Skip to content
Get A Demo
Free SIEM
    September 11, 2024

    Security Detection Update - 2024-9-10

    Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

    Introduction and Overview

    Yea I know, I'm a day late! Here, take your new detection!!


    New Detections

    This update introduces:

    Microsoft 365: SsoArtifactRevoked Failed Login

    Detects when a user has failed to log in to Microsoft 365 services and the resultant error indicates the session was denied due to a bad password (either expired or recently changed). These events can also be related to conditional access policies denying a login. We have seen evidence of this activity in Business Email Compromise during our research.

    • Status: Default Disabled
    • Log type requirement: MS365 AD
    Room: Amethyst
    Wednesday, Sept 18th 10:15 - 11:00
     
    From iconic food empires to bustling county governments, Michigan businesses are proving you don’t need Silicon Valley budgets to build world-class cybersecurity. This session from Matt of Ann Arbor’s own Blumira pulls back the curtain and show you how local organizations are leveraging automation and cloud-native tools to punch above their weight class in the cybersecurity arena.

    Drawing on his own experience helping secure businesses in the Great Lakes State, Matt explores:
     
    • How to assess your current security maturity and identify key areas for improvement
    • Avoiding the potholes of response-only and compliance-driven security approaches
    • The role of automation in enhancing threat detection and response capabilities
    • Insider tips on selecting technologies that satisfy both compliance and budget constraints
    • How Ottawa County slashed manual log review time while meeting stringent CJIS and IRS compliance requirements
    • Zingerman’s secret sauce for protecting customer data during holiday rushes without breaking the bank

    This talk is ideal for IT and security leaders at Michigan businesses of all sizes looking to enhance their security capabilities without breaking the bank or burning out their teams.


    Room: Emerald
    Wednesday, Sept 18th 11:10 - 11:55
     
    In the shadows of our digital world, a clandestine battle is waged against our data, systems, and infrastructure. These hidden threats, much like the villains of comic books, lurk in the shadows, seeking to exploit vulnerabilities and disrupt our digital lives. Join us as we delve into the ever-evolving threat landscape, unmasking the villains of the digital realm and exploring their nefarious tactics.

    Our panel of cybersecurity experts unravel the intricate world of cyber threats, shedding light on the latest trends, emerging attack vectors, and the expanding arsenal of malicious tools employed by cyber adversaries. Learn the motivations behind these threats, from profit-driven cybercriminals to state-sponsored actors wielding cyberweapons.

    Our panel provides a comprehensive overview of the current threat landscape.

    Amanda Berlin

    Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

    More from the blog

    View All Posts