July 2, 2026

Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]

Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]
Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]
M365 FM Podcast
Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]
Apple Podcasts podcast player iconSpotify podcast player iconYoutube Music podcast player iconSpreaker podcast player iconPodchaser podcast player iconAmazon Music podcast player icon

Traditional cybersecurity focuses on vulnerabilities, alerts, and dashboards. Attackers don't. They look for opportunities, weak identities, exposed cloud resources, excessive permissions, forgotten endpoints, and misconfigurations they can chain together into a successful attack. In this episode of the M365 FM Podcast, host Mirko Peters takes a unique approach by stepping into the role of the attacker while Microsoft Security MVP and Microsoft Certified Trainer Uros Babic defends a modern Microsoft environment using Microsoft Security Exposure Management, Microsoft Defender XDR, Microsoft Sentinel, Security Copilot, and Zero Trust principles. Instead of discussing security theory, this episode follows a realistic attack scenario from reconnaissance and phishing to privilege escalation, lateral movement, ransomware, and data exfiltration. Along the way, Uros explains how organizations can stop attackers before they reach critical assets by focusing on exposure rather than simply fixing vulnerabilities. The discussion demonstrates why modern security operations are shifting from reactive incident response to proactive risk reduction powered by Microsoft's latest security technologies.

THINKING LIKE AN ATTACKER
The episode begins with one fundamental mindset shift: attackers don't see security dashboards or compliance reports—they see attack paths. Uros explains why organizations should stop asking "How many vulnerabilities do we have?" and instead ask "Which attack path would an attacker exploit first?" Topics include:

  • Social engineering
  • Phishing attacks
  • Credential theft
  • Privilege escalation
  • Lateral movement
  • Ransomware
  • Data exfiltration
  • Insider threats
  • Supply chain attacks
  • Cloud misconfigurations
Understanding how attackers think is becoming one of the most valuable skills for every modern security team.

MICROSOFT SECURITY EXPOSURE MANAGEMENT
One of the central topics is Microsoft's Security Exposure Management platform. Unlike traditional vulnerability management, Exposure Management connects identities, endpoints, cloud resources, permissions, applications, and attack paths into a single security graph that helps organizations prioritize what actually matters. Rather than fixing thousands of isolated vulnerabilities, security teams can identify the fastest route an attacker could take to reach Tier-0 assets and eliminate those paths before they are exploited. The discussion covers:
  • Exposure Graph
  • Attack Path Analysis
  • Attack Surface Management
  • Risk Prioritization
  • Critical Asset Protection
  • Continuous Threat Exposure Management (CTEM)
  • Microsoft Defender Portal
  • Multi-cloud visibility
AI, SECURITY COPILOT & AGENTIC SECURITY
Artificial Intelligence is transforming cybersecurity for both defenders and attackers. Uros explains how Microsoft Security Copilot helps security analysts investigate incidents faster, summarize complex alerts, analyze malicious scripts, recommend remediation steps, and automate repetitive SOC workflows. The conversation also explores how AI agents introduce entirely new security challenges. Organizations must now secure AI agents just like human identities by applying Conditional Access, Microsoft Entra ID, Identity Protection, Microsoft Purview, and governance policies. As enterprises deploy more AI-powered assistants, securing Agentic AI becomes a critical part of every Zero Trust strategy.

ZERO TRUST IN THE AGE OF AI
Zero Trust remains one of Microsoft's core security principles—but AI changes how organizations must apply it. The discussion explores how Zero Trust combines with Exposure Management to answer an even more important question: "Even if nothing is trusted, what can an attacker still exploit?" Topics include:
  • Identity Protection
  • Conditional Access
  • Passwordless Authentication
  • Managed Devices
  • Microsoft Entra ID
  • Defender for Cloud Apps
  • Microsoft Purview
  • AI Governance
  • Security Policies
The result is a proactive security model that continuously reduces exposure instead of simply responding to incidents.

BUILDING A MODERN SECURITY OPERATIONS CENTER
Many organizations still measure security success by counting alerts or tracking ticket volumes. Uros explains why these metrics often create a false sense of security. Modern SOC teams should instead focus on:
  • Exposure reduction
  • Attack path elimination
  • Tier-0 asset protection
  • Critical exposure remediation
  • MITRE ATT&CK coverage
  • Identity risk reduction
  • Security posture improvements
By measuring business risk instead of operational activity, security teams become far more effective against today's sophisticated attackers.

CYBERSECURITY CAREERS AND COMMUNITY
Beyond technology, Uros shares valuable career advice for professionals interested in cybersecurity. He recommends building strong networking and infrastructure fundamentals before specializing in cloud security and emphasizes that practical hands-on experience is often more valuable than collecting certifications alone. The conversation also covers learning platforms, Microsoft certifications, community engagement, and the importance of continuously adapting as cybersecurity evolves alongside AI.

WHO SHOULD LISTEN?
This episode is ideal for:
  • Security Architects
  • SOC Analysts
  • Microsoft 365 Administrators
  • Azure Engineers
  • Cloud Architects
  • IT Decision Makers
  • Microsoft MVPs
  • Security Consultants
  • CISOs
  • DevSecOps Engineers
  • Anyone responsible for securing Microsoft environments
Whether you're deploying Microsoft Defender XDR, Microsoft Sentinel, Microsoft Security Copilot, Microsoft Entra, Microsoft Purview, or simply looking to better understand how modern attackers operate, this episode provides practical insights into building a proactive security strategy. If you want to stop reacting to security incidents and start thinking like an attacker, this conversation offers a comprehensive look at why Microsoft Security Exposure Management is becoming one of the most important innovations in enterprise cybersecurity.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

🚀 Want to be part of m365.fm?

Then stop just listening… and start showing up.

👉 Connect with me on LinkedIn and let’s make something happen:

  • 🎙️ Be a podcast guest and share your story
  • 🎧 Host your own episode (yes, seriously)
  • 💡 Pitch topics the community actually wants to hear
  • 🌍 Build your personal brand in the Microsoft 365 space

This isn’t just a podcast — it’s a platform for people who take action.

🔥 Most people wait. The best ones don’t.

👉 Connect with me on LinkedIn and send me a message:
"I want in"

Let’s build something awesome 👊

1
00:00:00,000 --> 00:00:08,640
Yeah, welcome back to another edition of the MC65FM podcast where we bring you conversations

2
00:00:08,640 --> 00:00:13,960
with MbP's, engineers, architects and community leaders shaping the future of Microsoft

3
00:00:13,960 --> 00:00:14,960
technology.

4
00:00:14,960 --> 00:00:17,720
Today, episodes, it's a little bit different.

5
00:00:17,720 --> 00:00:19,960
Usually, we interview expert today.

6
00:00:19,960 --> 00:00:26,560
I'm going to be the attacker by going to simple break into URO's Microsoft environment,

7
00:00:26,560 --> 00:00:31,520
gather intelligence, deal credentials, move through the network, reach the growing

8
00:00:31,520 --> 00:00:35,440
uwits and hopefully not get catched.

9
00:00:35,440 --> 00:00:41,200
Yeah, thank you today's guest is a Microsoft leading security expert, URO's Babich, is

10
00:00:41,200 --> 00:00:47,000
a Microsoft security MbP, Microsoft certified trainer and lead product engineer for Microsoft

11
00:00:47,000 --> 00:00:52,560
security, deaf ops and a software-1 global center of excellence.

12
00:00:52,560 --> 00:01:00,000
We design enterprise SOC solutions using Microsoft Defender, Microsoft Sentinel security co-pilot,

13
00:01:00,000 --> 00:01:02,520
automation, Microsoft security, expose management.

14
00:01:02,520 --> 00:01:08,760
So today, if we can stop, if he can swap me with me, I succeed.

15
00:01:08,760 --> 00:01:10,400
URO's, are you ready?

16
00:01:10,400 --> 00:01:12,520
Yeah, thank you, Mirko.

17
00:01:12,520 --> 00:01:19,480
Thank you for joining me on this session and looking forward to discuss a very important topic.

18
00:01:19,480 --> 00:01:28,760
Because today, I want you to forget how usually look like in our security because your

19
00:01:28,760 --> 00:01:35,800
inertia attacker don't see our environment the way you do.

20
00:01:35,800 --> 00:01:43,480
They don't see dashboard, severity, no, 100 open ticket.

21
00:01:43,480 --> 00:01:46,200
They see opportunity.

22
00:01:46,200 --> 00:01:50,480
And that is very important, that is very challenge.

23
00:01:50,480 --> 00:01:53,640
They see some pet, interesting pet.

24
00:01:53,640 --> 00:01:59,440
And they see the fastest way to something very valuable.

25
00:01:59,440 --> 00:02:10,280
And actually, the problem is for many organizations are still fixing vulnerability in isolation,

26
00:02:10,280 --> 00:02:15,360
while attacker actually try to change them together.

27
00:02:15,360 --> 00:02:24,600
And in this our co-versation, in this session, it is very important to going to think like

28
00:02:24,600 --> 00:02:31,560
what you mentioned, like attacker, and understand not just what is vulnerable, but what is

29
00:02:31,560 --> 00:02:37,680
actually exposed, publicly exposed.

30
00:02:37,680 --> 00:02:43,880
And that is exactly where Microsoft security has for sure management help us.

31
00:02:43,880 --> 00:02:56,680
And that is actually game changer because it is help to identify, to prioritize, to the

32
00:02:56,680 --> 00:03:00,280
break attack pet that's really major.

33
00:03:00,280 --> 00:03:03,640
And that is the future for our modern stock.

34
00:03:03,640 --> 00:03:13,840
I love to say the future of a Celtic stock because we are the most AI now.

35
00:03:13,840 --> 00:03:18,440
But it's a center question how we protect our agent.

36
00:03:18,440 --> 00:03:26,880
And I love to say also what is the subject of elevation and etc.

37
00:03:26,880 --> 00:03:34,800
That is interesting when many organizations like I don't know before 15 days we have a

38
00:03:34,800 --> 00:03:45,800
situation with some agent is Dini, some sub-engine is not properly secure security

39
00:03:45,800 --> 00:03:50,560
configure and by security policy.

40
00:03:50,560 --> 00:04:01,000
And we must prioritize because, a entropic disable for example, FABL and METUS, it is great

41
00:04:01,000 --> 00:04:10,120
example why we rely on external agent tools without governance is actually risky.

42
00:04:10,120 --> 00:04:19,440
And if my employee, your employee are using our many AI tools for example, your data is

43
00:04:19,440 --> 00:04:26,680
effectively subject of some policy outside of your organization include the regulatory

44
00:04:26,680 --> 00:04:29,200
decision you don't control.

45
00:04:29,200 --> 00:04:34,160
And that is also the challenge and that is also the risk.

46
00:04:34,160 --> 00:04:43,040
In this central I love to amface something very important what we discuss under the beginning

47
00:04:43,040 --> 00:04:45,480
of our our conversation.

48
00:04:45,480 --> 00:04:54,960
We are facing with the challenge main cyber attack but into the cloud.

49
00:04:54,960 --> 00:05:05,560
The first actually your mansion is some kind of uncontrolled misconfiguration exploit.

50
00:05:05,560 --> 00:05:12,960
An attacker take advantage of fully configured cloud service.

51
00:05:12,960 --> 00:05:22,640
What is publicly accessible like storage bucket like overage permission identity access

52
00:05:22,640 --> 00:05:30,040
manager role to gay are authorized are says to our sensitive data.

53
00:05:30,040 --> 00:05:36,840
The great example is credential that great example is account compromise because we are

54
00:05:36,840 --> 00:05:43,240
facing with a lot of fishing brute force attack.

55
00:05:43,240 --> 00:05:50,400
Credential staffing are used to hear cloud account after leaving to a lot many lots of

56
00:05:50,400 --> 00:05:57,600
movement without cloud environment without any control user nomination early face for

57
00:05:57,600 --> 00:06:05,960
attack and the challenges how we can stop in the fast way.

58
00:06:05,960 --> 00:06:18,320
How we using to our tools in better efficient way because modern us were complying now include

59
00:06:18,320 --> 00:06:24,080
many many other challenge and clip cloud data.

60
00:06:24,080 --> 00:06:29,920
Pression with the third party clients partners for us to take with combination with data

61
00:06:29,920 --> 00:06:34,320
solution the next step is privilege installation.

62
00:06:34,320 --> 00:06:42,920
With data solution that is the great the margin but for a large input for many organization

63
00:06:42,920 --> 00:06:57,400
and for the money also for the reputation and actually we are facing also what is I so

64
00:06:57,400 --> 00:07:03,880
big challenge is the cloud base of the supply chain is also targeting but attacker compromise

65
00:07:03,880 --> 00:07:11,520
widely using some library or services to affect multiple organization and what a mission

66
00:07:11,520 --> 00:07:19,360
AI AI with the machine learning with the system exploit with the poison threatening data

67
00:07:19,360 --> 00:07:21,520
with the steel model.

68
00:07:21,520 --> 00:07:29,200
I wait with many other challenge to use AI to generate the commencing fishing or some

69
00:07:29,200 --> 00:07:40,520
defake context and because cloud environments with the malware design it is a great example

70
00:07:40,520 --> 00:07:52,800
for Kubernetes for docker a container security under eyes often stealing some API key talk

71
00:07:52,800 --> 00:08:03,200
and secret and that is that is very usual that is very common attack perspective weak

72
00:08:03,200 --> 00:08:11,320
misconfiguration access control can lead for example to unauthorized access for many Azure

73
00:08:11,320 --> 00:08:20,440
as to simply in stroke past or policy and MFA I love to say past or less without any

74
00:08:20,440 --> 00:08:28,520
password using strong multifacare authentication with the fish persians mechanism it is it is

75
00:08:28,520 --> 00:08:39,520
a good start so I think before I take your organization I start with social engineering

76
00:08:39,520 --> 00:08:49,240
so yeah it was can you tell us a little bit about yourself and and how your journey begins

77
00:08:49,240 --> 00:08:52,320
into cyber security.

78
00:08:52,320 --> 00:09:04,520
I am actually more than 20 years in cyber security start for my own premise I was actually system

79
00:09:04,520 --> 00:09:13,760
admin in Windows server environment and work with with a lot of on premise and who the

80
00:09:13,760 --> 00:09:24,240
two and lead to writing I remember 2016 and 2017 is migration actually from standard on

81
00:09:24,240 --> 00:09:38,760
premise and from on premise bare metal to cloud and actually my work is because the client

82
00:09:38,760 --> 00:09:48,560
often work in hybrid environment and move from the know but we also working for how environment

83
00:09:48,560 --> 00:09:57,080
but that is actually how I shift my knowledge my experience step by step in these 20 years

84
00:09:57,080 --> 00:10:06,160
and of course everything is changed shift and thinking and attack perspective and previous

85
00:10:06,160 --> 00:10:16,000
could be have other focus now we have more sophisticated focus how we can use the modern

86
00:10:16,000 --> 00:10:24,960
modern tool because you know we are facing with a lot of duct tape that data what means without

87
00:10:24,960 --> 00:10:33,360
any control in the cloud and the first question is before you define what is your sensitivity

88
00:10:33,360 --> 00:10:39,360
data do you know what is your sensitivity data how you protect your sensitive data in the

89
00:10:39,360 --> 00:10:47,160
cloud do you know how it looks like your data flow do you know what is managed and how

90
00:10:47,160 --> 00:10:54,400
you can manage your device or your device is under your control that is the first steps

91
00:10:54,400 --> 00:11:04,800
and yes very good exposure management give you a lot of opportunity but but in me must

92
00:11:04,800 --> 00:11:15,120
thinking very predicate and actually the great way is actually Microsoft security exposure

93
00:11:15,120 --> 00:11:22,080
management about why you love to discuss today how is shifting security from a reactive perspective

94
00:11:22,080 --> 00:11:33,040
to actually from reactive incident response to pro active risk reduction that is my focus

95
00:11:33,040 --> 00:11:46,640
and I love to continuously more the last five years to map my attack surface management

96
00:11:46,640 --> 00:12:01,280
and actually identify exposure across identity across endpoints across cloud across application

97
00:12:01,280 --> 00:12:13,360
and how I can prioritize my work and what is actually metric in that way that is crucial and

98
00:12:13,360 --> 00:12:24,320
that is that is a very good approach how we can do in our daily operation because also I love

99
00:12:24,320 --> 00:12:37,200
to mention I worked in day to day operation with the SOC team 24 hours critical asset critical resource

100
00:12:37,200 --> 00:12:48,320
incident other thing and what is the core message how we as for sure is not equal vulnerability we

101
00:12:48,320 --> 00:12:55,360
have vulnerability we have individual issue with common vulnerability as for score be the

102
00:12:55,360 --> 00:13:03,840
lot of misconfiguration what I mentioned before but exposure is actually how attacker actually

103
00:13:03,840 --> 00:13:14,720
chain goes issue together the key the key idea it is not about the fixing everything it is about fixing

104
00:13:14,720 --> 00:13:24,080
what attacker really exploit the first and that is that is a tricky and why that is why I love to

105
00:13:24,080 --> 00:13:34,480
am phasing I know no attack surface management the first thing I was thinking how discover attacker

106
00:13:34,480 --> 00:13:45,280
try to discover my asset from no from unknown and I have external option I have internal option

107
00:13:45,280 --> 00:13:53,280
that is also the case when you're conducting some internal or external pen test activity but

108
00:13:53,280 --> 00:14:02,720
exposure graph is very good option how you can identify security dependency method how show

109
00:14:02,720 --> 00:14:15,200
your weakness actually connecting into many attack path and the next step is how we can prioritize

110
00:14:15,200 --> 00:14:29,040
real risk and allow to make a question many time myself what is the fact aspect to domain admin

111
00:14:29,040 --> 00:14:42,400
or global admin for my critical assets and that is also attacker perspective show me I don't know show

112
00:14:42,400 --> 00:14:52,800
me top exposure affecting tier zero assets how I can help my analyst to reason faster and this is

113
00:14:52,800 --> 00:15:01,920
very important topic very important to point when we starting to work with this shift how

114
00:15:01,920 --> 00:15:09,360
well after say we have all so security operation center alert driven now manage sock modern sock

115
00:15:09,360 --> 00:15:20,320
thinking line attacker risk driven after attack no it is important proactive approach before attack

116
00:15:20,320 --> 00:15:35,280
and noise on overload how we can prioritize exposure management I love to to give you some real

117
00:15:35,280 --> 00:15:46,960
reward feeling how we work how we project our initiative with some practical scenario imagine some

118
00:15:46,960 --> 00:15:57,120
misconfiguration service account combined with device vulnerability and excessive permission

119
00:15:58,400 --> 00:16:07,360
individual that is not aren't critical but together they create path to domain admin

120
00:16:07,360 --> 00:16:17,600
extreme show management will be fine and purify that change that is good and this is actually answer

121
00:16:17,600 --> 00:16:29,840
how I shift myself from seco to DevOps for many automation in in the last in the last five years that is

122
00:16:29,840 --> 00:16:36,160
that is answer for a wish okay so I'm the checker so I try to bring you a little bit out of the concept

123
00:16:36,160 --> 00:16:44,720
so if you had an animal what name will you give him a name yeah

124
00:16:45,840 --> 00:16:55,600
with animal layer or something like that okay then I google now your your your birthday and I copy paste

125
00:16:55,600 --> 00:17:02,960
your email address from link that now I am in your your channel yeah yeah yeah yeah yeah correct

126
00:17:02,960 --> 00:17:10,800
very good yeah yeah let us a little bit short talk about the topic inside of risk

127
00:17:13,600 --> 00:17:21,040
what did you think how how big is this part actually of further the new checks the AI

128
00:17:21,040 --> 00:17:31,520
yes that is that is a good question the central question I actually have a lot of discussion

129
00:17:31,520 --> 00:17:42,960
about this topic the last one month we have a lot of AI agents now in two direction the first is

130
00:17:43,920 --> 00:17:52,880
a agent in security copilot for AI with some conditional access optimization agent to

131
00:17:52,880 --> 00:17:59,280
reveal your depping conditional access policy very good for security baseline in Microsoft

132
00:17:59,280 --> 00:18:07,840
365 tenant show some security analyst is very interesting now you you have direct chat now

133
00:18:08,560 --> 00:18:17,920
with two security consul should unit to replace your for example to be good thank your security analyst

134
00:18:17,920 --> 00:18:26,240
not replace really because we must get you an interaction but for your vulnerability management for

135
00:18:26,240 --> 00:18:33,200
your security score for your custom very language or a lot of questions with primary

136
00:18:33,200 --> 00:18:42,480
discoloration a lot of questions from for for a later a moment pet that is very interesting point and

137
00:18:42,480 --> 00:18:51,520
the the central question yes is elevation privilege this agent I have a lot of discussion

138
00:18:51,520 --> 00:18:59,360
and explain a lot of during the session but I love to have phasing something

139
00:19:02,880 --> 00:19:13,120
why AI agent should be threat as the first class identity how we can simulate data leakage scenario

140
00:19:13,120 --> 00:19:22,560
for many company and that in entry protection how to enforce conditional access policy how to

141
00:19:22,560 --> 00:19:33,200
respond to agent incident from isolate anomaly because the central question is elevation

142
00:19:33,200 --> 00:19:45,040
but when use the many new interact with copilot agent on custom AI workflow the agent doesn't

143
00:19:46,000 --> 00:19:57,200
just answer question it act it call Microsoft graph it reads from share point but it query exchange

144
00:19:57,200 --> 00:20:05,920
it doesn't all the using delegate of application permission that we granted integration time

145
00:20:05,920 --> 00:20:13,040
and we forget that and we we we are facing with a lot of elevation of permission

146
00:20:13,840 --> 00:20:21,040
and the behavior is actually makes AI agent functionality equivalent to some

147
00:20:21,040 --> 00:20:30,640
I know well service principle manage identity in terms of access scope and this is exactly why

148
00:20:30,640 --> 00:20:39,200
Microsoft enter now that again the identity and the first class subject in identity plan

149
00:20:39,200 --> 00:20:47,120
all of us use the device and work load the center question is how we to protect to our sensitive

150
00:20:47,120 --> 00:20:55,360
information go outside when we have interaction of scope i vote great example is maybe data security

151
00:20:55,360 --> 00:21:02,720
poster management for AI on Microsoft review you can use in deal peak policy in combination the

152
00:21:02,720 --> 00:21:13,760
protection and detect some your sensitive data when you have but security joy journey is actually

153
00:21:13,760 --> 00:21:22,480
provide some very good framework in my opinion what we first identify with AI agent in

154
00:21:22,480 --> 00:21:30,480
Microsoft entry agent agent preview protect with hondesh initial access policy detect with identity

155
00:21:30,480 --> 00:21:38,080
protection in enter ID and security copilot respond with defender

156
00:21:38,080 --> 00:21:43,200
automatic access block and session termination using some

157
00:21:43,200 --> 00:21:51,280
conditional access or defender is the air capability and finally don't forget optimization

158
00:21:52,480 --> 00:22:02,640
continuous policy analysis get identification with and this is actually the six act and

159
00:22:02,640 --> 00:22:12,320
how we understand you are using very useful you often interacting with the pilot agent customer agent

160
00:22:12,320 --> 00:22:21,280
with share point online with the exchange line micro graph API and we have access the data access

161
00:22:21,280 --> 00:22:31,040
we have sensitive content access accessing file and folders critical outside and that is realistic data

162
00:22:31,040 --> 00:22:39,760
leakage scenario. Miscofegration agent without any control orchestration layer it will be

163
00:22:39,760 --> 00:22:48,240
challenged in the next period of time we can use many protection mechanism but the central question

164
00:22:48,240 --> 00:22:59,600
how we use sound automation response to block to terminate tool login in scope for our automatic

165
00:22:59,600 --> 00:23:14,160
blocking via some policy when we have risk agent in in in in Fox and you can use many many very

166
00:23:14,160 --> 00:23:25,280
good good tool like defender for how depths like micro solution in many many additional

167
00:23:25,280 --> 00:23:34,240
capability in that way. Yeah, Microsoft have a topic I think in years they say zero trust zero

168
00:23:34,240 --> 00:23:42,880
trust zero trust for devices zero trust for users zero trust for applications how have zero trust

169
00:23:42,880 --> 00:23:53,120
change in the age of AI. Yes, very good question and we have a lot of

170
00:23:53,120 --> 00:24:01,200
opportunity in that way. Yes, your mission very

171
00:24:01,200 --> 00:24:10,720
actually we can use some blend expert for management with the zero trust

172
00:24:11,840 --> 00:24:21,040
mindset instead to move step by step to change identity and point mis-confiduration permission

173
00:24:21,040 --> 00:24:32,560
into the path because for attacker perspective attacker don't care about your security model

174
00:24:32,560 --> 00:24:41,360
that is very interesting and they don't respect boundary they don't respect your your zero trust

175
00:24:41,360 --> 00:24:50,240
and they definitely don't follow your priority list because zero trust reduce trust but for

176
00:24:50,240 --> 00:24:59,200
example in combination in expert management we can it can be show you where you still exposed

177
00:24:59,200 --> 00:25:08,320
if so if nothing is trusted it is real question becomes what is still exploitable and connect zero

178
00:25:08,320 --> 00:25:19,600
trust with special management that is maturity angel and position you in in that way but zero trust

179
00:25:19,600 --> 00:25:27,280
in combination for for AI it will be it will be challenged

180
00:25:31,520 --> 00:25:43,040
surely with the identity AI when we when we have when we have the real scenario we when we have

181
00:25:43,040 --> 00:25:50,880
because because the trust is in age of again TKI

182
00:25:51,600 --> 00:25:58,640
a retinking security special for a for my opinion and the fixing special not just all it

183
00:25:58,640 --> 00:26:08,720
we are using angelic AI and especially the driven security in combination for our future

184
00:26:08,720 --> 00:26:18,480
modern stock and zero trust in in in conclusion is not enough you must use many other

185
00:26:19,280 --> 00:26:26,960
solution like special management but you implement zero trust model now with the AI but why

186
00:26:26,960 --> 00:26:36,880
is still exposed that is that is again TKI plus zero trust why attacker still actually win

187
00:26:36,880 --> 00:26:50,240
a how to stop in in in in in the either part and the I love to explore and thinking shift our focus

188
00:26:50,240 --> 00:26:57,440
how combines zero trust with micro security special management and again TKI all of us to

189
00:26:57,440 --> 00:27:06,480
finally shift from reacting to others to proactively breaking attacker pets for example before they

190
00:27:06,480 --> 00:27:14,080
ever use that is the modern stock and just zero trust limit access as per show management show where

191
00:27:14,080 --> 00:27:22,800
the attacker still win and that is a good approach for agent TKI agent TKI doesn't just detect threats

192
00:27:22,800 --> 00:27:32,720
they understand them it will be challenged and very good question so the question is no longer

193
00:27:33,760 --> 00:27:44,320
do we trust this it's can attacker still get true and it is it is the right approach

194
00:27:44,320 --> 00:27:53,360
breadball narrative into our our focus in the next period of time and thank you for this

195
00:27:53,360 --> 00:28:01,360
special um microsoft had had a lot of security tools I say Microsoft peer view your data security

196
00:28:01,360 --> 00:28:09,280
Microsoft in tune for device management Microsoft enter for identity Microsoft sent in it for

197
00:28:09,280 --> 00:28:18,400
yeah collecting detecting threats then they have uh not known I have forgotten for what was it

198
00:28:18,400 --> 00:28:28,320
and and and they have a defend or a lot of defenders but you're a specialist in Microsoft

199
00:28:28,320 --> 00:28:36,400
security expelers management is there's a true or what is it is a framework yeah that is that is

200
00:28:36,400 --> 00:28:46,640
good question uh how we can start with with special management uh that is combination your answer is

201
00:28:46,640 --> 00:28:58,000
combination uh this is I love to say more security solution provide for you unify view security

202
00:28:58,000 --> 00:29:05,120
posture across many organizations have all called the endpoint cloudless for I don't know my

203
00:29:05,120 --> 00:29:12,480
cellar that surface and security as for show management give you all asset information

204
00:29:12,480 --> 00:29:21,040
with security context and help you here to be proactive manage at a surface pro protect critical

205
00:29:21,040 --> 00:29:32,240
assets and explore and mitigate some special risk in digital state but actually now standard

206
00:29:32,240 --> 00:29:39,760
integration is with the defender for cloud because defender for cloud now is moving for a

207
00:29:39,760 --> 00:29:50,640
easier portal to defender portal uh not only for uh ager it is now be talking about multi-tenth

208
00:29:50,640 --> 00:29:58,480
and multi management across ager a a a a a a a a a a a a a a a a a a a a w s and gcp we are

209
00:29:58,480 --> 00:30:06,880
defend for cloud integration alongside traditional on premise single uh this unify approach graph

210
00:30:07,600 --> 00:30:14,240
expo show graph give you for example i don't know device your identity or cloud assets

211
00:30:14,240 --> 00:30:21,840
external atox surface management along with the gardener continuous threat expo show management

212
00:30:21,840 --> 00:30:30,880
in general to your answer is both this is some kind of framework but also provide for many many

213
00:30:30,880 --> 00:30:42,640
great opportunity great security tool uh and you can uh actually uh who is use this for example

214
00:30:42,640 --> 00:30:51,600
for my perspective security compliance having to improve your organization security post security

215
00:30:51,600 --> 00:31:02,080
operation guys uh need to visibility into data into your flow a workflow across uh many organization

216
00:31:02,080 --> 00:31:09,040
in order to detect in order to investigate in order to mitigate security threats the third category

217
00:31:09,040 --> 00:31:14,800
what you mentioned at the beginning of our organization very important topic is security

218
00:31:14,800 --> 00:31:22,800
architect architect is responsible to solving some issue in order of security poster management

219
00:31:22,800 --> 00:31:30,000
and our spisto i don't know chief security information officer uh with some decision makers

220
00:31:30,000 --> 00:31:36,480
who need inside into organization atox surface management they should manage being in order to

221
00:31:36,480 --> 00:31:43,920
address better understand security risk in organization the uh what is uh very important for our

222
00:31:43,920 --> 00:31:51,680
discussion to understand now vulnerability management is moving from traditional environment

223
00:31:51,680 --> 00:32:01,680
and point environment to uh expo show management and actually this is easy answer combination

224
00:32:01,680 --> 00:32:10,000
vulnerability with the risk management it is a great uh great and what can i do with this

225
00:32:10,000 --> 00:32:19,200
i can use unify view across many organizations with my asset ten points cloud environment

226
00:32:19,200 --> 00:32:27,040
external atox surface management managing investigation atox surface in order to visualize something

227
00:32:27,040 --> 00:32:36,800
i don't know uh analyze this manager uh and the other surface spending on premise and hybrid environments

228
00:32:36,800 --> 00:32:45,520
that is also very very important topic to to understand and i can discover i can say regard my critical

229
00:32:45,520 --> 00:32:53,040
asset i can manage the exposure tool to manage security exposure and mitigate many exposure risk

230
00:32:53,040 --> 00:33:03,760
and i can finally manage and investigate atox surface management with graph schema with a lot of

231
00:33:03,760 --> 00:33:12,320
another and the last topic what is important here for our discussion what you mentioned with the

232
00:33:12,320 --> 00:33:24,800
Sentinel but uh yes Sentinel is a cloud native security management system uh to connect uh many

233
00:33:24,800 --> 00:33:34,000
data sources but here we can uh with security as such management we can connect our data connector

234
00:33:34,720 --> 00:33:44,240
to integrate with the different security solution uh uh and data sources including external vendor

235
00:33:44,240 --> 00:33:55,680
rapid seven i will know cloud many other platform tenable callies uh uh a service now into single

236
00:33:55,680 --> 00:34:02,720
unify view uh esposh management graph and that is good that is fine and finally you can

237
00:34:02,720 --> 00:34:09,600
i will give you a deeper insight into security push for integrity data for various environment and

238
00:34:09,600 --> 00:34:17,440
external sources uh four years uh i think companies often think oh we have all these tools we pay

239
00:34:17,440 --> 00:34:24,080
Microsoft on the security and um yeah Microsoft they know and know and uh a lot of companies start

240
00:34:24,080 --> 00:34:32,160
to build their cyber security teams or have a partner for this topic but now it's

241
00:34:33,040 --> 00:34:39,280
i think a really new product it's the Microsoft security co-pilot uh and i think uh i got the

242
00:34:39,280 --> 00:34:49,920
sheep son of security expert and i paid in 60 uh european hour uh and now i can can get it four for six

243
00:34:49,920 --> 00:34:58,160
yes that is the interesting you know uh we are in areas security co-pilot and

244
00:34:58,800 --> 00:35:10,480
agente kai and actually uh you can use security co-pilot with uh as a core feature in your security

245
00:35:10,480 --> 00:35:21,600
quest for use some interesting use case uh many interesting for example you know i give you some

246
00:35:21,600 --> 00:35:31,440
great example wise from my perspective uh needed uh incident summarization it is better for you

247
00:35:31,440 --> 00:35:39,280
for your security alert to consist on actual online better connecting with your vulnerability uh

248
00:35:39,280 --> 00:35:46,960
basis uh data basis impact analysis ask the potential impact of security incidents

249
00:35:47,600 --> 00:35:53,920
at enable quicker response time uh reverse engineering you can put all your malicious

250
00:35:53,920 --> 00:36:02,000
scripts in security co-pilot to analyze this complex line script and translate into natural

251
00:36:02,000 --> 00:36:10,400
language with clear explanation uh of action without move to any digital forensic station you can

252
00:36:10,400 --> 00:36:17,600
use primarily binary first respondent forensic uh with security co-pilot and why the response

253
00:36:17,600 --> 00:36:25,600
step by step willens for incident response for example uh how you can automatically lock your account

254
00:36:25,600 --> 00:36:33,120
how you can automatically disable your account is your account for rest of the network uh the next steps

255
00:36:33,120 --> 00:36:41,040
for your recommendation for better uh security score everything including in right direction for

256
00:36:41,040 --> 00:36:49,040
triage for investigation for containment incident for a mediation critical part of your security

257
00:36:49,040 --> 00:37:00,560
management and this is very good uh and after that you have many uh agente kai with security co-pilot

258
00:37:02,160 --> 00:37:08,960
you can use uh 30-tellage's briefing agent to automatically create relevant and timely

259
00:37:08,960 --> 00:37:16,800
intelligence report you can use uh conditional access optimization to for your uh uh get

260
00:37:16,800 --> 00:37:26,720
insecurity policy uh uh fix for identity teams fishing three agent vulnerability remediation agent

261
00:37:26,720 --> 00:37:35,040
aint not all co-pilot in uh in preview in entra lot of lot of other challenge but that is that is

262
00:37:35,040 --> 00:37:44,080
good that is uh and yes provision capacity is uh very important to uh to know how you set your

263
00:37:44,080 --> 00:37:51,680
de-40 level and how to assign long permission how to use them with provision co-pilot capacity

264
00:37:52,560 --> 00:38:01,040
and the work with cost optimization phenopes it is great opportunity today uh especially for many

265
00:38:01,040 --> 00:38:13,920
security admin or security analysts in the cloud yeah um thank you this was really good good answer

266
00:38:13,920 --> 00:38:22,240
and let's a little bit talk about or uh or i have a question uh how is uh exposure different from

267
00:38:22,240 --> 00:38:32,640
uh value and urelities it's damn too old yeah that is very good question how is different uh you know

268
00:38:33,440 --> 00:38:42,480
our security esp- uh esp- uh esp- uh management offer uh that is important in the in-naster

269
00:38:42,480 --> 00:38:50,480
attacker can't destroy it to gain access to your data or how the rest of us and uh uh when you have

270
00:38:50,480 --> 00:39:00,080
insecure security api and point and growing necessity and microstracoolize that and uh give last

271
00:39:00,080 --> 00:39:09,280
very good program initiative for endpoint uh with good target score with uh cloud with your identity

272
00:39:09,280 --> 00:39:20,640
with your application uh and uh you have very top initiative here for uh found the re-beshma control

273
00:39:20,640 --> 00:39:26,240
zeal transfer nation this is male compromise is uh your mention

274
00:39:27,040 --> 00:39:36,000
very important topic busy small compromise is not for example classical fishing that is uh uh

275
00:39:36,000 --> 00:39:43,280
in in combination socio-engineering with many the middle attack and many other uh

276
00:39:43,280 --> 00:39:53,440
been in general it must be more and more proactive with critical asset protection to improve our

277
00:39:53,440 --> 00:40:01,840
scoring vulnerability management to uh to understand the score of history uh to devices

278
00:40:01,840 --> 00:40:11,120
special management distribution everything is related and uh uh when we know better our

279
00:40:11,120 --> 00:40:19,680
at the surface metric at the pet uh critical asset summary uh it will be definitely with this

280
00:40:19,680 --> 00:40:26,880
proactive approach uh uh uh i mentioned uh some critical pillar

281
00:40:26,880 --> 00:40:33,600
ranceover human operation ranceover is a challenge in in the last two two two years with the

282
00:40:33,600 --> 00:40:45,520
data filtration with this busy small compromise and we must shift uh uh you know uh it is very easy

283
00:40:45,520 --> 00:40:53,520
ask for your question lack of visibility lack of control uh not knowing where data is stored

284
00:40:53,520 --> 00:41:02,480
and who can uh he who has access uh two and can be risky but i can implement comprehensive

285
00:41:02,480 --> 00:41:11,200
monitoring and access management social care and hands visibility in this control and that is

286
00:41:11,200 --> 00:41:19,280
that is in in the summary there i approach uh how we can protect and how we actually shifting our

287
00:41:19,280 --> 00:41:27,520
thinking and the great question is how we can thinking like like that okay hope

288
00:41:27,520 --> 00:41:39,440
um there it's um i think our uh metra corp i think they have these um yeah and you see for e list uh

289
00:41:39,440 --> 00:41:50,720
that you think uh it's enough to handle cyber security um or have we have it there also a change

290
00:41:50,720 --> 00:41:58,800
yes very good approach we can map everything with uh my to protect framework

291
00:41:58,800 --> 00:42:07,520
we can use uh a bezel tactic technique it called on normal knowledge uh

292
00:42:07,520 --> 00:42:16,480
knowledge base of real world article behavior that is uh preposition uh pre-requisite and showing

293
00:42:16,480 --> 00:42:27,680
me how to actually operate step by step uh a key idea it doesn't focus on tool on malware but

294
00:42:27,680 --> 00:42:38,320
it focused on behavior and attack pattern meter attack framework is bej basically map of how

295
00:42:38,320 --> 00:42:48,240
I talk you think how I talk you move how I achieve the their goal inside your environment and uh that

296
00:42:48,240 --> 00:42:58,800
is the reason why I using many tactic uh in issuos kredeshwaks water movement as a iteration what

297
00:42:58,800 --> 00:43:06,400
is the attack try to achieve that is the the the the the first question and after that how

298
00:43:06,400 --> 00:43:16,720
I can use some technique like fishing pass the hash golden ticket stair skeleton key uh

299
00:43:16,720 --> 00:43:24,800
exploit vulnerability partial execution how would they achieve that and finally with a lot of

300
00:43:24,800 --> 00:43:34,800
sub technique in more detail uh with uh I don't know what a moment like SMV protocol

301
00:43:34,800 --> 00:43:44,240
RDP protocol a siltration with data transfer uh uh it shows how attacker progress across stage

302
00:43:44,240 --> 00:43:54,880
and I'm using in my approach attack attack uh a few metrics this is a very good approach and uh

303
00:43:54,880 --> 00:44:06,640
we have uh most important tactic uh I don't know our first is uh attacker getter info with

304
00:44:06,640 --> 00:44:16,560
reconnaissance uh execution initial access persistence and finally with privileges uh uh uh

305
00:44:16,560 --> 00:44:22,880
escalation for dash elaxes a lot of movement with the spread uh communication external with the

306
00:44:22,880 --> 00:44:30,080
command and control c2 server malissio server uh we have input we have damage we have ransom but

307
00:44:30,080 --> 00:44:41,040
and I love to conduct many red blue simulation uh maybe the wood uh uh to discuss for our another session

308
00:44:41,040 --> 00:44:49,680
some vocabulary detection engineering something like that to to for our resilience

309
00:44:49,680 --> 00:44:58,000
map sent in a rule with attack technique can't base behavior with the alerts uh attack show

310
00:44:58,000 --> 00:45:06,960
how attack will happen and finally if special management show you where they we will succeed

311
00:45:06,960 --> 00:45:16,400
and that is actually uh uh attacker don't think you know it they think in technique and might

312
00:45:16,400 --> 00:45:27,120
detect uh in in the conclusion it's very good blueprint of attack behavior yeah um uh I think a lot

313
00:45:27,120 --> 00:45:32,800
of executives are when they visit the cyber security team they they look at the dashboards and all

314
00:45:32,800 --> 00:45:41,440
this 80% and it's green and uh for the most are uh yeah is it uh then it's secure because it's green

315
00:45:42,240 --> 00:45:52,880
yeah um but how can an executive understand security posture without really called technical reports

316
00:45:52,880 --> 00:46:09,120
yes that is that is also uh you can control uh security score it is also important part what we

317
00:46:09,120 --> 00:46:19,600
don't mention uh with a single view of your data you're at the point with identity with data with

318
00:46:19,600 --> 00:46:32,880
application and to reveal yet uh and some identity some device some follow up location data

319
00:46:32,880 --> 00:46:42,880
cloud infrastructure um this type of consolidation enable a better proactive approach in risk management

320
00:46:42,880 --> 00:46:55,120
and inform you about decision making uh good for audit but uh uh uh uh you can also use in the many

321
00:46:56,880 --> 00:47:03,840
recommendation from Microsoft in your pro-pro-active approach for your device for your cloud from

322
00:47:03,840 --> 00:47:12,080
software to service application I don't know uh identity data with recommendation summary uh the

323
00:47:12,080 --> 00:47:25,040
center question is uh yes uncrasted uh but uh we must align in our defender uh class device

324
00:47:25,680 --> 00:47:34,480
manage device to onboard the now device to to be to be more secure uh your device and manage

325
00:47:34,480 --> 00:47:45,120
device uh without any control it will be great example of risk uh in today in uh very very sophisticated

326
00:47:45,120 --> 00:47:58,080
attack metric and uh we're facing with serious uh advanced threat uh uh groups uh and uh actually

327
00:47:58,080 --> 00:48:07,680
the lesson of although uh attacks to in the last uh uh one year tell us we must shifting

328
00:48:08,320 --> 00:48:20,000
definitely in in this in this uh in this way which metrics really are really important or which

329
00:48:20,000 --> 00:48:35,440
metrics or KPIs watch you every day yes uh actually uh metrics with the KPI how um for example

330
00:48:36,800 --> 00:48:46,240
diagram with attack with the exposure graph with attack pet how to map sentinel detection to

331
00:48:46,240 --> 00:48:56,560
attack pets uh red-blue demo using attack chain this uh this is would uh uh exercise management

332
00:48:56,560 --> 00:49:05,360
priority is attack reveals and micro-attact show your uh how attack remove but uh it doesn't tell

333
00:49:05,360 --> 00:49:12,800
which pet is the most dangerous this is wood combination to use some KPI approach

334
00:49:12,800 --> 00:49:22,160
and uh that is where aswoshu management comes in uh uh uh attack reminds them minds that

335
00:49:22,160 --> 00:49:33,440
and tell us uh tell us uh a lot of techniques to sub technique in in in that way uh uh but uh

336
00:49:34,960 --> 00:49:44,880
in in general uh this is this is uh uh um the biggest challenging modern soc is not

337
00:49:44,880 --> 00:49:53,920
like potato it is actually measuring the wrong things that is wood KPI uh the most

338
00:49:53,920 --> 00:50:00,480
stock track problem number of fellas number of incidents main time to respond time to fall

339
00:50:00,480 --> 00:50:08,480
number of close ticket the uh those are actually metric not security outcomes and you can

340
00:50:08,480 --> 00:50:16,080
close all at all day but it it will be still exposed and really what is the KPI

341
00:50:16,080 --> 00:50:26,560
too much noises KPI reward will you not quality uh no attack or context KPI don't reflect real attack pet

342
00:50:28,480 --> 00:50:37,280
everything is green but while attacker still have a pet full sense of security uh it is

343
00:50:37,280 --> 00:50:49,440
it is a lot of but uh traditional KPI we have out of volume but now i love to to discuss with you

344
00:50:49,440 --> 00:50:56,880
about exposure reduction real goals without the attack elimination with the modern KPI

345
00:50:57,680 --> 00:51:05,040
time to remediate critical exposure that is very good uh topic this is also business-imposed

346
00:51:05,040 --> 00:51:12,080
how we can cover a gem in in to meter meter attack framework with the texture quality

347
00:51:12,080 --> 00:51:20,480
how how i can identify a risk with tier zero exposure with the most critical real layer we can

348
00:51:20,480 --> 00:51:30,320
must use and what we discussed previously in agente here era that is a change in change the game

349
00:51:30,320 --> 00:51:37,600
but not processing more art but prioritize what is actually actually reduce with the

350
00:51:37,600 --> 00:51:47,120
the exposure management that is uh stop measuring activity start measuring exposure that is the message

351
00:51:48,880 --> 00:51:56,720
yeah okay um that's interesting if while you already know where i most like to attack but uh yeah

352
00:51:56,720 --> 00:52:05,760
it's time for plan B uh let's say my fishy game i worked uh what employee clicked uh what's now

353
00:52:05,760 --> 00:52:17,520
what's happened now? Very good point what's happened to you can uh if you're correctly using

354
00:52:17,520 --> 00:52:29,840
uh uh if you're correctly using uh uh microsuit free side defender you can use uh SPF the

355
00:52:29,840 --> 00:52:42,800
Kim and DeMark policy and it will uh uh if we correctly uh uh accommodate correctly protect with

356
00:52:42,800 --> 00:52:55,120
that uh the next is uh to go your fishing in quarantine and your sympians not receive this

357
00:52:55,120 --> 00:53:08,800
is mail uh security uh policy with the SPF uh DeMark and uh the Kim uh many uh other protection

358
00:53:08,800 --> 00:53:17,520
mechanism in defender is they are give you a lot of opportunity uh to settings in microsufry

359
00:53:17,520 --> 00:53:28,720
syspy environment uh for your mail for your collaboration uh uh and you have you have a lot of uh

360
00:53:29,760 --> 00:53:40,480
for example uh security policy in uh uh uh on this uh policy recommendation you can use uh

361
00:53:40,480 --> 00:53:50,240
trade policy you can use alert policy uh uh for anti-fishing anti-spam anti-malware

362
00:53:50,240 --> 00:53:56,000
save attachment to protect your organization of the malicious wanted for mail attachment save links

363
00:53:56,640 --> 00:54:03,680
protect users from opening and sharing money issues links in mail and office apps

364
00:54:03,680 --> 00:54:12,560
that is by policy but you can use many rule uh filtering mechanism is quarantine policy apply

365
00:54:12,560 --> 00:54:22,800
custom rule for quarantine uh message by using uh uh policy or created uh with them uh yes but i

366
00:54:22,800 --> 00:54:29,280
love to add something security awareness is very important and we are facing with the

367
00:54:29,280 --> 00:54:39,520
Lotus uh social engineering techniques uh this is not only to help you to we are human and uh uh

368
00:54:39,520 --> 00:54:47,280
you know uh human is weak and sleek uh inside your security and uh the the it is always

369
00:54:47,280 --> 00:54:59,760
chilling to educate our employee uh uh you can use tool uh but uh if you don't have uh mechanism to stop

370
00:54:59,760 --> 00:55:08,000
in automatically way good example for many attacker is the automatic at a disruption of the generative AI

371
00:55:08,000 --> 00:55:16,480
without human intervention to stop partial malicious activity uh with uh

372
00:55:16,480 --> 00:55:24,960
combination fishing mail in a replace of incident without any human intervention uh in automatically

373
00:55:24,960 --> 00:55:33,040
way and that is that is a good good approach for our uh for our work and ask of your own question

374
00:55:33,040 --> 00:55:41,760
you can use combination uh uh security awareness technique uh how to protect for many social

375
00:55:41,760 --> 00:55:50,800
engineering and tools uh that is a sort of a question okay uh let's say you found me but uh

376
00:55:50,800 --> 00:55:57,520
you're assuming i only compromised one account what's next yeah it is spread

377
00:55:58,640 --> 00:56:14,640
laterally and the next is your uh your uh uh aim is to compromise um uh administrative account

378
00:56:14,640 --> 00:56:22,640
so privilege account uh that is the uh if you compromise user account and after that later

379
00:56:22,640 --> 00:56:30,400
a moment through a change i don't know with pesticide techniques uh for your active directory

380
00:56:30,400 --> 00:56:39,360
the next step is data subteration combination with the ransomware activity and that is not so easy

381
00:56:39,360 --> 00:56:47,040
now we have in our cyber kill chain a lot of different technique uh technique from attacker

382
00:56:47,040 --> 00:56:56,480
perspective not one start with some fishing uh it can be more and more with different sophisticated

383
00:56:56,480 --> 00:57:06,320
techniques yeah so so i have a um congratulations you may make it me much harder than i expect but i

384
00:57:06,320 --> 00:57:14,000
am stubborn wrong uh i still doing yeah uh look after your drone you will so i will take

385
00:57:14,880 --> 00:57:20,400
sensitive data or executive mailbox global admin or your file potential

386
00:57:20,400 --> 00:57:28,080
um yeah what should we do or what should what did you do now

387
00:57:28,080 --> 00:57:39,040
i think the shit is when the shit yeah yeah that is my the previous job i was also working as a cyber

388
00:57:39,040 --> 00:57:48,000
kind investigator and we also have the last popular reactive approach in that way yes

389
00:57:48,000 --> 00:57:58,800
and many companies uh don't have any uh of course i totally don't recommend to go with any

390
00:57:59,600 --> 00:58:09,760
negotiation and conversation with attacker it will be now you know everything is in uh virtual

391
00:58:09,760 --> 00:58:23,120
voting some for example Bitcoin it will be today one zero dot eight they will be more and more

392
00:58:23,120 --> 00:58:31,760
and yes your data is locked and you don't have any possibility but there is a problem i think the key

393
00:58:31,760 --> 00:58:44,640
yeah answer is our backup in our restore procedure well disaster recovery and that is uh i

394
00:58:44,640 --> 00:58:54,720
i i i got many many uh explanation uh well where is your backup in your computer and you can have

395
00:58:54,720 --> 00:59:02,560
any external sources for your backup and thought about you know and that is the tricky and the the main

396
00:59:02,560 --> 00:59:15,520
most valuable topic here how we using our backup and restore procedure in that case is and

397
00:59:15,520 --> 00:59:21,680
if you have a good this way i think it is the win-win situation

398
00:59:21,680 --> 00:59:27,680
yeah okay so you catch me i have give all the bam bitcoins back

399
00:59:27,680 --> 00:59:36,800
so i hope we ask some time because i yeah we are running out of time i don't know if you have a few

400
00:59:36,800 --> 00:59:45,760
minutes um i have in every round i have a fact rapid fire round i ask uh some questions and uh you

401
00:59:45,760 --> 00:59:54,640
give me a short short answer it's okay yes of course okay defender or sentinel a very good question

402
00:59:54,640 --> 01:00:01,760
but it is not easy because we all defend the experience now transition from major portal to defender

403
01:00:01,760 --> 01:00:11,280
portal and sentinel is actually the part of defender now and that is us of your question

404
01:00:12,880 --> 01:00:22,080
exposure management or valuable management uh definitely um that is a tricky question

405
01:00:22,080 --> 01:00:32,160
i like i like to say both in combination with with it is not easy proactive approach

406
01:00:32,160 --> 01:00:39,200
risk but valuable management is very very important topic and to using both in in my approach

407
01:00:40,480 --> 01:00:52,320
okay um bicep or terraform uh that is of course if i using only agent i can use bicep if i

408
01:00:52,320 --> 01:01:03,040
using terraform for multi-cloud environment for AWS a gtp of course terraform is multi-cloud option

409
01:01:03,040 --> 01:01:12,960
then then bicep and the piece i'm not or ignored oh of course by default is um every p but

410
01:01:12,960 --> 01:01:23,120
i definitely wish to be speaker on this year in some fascisco or microsoft ignited it is where

411
01:01:23,120 --> 01:01:31,120
you reveal many innovation features and start discussions about many many positive thinking and

412
01:01:31,840 --> 01:01:40,400
yes it it is by default any piece i'm it i love i'm a piece i'm it because it it is i love deep

413
01:01:40,400 --> 01:01:48,160
technical session during the vp summit and see my colleague uh and everything but inside is

414
01:01:48,160 --> 01:01:53,680
something different something else uh very very good and i fully recommend it

415
01:01:53,680 --> 01:01:59,520
and we hope microsoft uh ampliess yearlet that who willing to be a speaker

416
01:02:00,560 --> 01:02:04,320
year for us okay um identity or endpoint

417
01:02:04,320 --> 01:02:17,840
hmm uh mirror in in era how to i i i i was working very long as identity security engineer and i know

418
01:02:17,840 --> 01:02:27,440
everything but uh very s has together everything is important uh both both right there is the

419
01:02:27,440 --> 01:02:35,840
an endpoint management is uh very very critical because uh i'm facing big lot of migration for

420
01:02:35,840 --> 01:02:46,320
s cm to microsoft today uh in for many clients and uh very very important uh topic is also

421
01:02:46,320 --> 01:02:55,600
boot identity and device management together together if you work for a very poor company

422
01:02:55,600 --> 01:02:59,600
they only will pay one security to with from microsoft which one is it

423
01:02:59,600 --> 01:03:13,920
oh you know uh that is a tricky question because uh small and many you mentor praise uh in

424
01:03:13,920 --> 01:03:23,120
bear very often our source the security engineer and uh we are facing uh it it is dependent for

425
01:03:23,920 --> 01:03:30,160
budget but definitely my recommendation is unify security operation in microsoft

426
01:03:30,160 --> 01:03:34,400
defenderies year which haka movie is the most realistic

427
01:03:34,400 --> 01:03:40,000
movie

428
01:03:40,000 --> 01:03:42,000
i really see

429
01:03:42,000 --> 01:03:47,600
movie regarding

430
01:03:51,840 --> 01:04:01,520
what we discussed today if you don't you don't have uh uh i saw something before

431
01:04:01,520 --> 01:04:11,920
uh and mention data data without any any protecting control without any don't flow without

432
01:04:12,720 --> 01:04:23,440
risk and it is expensive for us uh and after that we have uh uh data sweeteration we have data

433
01:04:23,440 --> 01:04:32,960
leakage uh outside company and compromise uh it is also not only a tech for reputation uh

434
01:04:32,960 --> 01:04:40,480
your lersha something very important but uh maybe move in in into dark web

435
01:04:42,320 --> 01:04:49,920
i like cybercrime and the public exposed something very valuable on twitter or social network in

436
01:04:49,920 --> 01:05:02,640
the setra it will be very fairly uh and uh i i saw something and that is secret what uh

437
01:05:02,640 --> 01:05:12,080
sock every sock wish to to need uh and take into account and that is the more more realistic from

438
01:05:12,080 --> 01:05:23,040
proactive to react to uh uh reactive approach i think um cyber security expert uh it's one of the

439
01:05:23,040 --> 01:05:31,920
new sexiest job in the world uh i think there are big opportunity but a lot of young

440
01:05:31,920 --> 01:05:41,600
professionals tech professionals try to start a career in cyber security what advice can you give them

441
01:05:42,080 --> 01:05:53,520
uh yes um i am a couple of decade also microso-settifree trainer and i have a lot of experience in that

442
01:05:53,520 --> 01:06:04,160
and this is also a very often question from me uh go step by step and shifting you uh from

443
01:06:04,720 --> 01:06:14,640
data the first layer physical security to early phase and spend some time two years three years as a

444
01:06:14,640 --> 01:06:22,800
networking engineer uh uh not shifting directly on security because i reveal many gaps for young

445
01:06:22,800 --> 01:06:30,720
engineering uh many many gifts in knowledge uh networking is most important i love networking

446
01:06:30,720 --> 01:06:39,040
natural protection uh for or and after that move from a classical security to application security

447
01:06:39,040 --> 01:06:49,040
layer and the setra but just don't hurry just go step by step to the uh uh with the knowledge and

448
01:06:49,040 --> 01:06:58,560
everything and this is a good approach and using uh many many great uh uh my start was with uh

449
01:06:58,560 --> 01:07:08,480
bitcantea network plus security plus now we have the icis square with security um uh uh

450
01:07:08,480 --> 01:07:14,800
certified cyber security this is also a very good approach from my icis square many good

451
01:07:14,800 --> 01:07:26,560
tutorials but work slowly uh and uh it is not accent uh certification is important but

452
01:07:27,520 --> 01:07:35,680
for my opinion practical your skills what you have in your ten fee fingers it is the most important book

453
01:07:35,680 --> 01:07:46,480
yeah i think uh some some guys think it's good to do an hack or i don't know for two months or

454
01:07:46,480 --> 01:07:53,520
several there was some some hack and the microsoft was not so happy about this guy but yeah um

455
01:07:53,520 --> 01:08:00,160
like i've heard the book heard the book and uh uh bellini i'm i'm start with the unix

456
01:08:00,160 --> 01:08:06,720
uh i'm i'm also a lino's guy not only microsoft oriented and work with different

457
01:08:06,720 --> 01:08:14,800
environment and different platform is the most easy way using uh a lot of proactive using think

458
01:08:14,800 --> 01:08:22,080
like hattaker have the books platform uh have the which uh challenge with with the work with many many

459
01:08:22,800 --> 01:08:30,240
good opportunity uh uh many online platforms provide you very good very good approach for that

460
01:08:30,240 --> 01:08:41,840
yeah so thank you we're i i i can talk with you much more more longer uh but yeah uh thank you so much

461
01:08:41,840 --> 01:08:49,360
for being here for staying longer than than planned so i hope you you don't miss anything or something

462
01:08:49,360 --> 01:08:56,720
yeah um today i tried to to think like an attacker but yeah what we conclude the modern cyber security

463
01:08:56,720 --> 01:09:03,360
is just about stopping attackers after they happened it's yeah understanding your exposure before

464
01:09:03,360 --> 01:09:11,120
a tucker do and yeah i think this was really really helpful to understand what happened especially

465
01:09:11,760 --> 01:09:21,040
with uh in the age of ai so yeah thank you for all the topics we have security exposure management

466
01:09:21,040 --> 01:09:27,760
security co-pilot defend like str identity protection ai attack pass and yeah our

467
01:09:27,760 --> 01:09:32,960
our engineers can shift for reactive security to protect defense so thank you both for being

468
01:09:32,960 --> 01:09:40,480
yeah thank you very much uh and if was really great pleasure to discuss with you this is our

469
01:09:40,480 --> 01:09:46,000
first conversation but i'm looking forward to care video more very interesting

470
01:09:46,000 --> 01:09:54,160
co-resential ideas today thank you very much and uh see you on the next challenge and have a nice

471
01:09:54,160 --> 01:09:58,640
rest of the day yeah thank you bye