A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online - Matt Swann Derbycon 2017 (Hacking Illustrated Series InfoSec Tutorial Videos)

Defending the Cloud: Lessons from Intrusion Detection in SharePoint Online
Matt Swann
Derbycon 2017

Over the past four years we've tried, failed, and now begun to succeed at defending the SharePoint Online service. In my talk, I describe the approaches we tried (focusing on our existing telemetry; focusing on anomalies; focusing on adversaries) and how we put into practice an adversary-focused approach that works. Finally, I describe what we're doing next - using graph analytics to cluster related activity and building incident response capabilities that allow us to locate and track an adversary in real-time. I close with a "hierarchy of needs" that defenders can follow to build defensive capabilities in their own organization.

Matt is a Principal Engineering Manager in the OneDrive and SharePoint team at Microsoft. He drove the security development process for SharePoint 2010 and 2013, then built a team focused on cloud security for SharePoint Online. Matt is passionate about intrusion detection, incident response and catching adversaries. When he’s not catching bad guys, you can find him at home with his kids or hiking in Washington's beautiful Cascades.

@MSwannMSFT

Back to Derbycon 2017 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast