At RSA 2019 I’ll be speaking about the Lost Boys: How Linux and Mac Intersect in a Windows-Centric Security World. We often see that Windows has such a large market share as the platform of choice, it can render Linux and Mac the Lost Boys in the world of security. This is also reinforced by the fact that the management of the two platforms for enterprise environments is simply not comparable to the administration of Windows client or server operating systems. But from the perspective of a security officer, this is as important as necessary. In November 2017, Microsoft announced that it will extend Windows Defender ATP partners across platforms. With that, the public availability of the WDATP integration of Ziften, Bitdefender and Lookout went live. With this comprehensive approach, Microsoft unites forces against cyber threats and adds lack of knowledge about behavior-based security solutions on these platforms through the industry expertise of its partners. This integration has now been extended to include two additional platforms, SentinelOne and Corrata. In this blog post I’ll give you a first introduction how the integration with Ziften can be done. Later we will have a look how the agent behaves on Mac and Linux machines with two different examples of real world attacks, that we have seen in the past couple of months.Continue reading
Category: Windows Defender ATP
we recently had a customer that was affected by a sticky keys attack. That made my team and myself dig deeper in how you can prevent these kind of attacks. The best way to protect is easier than you might expect…
within the last year, we have focused on Windows Defender ATP and ran through several PoCs. I’ve prepared several scenarios for you, where I will guide you trough WDATP from the tenant creation to high end scenarios. In this first post, we will go through the tenant creation process itself.