from cyber threats, data is key. Microsoft’s Advanced Hunting improves visibility and offers greater insight into the potential threats against your digital environment. But you can take it a step further. KQL enables users to tailor Advanced Hunting to get the most enriched data available, exceeding what’s available in Defender’s GUI. Kijo offers insight into KQL’s applications and the benefits he’s seen associated with learning the language.
During his time at Microsoft Kijo has developed MDE Tester and subsequently Research Dev, both of which are available on GitHub. Research Dev allows users to apply real-world threat scenarios to their Defender suite. While it’s an excellent resource for preparedness training, incident response, and evaluating an organisation’s detection capabilities, it also empowers teams to respond to environment-wide threats by correlating alerts and data.
Ru and Kijo also consider solution consolidation, a trend we’re seeing across the entire industry. As security teams struggle under the weight of multiple vendor solutions and their associated data points and portals, we’re seeing more and more organisations move towards platform play, slimming down their security stacks and making the task of security more manageable.
That said, even with consolidated solutions, a working understanding of the functions and layout of your tools is essential. Kijo explains how familiarising yourself with navigation throughout your chosen security portal can make a significant difference when the time comes to utilise your tools to respond to threats or extract threat intelligence.
Key Bullet Points
What should security teams focus on after Microsoft Security deployment?
How can Microsoft Copilot help to point you in the right direction when shoring up your Microsoft Security suite?
What are MDE Tester and Research Dev, how can you access them, and how can they be used to conduct real-world threat simulation tests?
How can Advanced Hunting enrich security teams’ data?
What are the benefits of learning KQL and how can it be applied?
Kijo's Github: github.com/Lea...
ThreatCast podcast is produced by Threatscape.
Our mission is to provide a secure and certain future for our clients. Keeping them protected so that they can go about their business is how we know we’re delivering on our promise.
Contact us
Website: www.threatscap...
Linkedin: / 942506
Email Address : info@threatscape.com
Thanks for listening & keep podcasting!