September 11, 2024

Security Detection Update - 2024-9-10

Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

Introduction and Overview

Yea I know, I'm a day late! Here, take your new detection!!

New Detections

This update introduces:

Microsoft 365: SsoArtifactRevoked Failed Login

Detects when a user has failed to log in to Microsoft 365 services and the resultant error indicates the session was denied due to a bad password (either expired or recently changed). These events can also be related to conditional access policies denying a login. We have seen evidence of this activity in Business Email Compromise during our research.

Status: Default Disabled
Log type requirement: MS365 AD

Content & Fun Things

We'll be at SecureWorld Detroit!

Matthew Warner - Homegrown Security: How Michigan Businesses Are Navigating the Cybersecurity Rapids

Room: Amethyst

Wednesday, Sept 18th 10:15 - 11:00

From iconic food empires to bustling county governments, Michigan businesses are proving you don’t need Silicon Valley budgets to build world-class cybersecurity. This session from Matt of Ann Arbor’s own Blumira pulls back the curtain and show you how local organizations are leveraging automation and cloud-native tools to punch above their weight class in the cybersecurity arena.

Drawing on his own experience helping secure businesses in the Great Lakes State, Matt explores:

How to assess your current security maturity and identify key areas for improvement
Avoiding the potholes of response-only and compliance-driven security approaches
The role of automation in enhancing threat detection and response capabilities
Insider tips on selecting technologies that satisfy both compliance and budget constraints
How Ottawa County slashed manual log review time while meeting stringent CJIS and IRS compliance requirements
Zingerman’s secret sauce for protecting customer data during holiday rushes without breaking the bank

This talk is ideal for IT and security leaders at Michigan businesses of all sizes looking to enhance their security capabilities without breaking the bank or burning out their teams.

Amanda Berlin - [Panel] Unveiling the Threat Landscape and Unmasking Digital Villains

Room: Emerald

Wednesday, Sept 18th 11:10 - 11:55

In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

Our panel provides a comprehensive overview of the current threat landscape.

Tag(s): Product Updates , Security Alerts , Blog , Product Release Notes , Detection Update

Amanda Berlin

Amanda Berlin is the Senior Product Manager of Cybersecurity at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An...