Mark's List
...of Cybersecurity Resources frequently sent to customers and colleagues. (Last updated January 2023). https://aka.ms/markslist - Twitter: @MarkSimos Mastodon: https://infosec.exchange/@markasimos#
Share and enjoy!
Recent Updates
- Added Baselines and Benchmarks section with links to Microsoft Cloud Security Benchmarks, Windows Security Baselines, Microsoft 365 (Office Apps), and Microsoft 365 Golden configuration
- Added Assessment for CAF Secure - https://aka.ms/cafsecure-assess
- Added descriptive names for each link in CDOC blog series - 1. Organization | 2a. Organizing Teams | 2b. Career Paths and Readiness | 3a. SecOps Tooling | 3b. Day in the life: Investigation | 3c. Day in the life: Remediation | 3d. Zen and the Art of Threat Hunting
Cybersecurity Laws
- Immutable Laws of Security +10 Laws of Cybersecurity Risk - http://aka.ms/securitylaws
Overview of Microsoft Guidance
This is an overall guidance map for Microsoft security guidance (slide is also in the MCRA)
- Microsoft CISO Workshop - Guidance on modernizing security program and strategy with Zero Trust principles (16 videos totaling ~4 hours + downloadable PDF of slides)
- Cloud Adoption Framework (Secure Methodology) - Security Program and Strategy Guidance aka.ms/CAFsecure - (Videos at aka.ms/CAFSecure-Videos, Assessment at aka.ms/cafsecure-assess)
- Microsoft Cybersecurity Reference Architectures (MCRA) - aka.ms/MCRA (Videos at aka.ms/MCRA-Videos)
- Microsoft Security Documentation - aka.ms/securitydocs
- Best Practice Documentation and Videos - https://docs.microsoft.com/en-us/security/compass/microsoft-security-compass-introduction
- Mapping to NIST CSF and ISO 27001 - aka.ms/CyberMapping
Ninja Training
- Microsoft 365 Defender > http://aka.ms/m365dninja
- Microsoft Defender for Office 365 > https://aka.ms/mdoninja
- Microsoft Defender for Endpoint > http://aka.ms/mdeninja
- Microsoft Cloud App Security > http://aka.ms/mcasninja
- Microsoft Defender for Identity > http://aka.ms/mdininja
- Microsoft Sentinel - Become an Azure Sentinel Ninja: The complete level 400 training - Microsoft Tech Community | Skill-Up Site
- Microsoft Defender for IoT - Microsoft Azure Defender for IoT Training - Microsoft Tech Community
- Microsoft Defender Threat Intelligence - Become a Microsoft Defender Threat Intelligence Ninja: The complete level 400 training
- Microsoft Defender for Cloud - Become an Azure Security Center Ninja
- Insider Risk Management - Become a Insider Risk Management Ninja
- Microsoft Purview Information Protection - https://aka.ms/MIPNinja
- Microsoft Purview Data Loss Prevention - https://aka.ms/DLPNinja
Interactive Guides
- Microsoft Cybersecurity Reference Architectures (MCRA) - Capabilities
- Microsoft Cybersecurity Reference Architectures (MCRA) - Zero Trust User Access
- Microsoft Cybersecurity Reference Architectures (MCRA) - People
Threat Intelligence / Recent Events
- Microsoft Digital Defense Report (MDDR) - current analysis of threat landscape - https://aka.ms/MDDR
- Cyber Threat Activity in Ukraine - https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/
- Solorigate / SUNBURST - https://aka.ms/solorigate
Ransomware, Extortion, and Destructive attacks
- Security Guidance - Detailed mitigation plan for attacks including Objectives and Key Results (OKRs) for 10 security initiatives, links to technical procedures, recommended team members, checklists, and more
- Backup Guidance - Backup and restore guidance to ensure you can rapidly continue business operations after these attacks (which intentionally target backups)
Zero Trust Resources
- Zero Trust Commandments - Clear definition of what is and isn't Zero Trust (successor to the original Jericho Forum™ Commandments)
- The Open Group Zero Trust Core Principles - Definition of Zero Trust and principles from the organization that hosted the original Jericho Forum™.
- Microsoft Main Zero Trust Page – Overview and links to resources, assessments, etc.
- Zero Trust Resource Center - technical resources to implement Zero Trust
- Zero Trust Overview (Recording | Slides) - Zero Trust: Security Through a Clearer Lens session
- Zero Trust Business Plan - and metrics for leaders and executives
- Microsoft’s IT Learnings - from (ongoing) Zero Trust journey
- Vision Paper – Microsoft’s maturity model describing the Zero Trust journey
- eBook – summarizing dynamics of Zero Trust and how Microsoft technology supports it today
Privileged Access and Identity
- Your Pa$$word Doesn't Matter - https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
- Securing Privileged Access Main Page (https://aka.ms/SPA) - Complete strategy, prescriptive roadmap, and implementation steps for reducing organizational risk from these attack techniques (used in human operated ransomware as well as advanced targeted data theft attacks). This includes a
- Rapid Modernization Plan (RAMP) – https://aka.ms/SPA-RAMP
- Securing Workstations – https://aka.ms/PAW
- Privileged Access Strategy - https://aka.ms/SPA-Strategy
- Success criteria for strategy - https://aka.ms/SPA-Success
- Security levels - https://aka.ms/SPA-levels
- Securing Accounts – https://aka.ms/spa-account
- Securing Intermediaries – https://aka.ms/spa-intermediary
- Securing Interfaces – https://aka.ms/spa-interface
- Deploying a privileged access solution - https://aka.ms/deploySPA
- Enterprise access model (update of Tier Model) - https://aka.ms/AccessModel
Additional Resources:
- Credential Theft Demonstration (~10 minutes) - http://aka.ms/credtheftdemo
- RSA Conference Presentation - Co-presentation with Tony Sager of the Center for Internet Security (CIS) on this aspect of critical hygiene - https://aka.ms/criticalhygiene-rsac
Incident Response and Recovery
- IR Resource Page (https://aka.ms/IR) with links and pointers
- IR Reference Guide - Lessons learned and recommendations from Microsoft, EY, Edelman, and Orrick to manage major incidents based on our collective experience (technical, operational, legal, and communications)
- NIST Guide for Cybersecurity Event Recovery - https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-184.pdf
- Microsoft's Detection and Response Team (DART) - https://aka.ms/DART
Baselines and Benchmarks
- Microsoft Cloud Security Benchmarks - https://aka.ms/benchmarkdocs
- Windows Security Baselines - https://aka.ms/securitybaselines
- Microsoft 365 (Office Apps) - https://learn.microsoft.com/deployoffice/security/security-baseline
- Microsoft 365 Golden configuration - https://aka.ms/goldenconfig
Cybersecurity for Business Leaders
- Security Return on Investment (ROI) Video (1.5 minutes) - https://www.youtube.com/watch?v=maQh35MdFKY
- Cybersecurity Resilience - https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop-module-1#part-2-cybersecurity-resilience-1350
- Zero Trust Business Plan - and metrics for leaders and executives
Security Operations (SecOps) / [Center] (SOC)
- SOC Process Framework - Azure Sentinel Workbook with detailed guidance on roles, processes, and much more.
- Videos - (Program Overview | Technology Overview)
- Incident Response (IR) Overview - http://aka.ms/ir
- CDOC Poster - https://aka.ms/minutesmatter
- CDOC Blog Series - 1. Organization | 2a. Organizing Teams | 2b. Career Paths and Readiness | 3a. SecOps Tooling | 3b. Day in the life: Investigation | 3c. Day in the life: Remediation | 3d. Zen and the Art of Threat Hunting
Operational Technology (OT) Security
- Azure Defender for IoT - Documentation Site
- OT Security reference architecture in MCRA includes Purdue model, differences between IT and OT security, and more.
- Defender for IoT - Microsoft Azure Defender for IoT Training - Microsoft Tech Community
- Azure IoT Security resources
Enterprise Patch Management
Azure and Multi-Cloud Security
- Azure Security Top 10 best practices - documentation and videos
- Microsoft Cloud Security Benchmarks - Microsoft's security best practices, including security baselines to rapidly configure security for the most popular azure services
- Well Architected Framework - Security Guidance focused on protecting workloads
- Azure Security Documentation - http://aka.ms/AzureSecInfo
- Feature Updates - https://azure.microsoft.com/en-us/updates/?status=all
Azure Sentinel
Microsoft's Cloud Native SIEM and SOAR capability
- Azure Sentinel Documentation
- Project VAST dashboard - Discover old insecure protocols creating risk
Office 365 Security
- Prioritized Recommendations - Roadmap of security recommendations for protecting Office 365 against top attacks and prioritize by things to do in the first 30 days, first 90 days and beyond.
- Feature updates - https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=
Application/Development Security
- Innovation Security - CAF Secure discipline describing program and strategy guidance
- DevSecOps Controls - CAF Secure article describing key technical controls
Senior Cybersecurity Architect at Deutsche Bahn - Information Security Strategy & Architecture
4moHave watched your "Making end to end security real" session at Seattle Ignite. This directed me to this very brilliant collection of cybersec information at one place. Thank you!
Senior Platform Architect (Pre-Sales) | Modern Work | GenAI | Cybersecurity
1yCannot see this video "Security Return on Investment (ROI) Video (1.5 minutes)", getting below error Video unavailable This video is private
🔌 Risk Informed Cyber Defense | Microsoft US Alliance | 2x Security Partner of the Year | Revenue & GTM Insights | Vision 2030 🧭
1yGreat collection of resources. Thanks!
SOC Engineer for Microsoft Sentinel
1yThanks! This is a really good overview!
AI CoPilot Champion for Africa | Partner Technology strategist | Solutions sales professional
1yBrilliant contribution to knowledge. Thank you so much Mark.