Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]
![Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT] Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]](https://images.podpage.com/tr:w-1200,h-630,cm-pad_resize,bg-blurred_70/https://img.youtube.com/vi/LYErkzgo58k/maxresdefault.jpg)
![Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT] Think Like an Attacker: Microsoft Security Exposure Management with Uros Babic [MVP-MCT]](https://img.youtube.com/vi/LYErkzgo58k/maxresdefault.jpg)
Traditional cybersecurity focuses on vulnerabilities, alerts, and dashboards. Attackers don't. They look for opportunities, weak identities, exposed cloud resources, excessive permissions, forgotten endpoints, and misconfigurations they can chain together into a successful attack. In this episode of the M365 FM Podcast, host Mirko Peters takes a unique approach by stepping into the role of the attacker while Microsoft Security MVP and Microsoft Certified Trainer Uros Babic defends a modern Microsoft environment using Microsoft Security Exposure Management, Microsoft Defender XDR, Microsoft Sentinel, Security Copilot, and Zero Trust principles. Instead of discussing security theory, this episode follows a realistic attack scenario from reconnaissance and phishing to privilege escalation, lateral movement, ransomware, and data exfiltration. Along the way, Uros explains how organizations can stop attackers before they reach critical assets by focusing on exposure rather than simply fixing vulnerabilities. The discussion demonstrates why modern security operations are shifting from reactive incident response to proactive risk reduction powered by Microsoft's latest security technologies.
THINKING LIKE AN ATTACKER
The episode begins with one fundamental mindset shift: attackers don't see security dashboards or compliance reports—they see attack paths. Uros explains why organizations should stop asking "How many vulnerabilities do we have?" and instead ask "Which attack path would an attacker exploit first?" Topics include:
- Social engineering
- Phishing attacks
- Credential theft
- Privilege escalation
- Lateral movement
- Ransomware
- Data exfiltration
- Insider threats
- Supply chain attacks
- Cloud misconfigurations
MICROSOFT SECURITY EXPOSURE MANAGEMENT
One of the central topics is Microsoft's Security Exposure Management platform. Unlike traditional vulnerability management, Exposure Management connects identities, endpoints, cloud resources, permissions, applications, and attack paths into a single security graph that helps organizations prioritize what actually matters. Rather than fixing thousands of isolated vulnerabilities, security teams can identify the fastest route an attacker could take to reach Tier-0 assets and eliminate those paths before they are exploited. The discussion covers:
- Exposure Graph
- Attack Path Analysis
- Attack Surface Management
- Risk Prioritization
- Critical Asset Protection
- Continuous Threat Exposure Management (CTEM)
- Microsoft Defender Portal
- Multi-cloud visibility
Artificial Intelligence is transforming cybersecurity for both defenders and attackers. Uros explains how Microsoft Security Copilot helps security analysts investigate incidents faster, summarize complex alerts, analyze malicious scripts, recommend remediation steps, and automate repetitive SOC workflows. The conversation also explores how AI agents introduce entirely new security challenges. Organizations must now secure AI agents just like human identities by applying Conditional Access, Microsoft Entra ID, Identity Protection, Microsoft Purview, and governance policies. As enterprises deploy more AI-powered assistants, securing Agentic AI becomes a critical part of every Zero Trust strategy.
ZERO TRUST IN THE AGE OF AI
Zero Trust remains one of Microsoft's core security principles—but AI changes how organizations must apply it. The discussion explores how Zero Trust combines with Exposure Management to answer an even more important question: "Even if nothing is trusted, what can an attacker still exploit?" Topics include:
- Identity Protection
- Conditional Access
- Passwordless Authentication
- Managed Devices
- Microsoft Entra ID
- Defender for Cloud Apps
- Microsoft Purview
- AI Governance
- Security Policies
BUILDING A MODERN SECURITY OPERATIONS CENTER
Many organizations still measure security success by counting alerts or tracking ticket volumes. Uros explains why these metrics often create a false sense of security. Modern SOC teams should instead focus on:
- Exposure reduction
- Attack path elimination
- Tier-0 asset protection
- Critical exposure remediation
- MITRE ATT&CK coverage
- Identity risk reduction
- Security posture improvements
CYBERSECURITY CAREERS AND COMMUNITY
Beyond technology, Uros shares valuable career advice for professionals interested in cybersecurity. He recommends building strong networking and infrastructure fundamentals before specializing in cloud security and emphasizes that practical hands-on experience is often more valuable than collecting certifications alone. The conversation also covers learning platforms, Microsoft certifications, community engagement, and the importance of continuously adapting as cybersecurity evolves alongside AI.
WHO SHOULD LISTEN?
This episode is ideal for:
- Security Architects
- SOC Analysts
- Microsoft 365 Administrators
- Azure Engineers
- Cloud Architects
- IT Decision Makers
- Microsoft MVPs
- Security Consultants
- CISOs
- DevSecOps Engineers
- Anyone responsible for securing Microsoft environments
Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.
🚀 Want to be part of m365.fm?
Then stop just listening… and start showing up.
👉 Connect with me on LinkedIn and let’s make something happen:
- 🎙️ Be a podcast guest and share your story
- 🎧 Host your own episode (yes, seriously)
- 💡 Pitch topics the community actually wants to hear
- 🌍 Build your personal brand in the Microsoft 365 space
This isn’t just a podcast — it’s a platform for people who take action.
🔥 Most people wait. The best ones don’t.
👉 Connect with me on LinkedIn and send me a message:
"I want in"
Let’s build something awesome 👊
00:00:00,000 --> 00:00:08,640
Yeah, welcome back to another edition of the MC65FM podcast where we bring you conversations
2
00:00:08,640 --> 00:00:13,960
with MbP's, engineers, architects and community leaders shaping the future of Microsoft
3
00:00:13,960 --> 00:00:14,960
technology.
4
00:00:14,960 --> 00:00:17,720
Today, episodes, it's a little bit different.
5
00:00:17,720 --> 00:00:19,960
Usually, we interview expert today.
6
00:00:19,960 --> 00:00:26,560
I'm going to be the attacker by going to simple break into URO's Microsoft environment,
7
00:00:26,560 --> 00:00:31,520
gather intelligence, deal credentials, move through the network, reach the growing
8
00:00:31,520 --> 00:00:35,440
uwits and hopefully not get catched.
9
00:00:35,440 --> 00:00:41,200
Yeah, thank you today's guest is a Microsoft leading security expert, URO's Babich, is
10
00:00:41,200 --> 00:00:47,000
a Microsoft security MbP, Microsoft certified trainer and lead product engineer for Microsoft
11
00:00:47,000 --> 00:00:52,560
security, deaf ops and a software-1 global center of excellence.
12
00:00:52,560 --> 00:01:00,000
We design enterprise SOC solutions using Microsoft Defender, Microsoft Sentinel security co-pilot,
13
00:01:00,000 --> 00:01:02,520
automation, Microsoft security, expose management.
14
00:01:02,520 --> 00:01:08,760
So today, if we can stop, if he can swap me with me, I succeed.
15
00:01:08,760 --> 00:01:10,400
URO's, are you ready?
16
00:01:10,400 --> 00:01:12,520
Yeah, thank you, Mirko.
17
00:01:12,520 --> 00:01:19,480
Thank you for joining me on this session and looking forward to discuss a very important topic.
18
00:01:19,480 --> 00:01:28,760
Because today, I want you to forget how usually look like in our security because your
19
00:01:28,760 --> 00:01:35,800
inertia attacker don't see our environment the way you do.
20
00:01:35,800 --> 00:01:43,480
They don't see dashboard, severity, no, 100 open ticket.
21
00:01:43,480 --> 00:01:46,200
They see opportunity.
22
00:01:46,200 --> 00:01:50,480
And that is very important, that is very challenge.
23
00:01:50,480 --> 00:01:53,640
They see some pet, interesting pet.
24
00:01:53,640 --> 00:01:59,440
And they see the fastest way to something very valuable.
25
00:01:59,440 --> 00:02:10,280
And actually, the problem is for many organizations are still fixing vulnerability in isolation,
26
00:02:10,280 --> 00:02:15,360
while attacker actually try to change them together.
27
00:02:15,360 --> 00:02:24,600
And in this our co-versation, in this session, it is very important to going to think like
28
00:02:24,600 --> 00:02:31,560
what you mentioned, like attacker, and understand not just what is vulnerable, but what is
29
00:02:31,560 --> 00:02:37,680
actually exposed, publicly exposed.
30
00:02:37,680 --> 00:02:43,880
And that is exactly where Microsoft security has for sure management help us.
31
00:02:43,880 --> 00:02:56,680
And that is actually game changer because it is help to identify, to prioritize, to the
32
00:02:56,680 --> 00:03:00,280
break attack pet that's really major.
33
00:03:00,280 --> 00:03:03,640
And that is the future for our modern stock.
34
00:03:03,640 --> 00:03:13,840
I love to say the future of a Celtic stock because we are the most AI now.
35
00:03:13,840 --> 00:03:18,440
But it's a center question how we protect our agent.
36
00:03:18,440 --> 00:03:26,880
And I love to say also what is the subject of elevation and etc.
37
00:03:26,880 --> 00:03:34,800
That is interesting when many organizations like I don't know before 15 days we have a
38
00:03:34,800 --> 00:03:45,800
situation with some agent is Dini, some sub-engine is not properly secure security
39
00:03:45,800 --> 00:03:50,560
configure and by security policy.
40
00:03:50,560 --> 00:04:01,000
And we must prioritize because, a entropic disable for example, FABL and METUS, it is great
41
00:04:01,000 --> 00:04:10,120
example why we rely on external agent tools without governance is actually risky.
42
00:04:10,120 --> 00:04:19,440
And if my employee, your employee are using our many AI tools for example, your data is
43
00:04:19,440 --> 00:04:26,680
effectively subject of some policy outside of your organization include the regulatory
44
00:04:26,680 --> 00:04:29,200
decision you don't control.
45
00:04:29,200 --> 00:04:34,160
And that is also the challenge and that is also the risk.
46
00:04:34,160 --> 00:04:43,040
In this central I love to amface something very important what we discuss under the beginning
47
00:04:43,040 --> 00:04:45,480
of our our conversation.
48
00:04:45,480 --> 00:04:54,960
We are facing with the challenge main cyber attack but into the cloud.
49
00:04:54,960 --> 00:05:05,560
The first actually your mansion is some kind of uncontrolled misconfiguration exploit.
50
00:05:05,560 --> 00:05:12,960
An attacker take advantage of fully configured cloud service.
51
00:05:12,960 --> 00:05:22,640
What is publicly accessible like storage bucket like overage permission identity access
52
00:05:22,640 --> 00:05:30,040
manager role to gay are authorized are says to our sensitive data.
53
00:05:30,040 --> 00:05:36,840
The great example is credential that great example is account compromise because we are
54
00:05:36,840 --> 00:05:43,240
facing with a lot of fishing brute force attack.
55
00:05:43,240 --> 00:05:50,400
Credential staffing are used to hear cloud account after leaving to a lot many lots of
56
00:05:50,400 --> 00:05:57,600
movement without cloud environment without any control user nomination early face for
57
00:05:57,600 --> 00:06:05,960
attack and the challenges how we can stop in the fast way.
58
00:06:05,960 --> 00:06:18,320
How we using to our tools in better efficient way because modern us were complying now include
59
00:06:18,320 --> 00:06:24,080
many many other challenge and clip cloud data.
60
00:06:24,080 --> 00:06:29,920
Pression with the third party clients partners for us to take with combination with data
61
00:06:29,920 --> 00:06:34,320
solution the next step is privilege installation.
62
00:06:34,320 --> 00:06:42,920
With data solution that is the great the margin but for a large input for many organization
63
00:06:42,920 --> 00:06:57,400
and for the money also for the reputation and actually we are facing also what is I so
64
00:06:57,400 --> 00:07:03,880
big challenge is the cloud base of the supply chain is also targeting but attacker compromise
65
00:07:03,880 --> 00:07:11,520
widely using some library or services to affect multiple organization and what a mission
66
00:07:11,520 --> 00:07:19,360
AI AI with the machine learning with the system exploit with the poison threatening data
67
00:07:19,360 --> 00:07:21,520
with the steel model.
68
00:07:21,520 --> 00:07:29,200
I wait with many other challenge to use AI to generate the commencing fishing or some
69
00:07:29,200 --> 00:07:40,520
defake context and because cloud environments with the malware design it is a great example
70
00:07:40,520 --> 00:07:52,800
for Kubernetes for docker a container security under eyes often stealing some API key talk
71
00:07:52,800 --> 00:08:03,200
and secret and that is that is very usual that is very common attack perspective weak
72
00:08:03,200 --> 00:08:11,320
misconfiguration access control can lead for example to unauthorized access for many Azure
73
00:08:11,320 --> 00:08:20,440
as to simply in stroke past or policy and MFA I love to say past or less without any
74
00:08:20,440 --> 00:08:28,520
password using strong multifacare authentication with the fish persians mechanism it is it is
75
00:08:28,520 --> 00:08:39,520
a good start so I think before I take your organization I start with social engineering
76
00:08:39,520 --> 00:08:49,240
so yeah it was can you tell us a little bit about yourself and and how your journey begins
77
00:08:49,240 --> 00:08:52,320
into cyber security.
78
00:08:52,320 --> 00:09:04,520
I am actually more than 20 years in cyber security start for my own premise I was actually system
79
00:09:04,520 --> 00:09:13,760
admin in Windows server environment and work with with a lot of on premise and who the
80
00:09:13,760 --> 00:09:24,240
two and lead to writing I remember 2016 and 2017 is migration actually from standard on
81
00:09:24,240 --> 00:09:38,760
premise and from on premise bare metal to cloud and actually my work is because the client
82
00:09:38,760 --> 00:09:48,560
often work in hybrid environment and move from the know but we also working for how environment
83
00:09:48,560 --> 00:09:57,080
but that is actually how I shift my knowledge my experience step by step in these 20 years
84
00:09:57,080 --> 00:10:06,160
and of course everything is changed shift and thinking and attack perspective and previous
85
00:10:06,160 --> 00:10:16,000
could be have other focus now we have more sophisticated focus how we can use the modern
86
00:10:16,000 --> 00:10:24,960
modern tool because you know we are facing with a lot of duct tape that data what means without
87
00:10:24,960 --> 00:10:33,360
any control in the cloud and the first question is before you define what is your sensitivity
88
00:10:33,360 --> 00:10:39,360
data do you know what is your sensitivity data how you protect your sensitive data in the
89
00:10:39,360 --> 00:10:47,160
cloud do you know how it looks like your data flow do you know what is managed and how
90
00:10:47,160 --> 00:10:54,400
you can manage your device or your device is under your control that is the first steps
91
00:10:54,400 --> 00:11:04,800
and yes very good exposure management give you a lot of opportunity but but in me must
92
00:11:04,800 --> 00:11:15,120
thinking very predicate and actually the great way is actually Microsoft security exposure
93
00:11:15,120 --> 00:11:22,080
management about why you love to discuss today how is shifting security from a reactive perspective
94
00:11:22,080 --> 00:11:33,040
to actually from reactive incident response to pro active risk reduction that is my focus
95
00:11:33,040 --> 00:11:46,640
and I love to continuously more the last five years to map my attack surface management
96
00:11:46,640 --> 00:12:01,280
and actually identify exposure across identity across endpoints across cloud across application
97
00:12:01,280 --> 00:12:13,360
and how I can prioritize my work and what is actually metric in that way that is crucial and
98
00:12:13,360 --> 00:12:24,320
that is that is a very good approach how we can do in our daily operation because also I love
99
00:12:24,320 --> 00:12:37,200
to mention I worked in day to day operation with the SOC team 24 hours critical asset critical resource
100
00:12:37,200 --> 00:12:48,320
incident other thing and what is the core message how we as for sure is not equal vulnerability we
101
00:12:48,320 --> 00:12:55,360
have vulnerability we have individual issue with common vulnerability as for score be the
102
00:12:55,360 --> 00:13:03,840
lot of misconfiguration what I mentioned before but exposure is actually how attacker actually
103
00:13:03,840 --> 00:13:14,720
chain goes issue together the key the key idea it is not about the fixing everything it is about fixing
104
00:13:14,720 --> 00:13:24,080
what attacker really exploit the first and that is that is a tricky and why that is why I love to
105
00:13:24,080 --> 00:13:34,480
am phasing I know no attack surface management the first thing I was thinking how discover attacker
106
00:13:34,480 --> 00:13:45,280
try to discover my asset from no from unknown and I have external option I have internal option
107
00:13:45,280 --> 00:13:53,280
that is also the case when you're conducting some internal or external pen test activity but
108
00:13:53,280 --> 00:14:02,720
exposure graph is very good option how you can identify security dependency method how show
109
00:14:02,720 --> 00:14:15,200
your weakness actually connecting into many attack path and the next step is how we can prioritize
110
00:14:15,200 --> 00:14:29,040
real risk and allow to make a question many time myself what is the fact aspect to domain admin
111
00:14:29,040 --> 00:14:42,400
or global admin for my critical assets and that is also attacker perspective show me I don't know show
112
00:14:42,400 --> 00:14:52,800
me top exposure affecting tier zero assets how I can help my analyst to reason faster and this is
113
00:14:52,800 --> 00:15:01,920
very important topic very important to point when we starting to work with this shift how
114
00:15:01,920 --> 00:15:09,360
well after say we have all so security operation center alert driven now manage sock modern sock
115
00:15:09,360 --> 00:15:20,320
thinking line attacker risk driven after attack no it is important proactive approach before attack
116
00:15:20,320 --> 00:15:35,280
and noise on overload how we can prioritize exposure management I love to to give you some real
117
00:15:35,280 --> 00:15:46,960
reward feeling how we work how we project our initiative with some practical scenario imagine some
118
00:15:46,960 --> 00:15:57,120
misconfiguration service account combined with device vulnerability and excessive permission
119
00:15:58,400 --> 00:16:07,360
individual that is not aren't critical but together they create path to domain admin
120
00:16:07,360 --> 00:16:17,600
extreme show management will be fine and purify that change that is good and this is actually answer
121
00:16:17,600 --> 00:16:29,840
how I shift myself from seco to DevOps for many automation in in the last in the last five years that is
122
00:16:29,840 --> 00:16:36,160
that is answer for a wish okay so I'm the checker so I try to bring you a little bit out of the concept
123
00:16:36,160 --> 00:16:44,720
so if you had an animal what name will you give him a name yeah
124
00:16:45,840 --> 00:16:55,600
with animal layer or something like that okay then I google now your your your birthday and I copy paste
125
00:16:55,600 --> 00:17:02,960
your email address from link that now I am in your your channel yeah yeah yeah yeah yeah correct
126
00:17:02,960 --> 00:17:10,800
very good yeah yeah let us a little bit short talk about the topic inside of risk
127
00:17:13,600 --> 00:17:21,040
what did you think how how big is this part actually of further the new checks the AI
128
00:17:21,040 --> 00:17:31,520
yes that is that is a good question the central question I actually have a lot of discussion
129
00:17:31,520 --> 00:17:42,960
about this topic the last one month we have a lot of AI agents now in two direction the first is
130
00:17:43,920 --> 00:17:52,880
a agent in security copilot for AI with some conditional access optimization agent to
131
00:17:52,880 --> 00:17:59,280
reveal your depping conditional access policy very good for security baseline in Microsoft
132
00:17:59,280 --> 00:18:07,840
365 tenant show some security analyst is very interesting now you you have direct chat now
133
00:18:08,560 --> 00:18:17,920
with two security consul should unit to replace your for example to be good thank your security analyst
134
00:18:17,920 --> 00:18:26,240
not replace really because we must get you an interaction but for your vulnerability management for
135
00:18:26,240 --> 00:18:33,200
your security score for your custom very language or a lot of questions with primary
136
00:18:33,200 --> 00:18:42,480
discoloration a lot of questions from for for a later a moment pet that is very interesting point and
137
00:18:42,480 --> 00:18:51,520
the the central question yes is elevation privilege this agent I have a lot of discussion
138
00:18:51,520 --> 00:18:59,360
and explain a lot of during the session but I love to have phasing something
139
00:19:02,880 --> 00:19:13,120
why AI agent should be threat as the first class identity how we can simulate data leakage scenario
140
00:19:13,120 --> 00:19:22,560
for many company and that in entry protection how to enforce conditional access policy how to
141
00:19:22,560 --> 00:19:33,200
respond to agent incident from isolate anomaly because the central question is elevation
142
00:19:33,200 --> 00:19:45,040
but when use the many new interact with copilot agent on custom AI workflow the agent doesn't
143
00:19:46,000 --> 00:19:57,200
just answer question it act it call Microsoft graph it reads from share point but it query exchange
144
00:19:57,200 --> 00:20:05,920
it doesn't all the using delegate of application permission that we granted integration time
145
00:20:05,920 --> 00:20:13,040
and we forget that and we we we are facing with a lot of elevation of permission
146
00:20:13,840 --> 00:20:21,040
and the behavior is actually makes AI agent functionality equivalent to some
147
00:20:21,040 --> 00:20:30,640
I know well service principle manage identity in terms of access scope and this is exactly why
148
00:20:30,640 --> 00:20:39,200
Microsoft enter now that again the identity and the first class subject in identity plan
149
00:20:39,200 --> 00:20:47,120
all of us use the device and work load the center question is how we to protect to our sensitive
150
00:20:47,120 --> 00:20:55,360
information go outside when we have interaction of scope i vote great example is maybe data security
151
00:20:55,360 --> 00:21:02,720
poster management for AI on Microsoft review you can use in deal peak policy in combination the
152
00:21:02,720 --> 00:21:13,760
protection and detect some your sensitive data when you have but security joy journey is actually
153
00:21:13,760 --> 00:21:22,480
provide some very good framework in my opinion what we first identify with AI agent in
154
00:21:22,480 --> 00:21:30,480
Microsoft entry agent agent preview protect with hondesh initial access policy detect with identity
155
00:21:30,480 --> 00:21:38,080
protection in enter ID and security copilot respond with defender
156
00:21:38,080 --> 00:21:43,200
automatic access block and session termination using some
157
00:21:43,200 --> 00:21:51,280
conditional access or defender is the air capability and finally don't forget optimization
158
00:21:52,480 --> 00:22:02,640
continuous policy analysis get identification with and this is actually the six act and
159
00:22:02,640 --> 00:22:12,320
how we understand you are using very useful you often interacting with the pilot agent customer agent
160
00:22:12,320 --> 00:22:21,280
with share point online with the exchange line micro graph API and we have access the data access
161
00:22:21,280 --> 00:22:31,040
we have sensitive content access accessing file and folders critical outside and that is realistic data
162
00:22:31,040 --> 00:22:39,760
leakage scenario. Miscofegration agent without any control orchestration layer it will be
163
00:22:39,760 --> 00:22:48,240
challenged in the next period of time we can use many protection mechanism but the central question
164
00:22:48,240 --> 00:22:59,600
how we use sound automation response to block to terminate tool login in scope for our automatic
165
00:22:59,600 --> 00:23:14,160
blocking via some policy when we have risk agent in in in in Fox and you can use many many very
166
00:23:14,160 --> 00:23:25,280
good good tool like defender for how depths like micro solution in many many additional
167
00:23:25,280 --> 00:23:34,240
capability in that way. Yeah, Microsoft have a topic I think in years they say zero trust zero
168
00:23:34,240 --> 00:23:42,880
trust zero trust for devices zero trust for users zero trust for applications how have zero trust
169
00:23:42,880 --> 00:23:53,120
change in the age of AI. Yes, very good question and we have a lot of
170
00:23:53,120 --> 00:24:01,200
opportunity in that way. Yes, your mission very
171
00:24:01,200 --> 00:24:10,720
actually we can use some blend expert for management with the zero trust
172
00:24:11,840 --> 00:24:21,040
mindset instead to move step by step to change identity and point mis-confiduration permission
173
00:24:21,040 --> 00:24:32,560
into the path because for attacker perspective attacker don't care about your security model
174
00:24:32,560 --> 00:24:41,360
that is very interesting and they don't respect boundary they don't respect your your zero trust
175
00:24:41,360 --> 00:24:50,240
and they definitely don't follow your priority list because zero trust reduce trust but for
176
00:24:50,240 --> 00:24:59,200
example in combination in expert management we can it can be show you where you still exposed
177
00:24:59,200 --> 00:25:08,320
if so if nothing is trusted it is real question becomes what is still exploitable and connect zero
178
00:25:08,320 --> 00:25:19,600
trust with special management that is maturity angel and position you in in that way but zero trust
179
00:25:19,600 --> 00:25:27,280
in combination for for AI it will be it will be challenged
180
00:25:31,520 --> 00:25:43,040
surely with the identity AI when we when we have when we have the real scenario we when we have
181
00:25:43,040 --> 00:25:50,880
because because the trust is in age of again TKI
182
00:25:51,600 --> 00:25:58,640
a retinking security special for a for my opinion and the fixing special not just all it
183
00:25:58,640 --> 00:26:08,720
we are using angelic AI and especially the driven security in combination for our future
184
00:26:08,720 --> 00:26:18,480
modern stock and zero trust in in in conclusion is not enough you must use many other
185
00:26:19,280 --> 00:26:26,960
solution like special management but you implement zero trust model now with the AI but why
186
00:26:26,960 --> 00:26:36,880
is still exposed that is that is again TKI plus zero trust why attacker still actually win
187
00:26:36,880 --> 00:26:50,240
a how to stop in in in in in the either part and the I love to explore and thinking shift our focus
188
00:26:50,240 --> 00:26:57,440
how combines zero trust with micro security special management and again TKI all of us to
189
00:26:57,440 --> 00:27:06,480
finally shift from reacting to others to proactively breaking attacker pets for example before they
190
00:27:06,480 --> 00:27:14,080
ever use that is the modern stock and just zero trust limit access as per show management show where
191
00:27:14,080 --> 00:27:22,800
the attacker still win and that is a good approach for agent TKI agent TKI doesn't just detect threats
192
00:27:22,800 --> 00:27:32,720
they understand them it will be challenged and very good question so the question is no longer
193
00:27:33,760 --> 00:27:44,320
do we trust this it's can attacker still get true and it is it is the right approach
194
00:27:44,320 --> 00:27:53,360
breadball narrative into our our focus in the next period of time and thank you for this
195
00:27:53,360 --> 00:28:01,360
special um microsoft had had a lot of security tools I say Microsoft peer view your data security
196
00:28:01,360 --> 00:28:09,280
Microsoft in tune for device management Microsoft enter for identity Microsoft sent in it for
197
00:28:09,280 --> 00:28:18,400
yeah collecting detecting threats then they have uh not known I have forgotten for what was it
198
00:28:18,400 --> 00:28:28,320
and and and they have a defend or a lot of defenders but you're a specialist in Microsoft
199
00:28:28,320 --> 00:28:36,400
security expelers management is there's a true or what is it is a framework yeah that is that is
200
00:28:36,400 --> 00:28:46,640
good question uh how we can start with with special management uh that is combination your answer is
201
00:28:46,640 --> 00:28:58,000
combination uh this is I love to say more security solution provide for you unify view security
202
00:28:58,000 --> 00:29:05,120
posture across many organizations have all called the endpoint cloudless for I don't know my
203
00:29:05,120 --> 00:29:12,480
cellar that surface and security as for show management give you all asset information
204
00:29:12,480 --> 00:29:21,040
with security context and help you here to be proactive manage at a surface pro protect critical
205
00:29:21,040 --> 00:29:32,240
assets and explore and mitigate some special risk in digital state but actually now standard
206
00:29:32,240 --> 00:29:39,760
integration is with the defender for cloud because defender for cloud now is moving for a
207
00:29:39,760 --> 00:29:50,640
easier portal to defender portal uh not only for uh ager it is now be talking about multi-tenth
208
00:29:50,640 --> 00:29:58,480
and multi management across ager a a a a a a a a a a a a a a a a a a a a w s and gcp we are
209
00:29:58,480 --> 00:30:06,880
defend for cloud integration alongside traditional on premise single uh this unify approach graph
210
00:30:07,600 --> 00:30:14,240
expo show graph give you for example i don't know device your identity or cloud assets
211
00:30:14,240 --> 00:30:21,840
external atox surface management along with the gardener continuous threat expo show management
212
00:30:21,840 --> 00:30:30,880
in general to your answer is both this is some kind of framework but also provide for many many
213
00:30:30,880 --> 00:30:42,640
great opportunity great security tool uh and you can uh actually uh who is use this for example
214
00:30:42,640 --> 00:30:51,600
for my perspective security compliance having to improve your organization security post security
215
00:30:51,600 --> 00:31:02,080
operation guys uh need to visibility into data into your flow a workflow across uh many organization
216
00:31:02,080 --> 00:31:09,040
in order to detect in order to investigate in order to mitigate security threats the third category
217
00:31:09,040 --> 00:31:14,800
what you mentioned at the beginning of our organization very important topic is security
218
00:31:14,800 --> 00:31:22,800
architect architect is responsible to solving some issue in order of security poster management
219
00:31:22,800 --> 00:31:30,000
and our spisto i don't know chief security information officer uh with some decision makers
220
00:31:30,000 --> 00:31:36,480
who need inside into organization atox surface management they should manage being in order to
221
00:31:36,480 --> 00:31:43,920
address better understand security risk in organization the uh what is uh very important for our
222
00:31:43,920 --> 00:31:51,680
discussion to understand now vulnerability management is moving from traditional environment
223
00:31:51,680 --> 00:32:01,680
and point environment to uh expo show management and actually this is easy answer combination
224
00:32:01,680 --> 00:32:10,000
vulnerability with the risk management it is a great uh great and what can i do with this
225
00:32:10,000 --> 00:32:19,200
i can use unify view across many organizations with my asset ten points cloud environment
226
00:32:19,200 --> 00:32:27,040
external atox surface management managing investigation atox surface in order to visualize something
227
00:32:27,040 --> 00:32:36,800
i don't know uh analyze this manager uh and the other surface spending on premise and hybrid environments
228
00:32:36,800 --> 00:32:45,520
that is also very very important topic to to understand and i can discover i can say regard my critical
229
00:32:45,520 --> 00:32:53,040
asset i can manage the exposure tool to manage security exposure and mitigate many exposure risk
230
00:32:53,040 --> 00:33:03,760
and i can finally manage and investigate atox surface management with graph schema with a lot of
231
00:33:03,760 --> 00:33:12,320
another and the last topic what is important here for our discussion what you mentioned with the
232
00:33:12,320 --> 00:33:24,800
Sentinel but uh yes Sentinel is a cloud native security management system uh to connect uh many
233
00:33:24,800 --> 00:33:34,000
data sources but here we can uh with security as such management we can connect our data connector
234
00:33:34,720 --> 00:33:44,240
to integrate with the different security solution uh uh and data sources including external vendor
235
00:33:44,240 --> 00:33:55,680
rapid seven i will know cloud many other platform tenable callies uh uh a service now into single
236
00:33:55,680 --> 00:34:02,720
unify view uh esposh management graph and that is good that is fine and finally you can
237
00:34:02,720 --> 00:34:09,600
i will give you a deeper insight into security push for integrity data for various environment and
238
00:34:09,600 --> 00:34:17,440
external sources uh four years uh i think companies often think oh we have all these tools we pay
239
00:34:17,440 --> 00:34:24,080
Microsoft on the security and um yeah Microsoft they know and know and uh a lot of companies start
240
00:34:24,080 --> 00:34:32,160
to build their cyber security teams or have a partner for this topic but now it's
241
00:34:33,040 --> 00:34:39,280
i think a really new product it's the Microsoft security co-pilot uh and i think uh i got the
242
00:34:39,280 --> 00:34:49,920
sheep son of security expert and i paid in 60 uh european hour uh and now i can can get it four for six
243
00:34:49,920 --> 00:34:58,160
yes that is the interesting you know uh we are in areas security co-pilot and
244
00:34:58,800 --> 00:35:10,480
agente kai and actually uh you can use security co-pilot with uh as a core feature in your security
245
00:35:10,480 --> 00:35:21,600
quest for use some interesting use case uh many interesting for example you know i give you some
246
00:35:21,600 --> 00:35:31,440
great example wise from my perspective uh needed uh incident summarization it is better for you
247
00:35:31,440 --> 00:35:39,280
for your security alert to consist on actual online better connecting with your vulnerability uh
248
00:35:39,280 --> 00:35:46,960
basis uh data basis impact analysis ask the potential impact of security incidents
249
00:35:47,600 --> 00:35:53,920
at enable quicker response time uh reverse engineering you can put all your malicious
250
00:35:53,920 --> 00:36:02,000
scripts in security co-pilot to analyze this complex line script and translate into natural
251
00:36:02,000 --> 00:36:10,400
language with clear explanation uh of action without move to any digital forensic station you can
252
00:36:10,400 --> 00:36:17,600
use primarily binary first respondent forensic uh with security co-pilot and why the response
253
00:36:17,600 --> 00:36:25,600
step by step willens for incident response for example uh how you can automatically lock your account
254
00:36:25,600 --> 00:36:33,120
how you can automatically disable your account is your account for rest of the network uh the next steps
255
00:36:33,120 --> 00:36:41,040
for your recommendation for better uh security score everything including in right direction for
256
00:36:41,040 --> 00:36:49,040
triage for investigation for containment incident for a mediation critical part of your security
257
00:36:49,040 --> 00:37:00,560
management and this is very good uh and after that you have many uh agente kai with security co-pilot
258
00:37:02,160 --> 00:37:08,960
you can use uh 30-tellage's briefing agent to automatically create relevant and timely
259
00:37:08,960 --> 00:37:16,800
intelligence report you can use uh conditional access optimization to for your uh uh get
260
00:37:16,800 --> 00:37:26,720
insecurity policy uh uh fix for identity teams fishing three agent vulnerability remediation agent
261
00:37:26,720 --> 00:37:35,040
aint not all co-pilot in uh in preview in entra lot of lot of other challenge but that is that is
262
00:37:35,040 --> 00:37:44,080
good that is uh and yes provision capacity is uh very important to uh to know how you set your
263
00:37:44,080 --> 00:37:51,680
de-40 level and how to assign long permission how to use them with provision co-pilot capacity
264
00:37:52,560 --> 00:38:01,040
and the work with cost optimization phenopes it is great opportunity today uh especially for many
265
00:38:01,040 --> 00:38:13,920
security admin or security analysts in the cloud yeah um thank you this was really good good answer
266
00:38:13,920 --> 00:38:22,240
and let's a little bit talk about or uh or i have a question uh how is uh exposure different from
267
00:38:22,240 --> 00:38:32,640
uh value and urelities it's damn too old yeah that is very good question how is different uh you know
268
00:38:33,440 --> 00:38:42,480
our security esp- uh esp- uh esp- uh management offer uh that is important in the in-naster
269
00:38:42,480 --> 00:38:50,480
attacker can't destroy it to gain access to your data or how the rest of us and uh uh when you have
270
00:38:50,480 --> 00:39:00,080
insecure security api and point and growing necessity and microstracoolize that and uh give last
271
00:39:00,080 --> 00:39:09,280
very good program initiative for endpoint uh with good target score with uh cloud with your identity
272
00:39:09,280 --> 00:39:20,640
with your application uh and uh you have very top initiative here for uh found the re-beshma control
273
00:39:20,640 --> 00:39:26,240
zeal transfer nation this is male compromise is uh your mention
274
00:39:27,040 --> 00:39:36,000
very important topic busy small compromise is not for example classical fishing that is uh uh
275
00:39:36,000 --> 00:39:43,280
in in combination socio-engineering with many the middle attack and many other uh
276
00:39:43,280 --> 00:39:53,440
been in general it must be more and more proactive with critical asset protection to improve our
277
00:39:53,440 --> 00:40:01,840
scoring vulnerability management to uh to understand the score of history uh to devices
278
00:40:01,840 --> 00:40:11,120
special management distribution everything is related and uh uh when we know better our
279
00:40:11,120 --> 00:40:19,680
at the surface metric at the pet uh critical asset summary uh it will be definitely with this
280
00:40:19,680 --> 00:40:26,880
proactive approach uh uh uh i mentioned uh some critical pillar
281
00:40:26,880 --> 00:40:33,600
ranceover human operation ranceover is a challenge in in the last two two two years with the
282
00:40:33,600 --> 00:40:45,520
data filtration with this busy small compromise and we must shift uh uh you know uh it is very easy
283
00:40:45,520 --> 00:40:53,520
ask for your question lack of visibility lack of control uh not knowing where data is stored
284
00:40:53,520 --> 00:41:02,480
and who can uh he who has access uh two and can be risky but i can implement comprehensive
285
00:41:02,480 --> 00:41:11,200
monitoring and access management social care and hands visibility in this control and that is
286
00:41:11,200 --> 00:41:19,280
that is in in the summary there i approach uh how we can protect and how we actually shifting our
287
00:41:19,280 --> 00:41:27,520
thinking and the great question is how we can thinking like like that okay hope
288
00:41:27,520 --> 00:41:39,440
um there it's um i think our uh metra corp i think they have these um yeah and you see for e list uh
289
00:41:39,440 --> 00:41:50,720
that you think uh it's enough to handle cyber security um or have we have it there also a change
290
00:41:50,720 --> 00:41:58,800
yes very good approach we can map everything with uh my to protect framework
291
00:41:58,800 --> 00:42:07,520
we can use uh a bezel tactic technique it called on normal knowledge uh
292
00:42:07,520 --> 00:42:16,480
knowledge base of real world article behavior that is uh preposition uh pre-requisite and showing
293
00:42:16,480 --> 00:42:27,680
me how to actually operate step by step uh a key idea it doesn't focus on tool on malware but
294
00:42:27,680 --> 00:42:38,320
it focused on behavior and attack pattern meter attack framework is bej basically map of how
295
00:42:38,320 --> 00:42:48,240
I talk you think how I talk you move how I achieve the their goal inside your environment and uh that
296
00:42:48,240 --> 00:42:58,800
is the reason why I using many tactic uh in issuos kredeshwaks water movement as a iteration what
297
00:42:58,800 --> 00:43:06,400
is the attack try to achieve that is the the the the the first question and after that how
298
00:43:06,400 --> 00:43:16,720
I can use some technique like fishing pass the hash golden ticket stair skeleton key uh
299
00:43:16,720 --> 00:43:24,800
exploit vulnerability partial execution how would they achieve that and finally with a lot of
300
00:43:24,800 --> 00:43:34,800
sub technique in more detail uh with uh I don't know what a moment like SMV protocol
301
00:43:34,800 --> 00:43:44,240
RDP protocol a siltration with data transfer uh uh it shows how attacker progress across stage
302
00:43:44,240 --> 00:43:54,880
and I'm using in my approach attack attack uh a few metrics this is a very good approach and uh
303
00:43:54,880 --> 00:44:06,640
we have uh most important tactic uh I don't know our first is uh attacker getter info with
304
00:44:06,640 --> 00:44:16,560
reconnaissance uh execution initial access persistence and finally with privileges uh uh uh
305
00:44:16,560 --> 00:44:22,880
escalation for dash elaxes a lot of movement with the spread uh communication external with the
306
00:44:22,880 --> 00:44:30,080
command and control c2 server malissio server uh we have input we have damage we have ransom but
307
00:44:30,080 --> 00:44:41,040
and I love to conduct many red blue simulation uh maybe the wood uh uh to discuss for our another session
308
00:44:41,040 --> 00:44:49,680
some vocabulary detection engineering something like that to to for our resilience
309
00:44:49,680 --> 00:44:58,000
map sent in a rule with attack technique can't base behavior with the alerts uh attack show
310
00:44:58,000 --> 00:45:06,960
how attack will happen and finally if special management show you where they we will succeed
311
00:45:06,960 --> 00:45:16,400
and that is actually uh uh attacker don't think you know it they think in technique and might
312
00:45:16,400 --> 00:45:27,120
detect uh in in the conclusion it's very good blueprint of attack behavior yeah um uh I think a lot
313
00:45:27,120 --> 00:45:32,800
of executives are when they visit the cyber security team they they look at the dashboards and all
314
00:45:32,800 --> 00:45:41,440
this 80% and it's green and uh for the most are uh yeah is it uh then it's secure because it's green
315
00:45:42,240 --> 00:45:52,880
yeah um but how can an executive understand security posture without really called technical reports
316
00:45:52,880 --> 00:46:09,120
yes that is that is also uh you can control uh security score it is also important part what we
317
00:46:09,120 --> 00:46:19,600
don't mention uh with a single view of your data you're at the point with identity with data with
318
00:46:19,600 --> 00:46:32,880
application and to reveal yet uh and some identity some device some follow up location data
319
00:46:32,880 --> 00:46:42,880
cloud infrastructure um this type of consolidation enable a better proactive approach in risk management
320
00:46:42,880 --> 00:46:55,120
and inform you about decision making uh good for audit but uh uh uh uh you can also use in the many
321
00:46:56,880 --> 00:47:03,840
recommendation from Microsoft in your pro-pro-active approach for your device for your cloud from
322
00:47:03,840 --> 00:47:12,080
software to service application I don't know uh identity data with recommendation summary uh the
323
00:47:12,080 --> 00:47:25,040
center question is uh yes uncrasted uh but uh we must align in our defender uh class device
324
00:47:25,680 --> 00:47:34,480
manage device to onboard the now device to to be to be more secure uh your device and manage
325
00:47:34,480 --> 00:47:45,120
device uh without any control it will be great example of risk uh in today in uh very very sophisticated
326
00:47:45,120 --> 00:47:58,080
attack metric and uh we're facing with serious uh advanced threat uh uh groups uh and uh actually
327
00:47:58,080 --> 00:48:07,680
the lesson of although uh attacks to in the last uh uh one year tell us we must shifting
328
00:48:08,320 --> 00:48:20,000
definitely in in this in this uh in this way which metrics really are really important or which
329
00:48:20,000 --> 00:48:35,440
metrics or KPIs watch you every day yes uh actually uh metrics with the KPI how um for example
330
00:48:36,800 --> 00:48:46,240
diagram with attack with the exposure graph with attack pet how to map sentinel detection to
331
00:48:46,240 --> 00:48:56,560
attack pets uh red-blue demo using attack chain this uh this is would uh uh exercise management
332
00:48:56,560 --> 00:49:05,360
priority is attack reveals and micro-attact show your uh how attack remove but uh it doesn't tell
333
00:49:05,360 --> 00:49:12,800
which pet is the most dangerous this is wood combination to use some KPI approach
334
00:49:12,800 --> 00:49:22,160
and uh that is where aswoshu management comes in uh uh uh attack reminds them minds that
335
00:49:22,160 --> 00:49:33,440
and tell us uh tell us uh a lot of techniques to sub technique in in in that way uh uh but uh
336
00:49:34,960 --> 00:49:44,880
in in general uh this is this is uh uh um the biggest challenging modern soc is not
337
00:49:44,880 --> 00:49:53,920
like potato it is actually measuring the wrong things that is wood KPI uh the most
338
00:49:53,920 --> 00:50:00,480
stock track problem number of fellas number of incidents main time to respond time to fall
339
00:50:00,480 --> 00:50:08,480
number of close ticket the uh those are actually metric not security outcomes and you can
340
00:50:08,480 --> 00:50:16,080
close all at all day but it it will be still exposed and really what is the KPI
341
00:50:16,080 --> 00:50:26,560
too much noises KPI reward will you not quality uh no attack or context KPI don't reflect real attack pet
342
00:50:28,480 --> 00:50:37,280
everything is green but while attacker still have a pet full sense of security uh it is
343
00:50:37,280 --> 00:50:49,440
it is a lot of but uh traditional KPI we have out of volume but now i love to to discuss with you
344
00:50:49,440 --> 00:50:56,880
about exposure reduction real goals without the attack elimination with the modern KPI
345
00:50:57,680 --> 00:51:05,040
time to remediate critical exposure that is very good uh topic this is also business-imposed
346
00:51:05,040 --> 00:51:12,080
how we can cover a gem in in to meter meter attack framework with the texture quality
347
00:51:12,080 --> 00:51:20,480
how how i can identify a risk with tier zero exposure with the most critical real layer we can
348
00:51:20,480 --> 00:51:30,320
must use and what we discussed previously in agente here era that is a change in change the game
349
00:51:30,320 --> 00:51:37,600
but not processing more art but prioritize what is actually actually reduce with the
350
00:51:37,600 --> 00:51:47,120
the exposure management that is uh stop measuring activity start measuring exposure that is the message
351
00:51:48,880 --> 00:51:56,720
yeah okay um that's interesting if while you already know where i most like to attack but uh yeah
352
00:51:56,720 --> 00:52:05,760
it's time for plan B uh let's say my fishy game i worked uh what employee clicked uh what's now
353
00:52:05,760 --> 00:52:17,520
what's happened now? Very good point what's happened to you can uh if you're correctly using
354
00:52:17,520 --> 00:52:29,840
uh uh if you're correctly using uh uh microsuit free side defender you can use uh SPF the
355
00:52:29,840 --> 00:52:42,800
Kim and DeMark policy and it will uh uh if we correctly uh uh accommodate correctly protect with
356
00:52:42,800 --> 00:52:55,120
that uh the next is uh to go your fishing in quarantine and your sympians not receive this
357
00:52:55,120 --> 00:53:08,800
is mail uh security uh policy with the SPF uh DeMark and uh the Kim uh many uh other protection
358
00:53:08,800 --> 00:53:17,520
mechanism in defender is they are give you a lot of opportunity uh to settings in microsufry
359
00:53:17,520 --> 00:53:28,720
syspy environment uh for your mail for your collaboration uh uh and you have you have a lot of uh
360
00:53:29,760 --> 00:53:40,480
for example uh security policy in uh uh uh on this uh policy recommendation you can use uh
361
00:53:40,480 --> 00:53:50,240
trade policy you can use alert policy uh uh for anti-fishing anti-spam anti-malware
362
00:53:50,240 --> 00:53:56,000
save attachment to protect your organization of the malicious wanted for mail attachment save links
363
00:53:56,640 --> 00:54:03,680
protect users from opening and sharing money issues links in mail and office apps
364
00:54:03,680 --> 00:54:12,560
that is by policy but you can use many rule uh filtering mechanism is quarantine policy apply
365
00:54:12,560 --> 00:54:22,800
custom rule for quarantine uh message by using uh uh policy or created uh with them uh yes but i
366
00:54:22,800 --> 00:54:29,280
love to add something security awareness is very important and we are facing with the
367
00:54:29,280 --> 00:54:39,520
Lotus uh social engineering techniques uh this is not only to help you to we are human and uh uh
368
00:54:39,520 --> 00:54:47,280
you know uh human is weak and sleek uh inside your security and uh the the it is always
369
00:54:47,280 --> 00:54:59,760
chilling to educate our employee uh uh you can use tool uh but uh if you don't have uh mechanism to stop
370
00:54:59,760 --> 00:55:08,000
in automatically way good example for many attacker is the automatic at a disruption of the generative AI
371
00:55:08,000 --> 00:55:16,480
without human intervention to stop partial malicious activity uh with uh
372
00:55:16,480 --> 00:55:24,960
combination fishing mail in a replace of incident without any human intervention uh in automatically
373
00:55:24,960 --> 00:55:33,040
way and that is that is a good good approach for our uh for our work and ask of your own question
374
00:55:33,040 --> 00:55:41,760
you can use combination uh uh security awareness technique uh how to protect for many social
375
00:55:41,760 --> 00:55:50,800
engineering and tools uh that is a sort of a question okay uh let's say you found me but uh
376
00:55:50,800 --> 00:55:57,520
you're assuming i only compromised one account what's next yeah it is spread
377
00:55:58,640 --> 00:56:14,640
laterally and the next is your uh your uh uh aim is to compromise um uh administrative account
378
00:56:14,640 --> 00:56:22,640
so privilege account uh that is the uh if you compromise user account and after that later
379
00:56:22,640 --> 00:56:30,400
a moment through a change i don't know with pesticide techniques uh for your active directory
380
00:56:30,400 --> 00:56:39,360
the next step is data subteration combination with the ransomware activity and that is not so easy
381
00:56:39,360 --> 00:56:47,040
now we have in our cyber kill chain a lot of different technique uh technique from attacker
382
00:56:47,040 --> 00:56:56,480
perspective not one start with some fishing uh it can be more and more with different sophisticated
383
00:56:56,480 --> 00:57:06,320
techniques yeah so so i have a um congratulations you may make it me much harder than i expect but i
384
00:57:06,320 --> 00:57:14,000
am stubborn wrong uh i still doing yeah uh look after your drone you will so i will take
385
00:57:14,880 --> 00:57:20,400
sensitive data or executive mailbox global admin or your file potential
386
00:57:20,400 --> 00:57:28,080
um yeah what should we do or what should what did you do now
387
00:57:28,080 --> 00:57:39,040
i think the shit is when the shit yeah yeah that is my the previous job i was also working as a cyber
388
00:57:39,040 --> 00:57:48,000
kind investigator and we also have the last popular reactive approach in that way yes
389
00:57:48,000 --> 00:57:58,800
and many companies uh don't have any uh of course i totally don't recommend to go with any
390
00:57:59,600 --> 00:58:09,760
negotiation and conversation with attacker it will be now you know everything is in uh virtual
391
00:58:09,760 --> 00:58:23,120
voting some for example Bitcoin it will be today one zero dot eight they will be more and more
392
00:58:23,120 --> 00:58:31,760
and yes your data is locked and you don't have any possibility but there is a problem i think the key
393
00:58:31,760 --> 00:58:44,640
yeah answer is our backup in our restore procedure well disaster recovery and that is uh i
394
00:58:44,640 --> 00:58:54,720
i i i got many many uh explanation uh well where is your backup in your computer and you can have
395
00:58:54,720 --> 00:59:02,560
any external sources for your backup and thought about you know and that is the tricky and the the main
396
00:59:02,560 --> 00:59:15,520
most valuable topic here how we using our backup and restore procedure in that case is and
397
00:59:15,520 --> 00:59:21,680
if you have a good this way i think it is the win-win situation
398
00:59:21,680 --> 00:59:27,680
yeah okay so you catch me i have give all the bam bitcoins back
399
00:59:27,680 --> 00:59:36,800
so i hope we ask some time because i yeah we are running out of time i don't know if you have a few
400
00:59:36,800 --> 00:59:45,760
minutes um i have in every round i have a fact rapid fire round i ask uh some questions and uh you
401
00:59:45,760 --> 00:59:54,640
give me a short short answer it's okay yes of course okay defender or sentinel a very good question
402
00:59:54,640 --> 01:00:01,760
but it is not easy because we all defend the experience now transition from major portal to defender
403
01:00:01,760 --> 01:00:11,280
portal and sentinel is actually the part of defender now and that is us of your question
404
01:00:12,880 --> 01:00:22,080
exposure management or valuable management uh definitely um that is a tricky question
405
01:00:22,080 --> 01:00:32,160
i like i like to say both in combination with with it is not easy proactive approach
406
01:00:32,160 --> 01:00:39,200
risk but valuable management is very very important topic and to using both in in my approach
407
01:00:40,480 --> 01:00:52,320
okay um bicep or terraform uh that is of course if i using only agent i can use bicep if i
408
01:00:52,320 --> 01:01:03,040
using terraform for multi-cloud environment for AWS a gtp of course terraform is multi-cloud option
409
01:01:03,040 --> 01:01:12,960
then then bicep and the piece i'm not or ignored oh of course by default is um every p but
410
01:01:12,960 --> 01:01:23,120
i definitely wish to be speaker on this year in some fascisco or microsoft ignited it is where
411
01:01:23,120 --> 01:01:31,120
you reveal many innovation features and start discussions about many many positive thinking and
412
01:01:31,840 --> 01:01:40,400
yes it it is by default any piece i'm it i love i'm a piece i'm it because it it is i love deep
413
01:01:40,400 --> 01:01:48,160
technical session during the vp summit and see my colleague uh and everything but inside is
414
01:01:48,160 --> 01:01:53,680
something different something else uh very very good and i fully recommend it
415
01:01:53,680 --> 01:01:59,520
and we hope microsoft uh ampliess yearlet that who willing to be a speaker
416
01:02:00,560 --> 01:02:04,320
year for us okay um identity or endpoint
417
01:02:04,320 --> 01:02:17,840
hmm uh mirror in in era how to i i i i was working very long as identity security engineer and i know
418
01:02:17,840 --> 01:02:27,440
everything but uh very s has together everything is important uh both both right there is the
419
01:02:27,440 --> 01:02:35,840
an endpoint management is uh very very critical because uh i'm facing big lot of migration for
420
01:02:35,840 --> 01:02:46,320
s cm to microsoft today uh in for many clients and uh very very important uh topic is also
421
01:02:46,320 --> 01:02:55,600
boot identity and device management together together if you work for a very poor company
422
01:02:55,600 --> 01:02:59,600
they only will pay one security to with from microsoft which one is it
423
01:02:59,600 --> 01:03:13,920
oh you know uh that is a tricky question because uh small and many you mentor praise uh in
424
01:03:13,920 --> 01:03:23,120
bear very often our source the security engineer and uh we are facing uh it it is dependent for
425
01:03:23,920 --> 01:03:30,160
budget but definitely my recommendation is unify security operation in microsoft
426
01:03:30,160 --> 01:03:34,400
defenderies year which haka movie is the most realistic
427
01:03:34,400 --> 01:03:40,000
movie
428
01:03:40,000 --> 01:03:42,000
i really see
429
01:03:42,000 --> 01:03:47,600
movie regarding
430
01:03:51,840 --> 01:04:01,520
what we discussed today if you don't you don't have uh uh i saw something before
431
01:04:01,520 --> 01:04:11,920
uh and mention data data without any any protecting control without any don't flow without
432
01:04:12,720 --> 01:04:23,440
risk and it is expensive for us uh and after that we have uh uh data sweeteration we have data
433
01:04:23,440 --> 01:04:32,960
leakage uh outside company and compromise uh it is also not only a tech for reputation uh
434
01:04:32,960 --> 01:04:40,480
your lersha something very important but uh maybe move in in into dark web
435
01:04:42,320 --> 01:04:49,920
i like cybercrime and the public exposed something very valuable on twitter or social network in
436
01:04:49,920 --> 01:05:02,640
the setra it will be very fairly uh and uh i i saw something and that is secret what uh
437
01:05:02,640 --> 01:05:12,080
sock every sock wish to to need uh and take into account and that is the more more realistic from
438
01:05:12,080 --> 01:05:23,040
proactive to react to uh uh reactive approach i think um cyber security expert uh it's one of the
439
01:05:23,040 --> 01:05:31,920
new sexiest job in the world uh i think there are big opportunity but a lot of young
440
01:05:31,920 --> 01:05:41,600
professionals tech professionals try to start a career in cyber security what advice can you give them
441
01:05:42,080 --> 01:05:53,520
uh yes um i am a couple of decade also microso-settifree trainer and i have a lot of experience in that
442
01:05:53,520 --> 01:06:04,160
and this is also a very often question from me uh go step by step and shifting you uh from
443
01:06:04,720 --> 01:06:14,640
data the first layer physical security to early phase and spend some time two years three years as a
444
01:06:14,640 --> 01:06:22,800
networking engineer uh uh not shifting directly on security because i reveal many gaps for young
445
01:06:22,800 --> 01:06:30,720
engineering uh many many gifts in knowledge uh networking is most important i love networking
446
01:06:30,720 --> 01:06:39,040
natural protection uh for or and after that move from a classical security to application security
447
01:06:39,040 --> 01:06:49,040
layer and the setra but just don't hurry just go step by step to the uh uh with the knowledge and
448
01:06:49,040 --> 01:06:58,560
everything and this is a good approach and using uh many many great uh uh my start was with uh
449
01:06:58,560 --> 01:07:08,480
bitcantea network plus security plus now we have the icis square with security um uh uh
450
01:07:08,480 --> 01:07:14,800
certified cyber security this is also a very good approach from my icis square many good
451
01:07:14,800 --> 01:07:26,560
tutorials but work slowly uh and uh it is not accent uh certification is important but
452
01:07:27,520 --> 01:07:35,680
for my opinion practical your skills what you have in your ten fee fingers it is the most important book
453
01:07:35,680 --> 01:07:46,480
yeah i think uh some some guys think it's good to do an hack or i don't know for two months or
454
01:07:46,480 --> 01:07:53,520
several there was some some hack and the microsoft was not so happy about this guy but yeah um
455
01:07:53,520 --> 01:08:00,160
like i've heard the book heard the book and uh uh bellini i'm i'm start with the unix
456
01:08:00,160 --> 01:08:06,720
uh i'm i'm also a lino's guy not only microsoft oriented and work with different
457
01:08:06,720 --> 01:08:14,800
environment and different platform is the most easy way using uh a lot of proactive using think
458
01:08:14,800 --> 01:08:22,080
like hattaker have the books platform uh have the which uh challenge with with the work with many many
459
01:08:22,800 --> 01:08:30,240
good opportunity uh uh many online platforms provide you very good very good approach for that
460
01:08:30,240 --> 01:08:41,840
yeah so thank you we're i i i can talk with you much more more longer uh but yeah uh thank you so much
461
01:08:41,840 --> 01:08:49,360
for being here for staying longer than than planned so i hope you you don't miss anything or something
462
01:08:49,360 --> 01:08:56,720
yeah um today i tried to to think like an attacker but yeah what we conclude the modern cyber security
463
01:08:56,720 --> 01:09:03,360
is just about stopping attackers after they happened it's yeah understanding your exposure before
464
01:09:03,360 --> 01:09:11,120
a tucker do and yeah i think this was really really helpful to understand what happened especially
465
01:09:11,760 --> 01:09:21,040
with uh in the age of ai so yeah thank you for all the topics we have security exposure management
466
01:09:21,040 --> 01:09:27,760
security co-pilot defend like str identity protection ai attack pass and yeah our
467
01:09:27,760 --> 01:09:32,960
our engineers can shift for reactive security to protect defense so thank you both for being
468
01:09:32,960 --> 01:09:40,480
yeah thank you very much uh and if was really great pleasure to discuss with you this is our
469
01:09:40,480 --> 01:09:46,000
first conversation but i'm looking forward to care video more very interesting
470
01:09:46,000 --> 01:09:54,160
co-resential ideas today thank you very much and uh see you on the next challenge and have a nice
471
01:09:54,160 --> 01:09:58,640
rest of the day yeah thank you bye















