Windows Ransomware Detection and Protection Securing Windows Endpoints, the Cloud, and Infrastructure Using Microsoft Intune, Sentinel, and Defender
You'll then explore ransomware countermeasures in different segments, such as Identity and Access Management, networking, Endpoint Manager, cloud, and infrastructure, and learn how to protect against attacks. As you move forward, you'll get to grips with the forensics involved in making im...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
Birmingham
Packt Publishing, Limited
2023
|
| Edition: | 1st edition |
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Looking at the big picture
- Identity-based attacks
- How are vulnerabilities utilized for attacks?
- Monitoring vulnerabilities
- Summary
- Chapter 2: Building a Secure Foundation
- Zero-trust design principles
- Identity pillar
- zero-trust maturity
- Device pillar
- zero-trust maturity
- Network pillar
- zero-trust maturity
- Application pillar
- zero-trust maturity
- Data pillar
- zero-trust maturity
- Network access
- Vulnerability and patch management
- Vulnerability management example for PrintNightmare
- Identity and access control
- User life cycle management
- Protecting the domains
- Protecting the content and URLs
- Other countermeasures
- Summary
- Chapter 5: Ransomware Countermeasures
- Microsoft Azure Workloads
- Technical requirements
- Network segmentation and design
- Identity and access management in Microsoft Azure
- Hub-and-spoke virtual networks
- The anatomy of a VM in Azure
- Microsoft Defender for Servers
- Azure Policy
- Azure Backup
- Overall recommendations for Azure-based workloads
- Summary
- Chapter 6: Ransomware Countermeasures
- Networking and Zero-Trust Access
- Attackers and lateral movement
- Ensuring strong passwords and authentication methods
- Role-based access control and using least privilege
- Security logging and monitoring
- A secure foundation within Microsoft Azure
- Summary
- Part 2: Protect and Detect
- Chapter 3: Security Monitoring Using Microsoft Sentinel and Defender
- Technical requirements
- Understanding Microsoft Sentinel and Microsoft Defender
- Designing and implementing Microsoft Sentinel
- Collecting logs and data sources
- Performing Kusto and log queries
- Seeing the full picture
- Creating analytics rules and handling incidents
- Analytics rules
- Ransomware detection
- looking for initial compromise
- Detecting vulnerabilities with Defender
- Summary
- Chapter 4: Ransomware Countermeasures
- Windows Endpoints, Identity, and SaaS
- Technical requirements
- Securing endpoints
- ASR rules
- Microsoft Defender and antimalware
- Update management
- Securing Microsoft Office apps
- Securing the web browser
- Other miscellaneous endpoint countermeasures
- DNS filtering
- PowerShell
- SMB protocol
- LOLBins
- Default applications
- Securing user identity
- Securing Active Directory
- Securing email services
- Cover
- Title Page
- Copyright and Credits
- Contributors
- About the reviewers
- Table of Contents
- Preface
- Part 1: Ransomware Basics
- Chapter 1: Ransomware Attack Vectors and the Threat Landscape
- Evolution of ransomware
- Attack vectors
- Exploiting known vulnerabilities
- Access through credential stuffing
- Access through brute-force attacks
- Access through a compromised workstation or end user machine
- How does ransomware work?
- Diavol ransomware
- Conti ransomware
- Sodinokibi/REvil ransomware
- LockBit ransomware
- The latest additions