Introduction A few weeks ago, I got a question from a client to check how they could prevent administrators, including local administrators on their device, to add exclusions in Microsoft Defender Antivirus. I first thought it was going to be pretty easy by pushing some settings via Microsoft Endpoint Manager. However, after doing some research … Continue reading Can we block the addition of local Microsoft Defender Antivirus exclusions?
Category: Cloud Security
The dangers of trust policies in AWS
Introduction Everyone that has used Amazon Web Services (AWS) knows that the cloud environment has a unique way of granting access to users and resources. This is done by allowing users and/or resources to temporarily assume roles. These kinds of actions are possible because of trust policies that are assigned to those roles. A trust … Continue reading The dangers of trust policies in AWS
Detecting & Preventing Rogue Azure Subscriptions
In this blog post we will cover why rogue subscriptions are problematic and revisit a solution published a couple of years ago on Microsoft's Tech Community. Finally, we will conclude with some hardening recommendations to restrict the creation and importation of Azure subscriptions.
4 Trends for Cloud Security in 2022
The migration from an on-premises environment towards the public cloud started years ago and is still going on. Both governmental agencies and business organizations are in the journey of migrating and maturing their cloud environments[SW1] , pulled by the compelling need for streamlining, scaling, and improving their production. It wonβt potentially come as a surprise but … Continue reading 4 Trends for Cloud Security in 2022
Sentinel Query: Detect ZeroLogon (CVE-2020-1472)
In August 2020 Microsoft patched the ZeroLogon vulnerability CVE-2020-1472. In summary, this vulnerability would allow an attacker with a foothold in your network to become a domain admin in a few clicks. The attacker only needs to establish a network connection towards the domain controller. At NVISO we are supporting multiple clients with our MDR … Continue reading Sentinel Query: Detect ZeroLogon (CVE-2020-1472)
Windows Hardening in the cloud with Azure Automation
In a previous blogpost, we discussed the OS hardening baselines for Windows Server 2016 written in PowerShell DSC, which we made publicly available on the NVISO GitHub page. Using this, you can define your own hardening baseline to use within your own environment. Once a baseline is defined, we want to apply it to the … Continue reading Windows Hardening in the cloud with Azure Automation
Windows Server Hardening with PowerShell DSC
Operating system hardening is the process of improving the security of a default OS installation to minimize the attack surface that can be exploited by an attacker. But doing this manually on each system that is deployed on-premise or in the cloud is a cumbersome task. It can lead to inconsistent security configurations because of … Continue reading Windows Server Hardening with PowerShell DSC
Azure Security Logging β part 2: security-logging capabilities of Azure resources
In this second blog post in a series about Azure Security Logging, we will focus on some of the key services that are used in most Azure deployments. We go into detail how logging can be enabled, what logging options are available and what relevant data is generated. Log sources in Azure At the moment … Continue reading Azure Security Logging β part 2: security-logging capabilities of Azure resources
Azure Security Logging – part I: defining your logging strategy
In this first blog post in a series about Azure Security Logging, we will give a general overview of the types of logs available for Azure services including their storage options. We will also discuss how to define a security logging strategy in Azure. In the upcoming blog posts, we will go into detail about … Continue reading Azure Security Logging – part I: defining your logging strategy