微软助力您应对 BEC 和 (API) 调用：审核邮箱项目访问权限以进行事件响应.pdf

《微软助力您应对 BEC 和 (API) 调用：审核邮箱项目访问权限以进行事件响应.pdf》由会员分享，可在线阅读，更多相关《微软助力您应对 BEC 和 (API) 调用：审核邮箱项目访问权限以进行事件响应.pdf（48页珍藏版）》请在三个皮匠报告上搜索。

1、Microsoft at your BEC and(API)CallRichard Smith,Senior Consultant(Security Risk Advisors)October 20242WHOISIm Richard Smith,a Senior Consultant with Security Risk Advisors.4 years cybersecurity experience-SOC defense&leadership-CySA+-DevOps engineering10 years infrastructure IT experience-Desktop IT

2、-Systems and Network Administration-Virtualization(VMware,Nutanix,Citrix)Email:richard.smithsra.io1.StorytimeAre you sitting comfortably?Meet JimJim is the CISO at St Quentins Hospital,a medium-sized health care organization.They use Microsoft 365 for email.Theyre cost-conscious,but in a highly-regu

3、lated industry.Securing PHI/PII is of vital importance.Jim is very concerned5about the number,scope,and cost of Business Email Compromise attacks.The cost of a breach can be cripplingly high.If there is a cyber incidentLike,say,a compromised user accountthat has access to a mailboxthat contains sens

4、itive information6How do you know what the hacker saw?Previously,due to audit gaps caused by licensing issuesyou had to assume the intruder saw EVERYTHINGand you had to report that they saw EVERYTHINGand you would be fined as if they saw EVERYTHING7Most data breachesare affected by this auditing gap

5、.8Perry Johnson&Associates,May 2023:8,952,212 impactedMIE(Medical Informatics Engineering),July 2015:3.9 million impactedIts likely that in a lot of cases,the actual number of records accessed is much lower than reported.Jim has an idea!9What if we could show exactly which emails were accessed in a

6、breach?What if Microsoft made these logs available for export to any platform?What if there were indicators of compromise that could be leveraged for SIEM alerts?Microsoft likes Jims idea!10Following CISA recommendations,in 2023 Microsoft expanded Premium Audit logs to non-E5 license holders.This me