Microsoft Unified XDR and SIEM Solution Handbook : Modernize and Build a Unified SOC Platform for Future-Proof Security

Microsoft Unified XDR and SIEM Solution Handbook Modernize and Build a Unified SOC Platform for Future-Proof Security

Tired of dealing with fragmented security tools and navigating endless threat escalations? Take charge of your cyber defenses with the power of Microsoft's unified XDR and SIEM solution. This comprehensive guide offers an actionable roadmap to implementing, managing, and leveraging the full pot...

Full description

Bibliographic Details
Other Authors: Boddu, Raghu, author (author), Lamppu, Sami, author, Trent, Rod, author
Format: eBook
Language:Inglés
Published: Birmingham : Packt Publishing [2024]
Edition:First edition
Subjects:
Computer security.
Computer networks > Security measures.
Microsoft software.
See on Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009805122806719
Table of Contents:
  • Cover
  • Title Page
  • Copyright and Credits
  • Dedication
  • Foreword
  • Contributors
  • Table of Contents
  • Preface
  • Case Study - High Tech Rapid Solutions Corporation
  • Introduction
  • The current environment
  • A cloud environment
  • A hybrid cloud architecture
  • User entities
  • Collaboration with partners
  • End user devices
  • Server infrastructure
  • An application landscape
  • An IoT/OT environment
  • Security challenges
  • Management concerns
  • Challenges emphasized by security teams
  • Concerns raised by CISO
  • A recent incident response case
  • Summary
  • Part 1 - Zero Trust, XDR, and SIEM Basics and Unlocking Microsoft's XDR and SIEM Solution
  • Chapter 1: Introduction to Zero Trust
  • Zero Trust and its history
  • Why do we need Zero Trust?
  • Zero Trust in security operations
  • Zero Trust principles and architecture
  • Zero Trust pillars
  • A real-life example
  • Case study analysis
  • Future of Zero Trust
  • Summary
  • Further reading
  • Chapter 2: Introduction to XDR and SIEM
  • Understanding XDR and SIEM
  • What is XDR and how did it start?
  • What is SIEM and how did it start?
  • How does a SIEM solution work?
  • What do these *DR acronyms mean?
  • The benefits of having XDR and SIEM solutions in an enterprise
  • XDR's benefits and reasons to adopt it
  • Why do we need to consider SIEM?
  • How to choose the right XDR and SIEM tool
  • Case study analysis
  • Summary
  • Further reading
  • Chapter 3: Microsoft's Unified XDR and SIEM Solution
  • What is Microsoft's unified XDR and SIEM solution?
  • Microsoft Defender XDR
  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Other relevant Microsoft Security solutions
  • Microsoft Defender XDR overview (MDE, MDO, MDA, and MDI)
  • Microsoft Defender XDR solutions
  • MDE
  • MDO
  • MDA
  • MDI
  • Microsoft Entra ID Protection (formerly Azure AD Identity Protection).
  • Use cases for Entra ID Protection
  • Case study analysis
  • Extending XDR capabilities to on-premises and hybrid cloud by leveraging MDC
  • MDC key features
  • Benefits of using unified XDR for on-premises, multi-cloud, or hybrid cloud scenarios
  • Case study analysis
  • Microsoft Sentinel - SIEM and SOAR
  • Sentinel key features
  • Microsoft Sentinel versus Microsoft Defender XDR
  • Case study analysis
  • XDR and beyond - exploring commonly used security solutions
  • Microsoft Defender for IoT
  • EASM
  • MDTI
  • Microsoft Copilot for Security
  • Case study analysis
  • Microsoft's unified XDR and SIEM solution's benefits over non-MS solutions
  • The future - Microsoft's influence in cybersecurity
  • The graphical Windows OS revolution
  • Reshaping server technology with Windows NT
  • Outlook and the transformation of email communication
  • MS Office - standard in productivity software
  • Internet Explorer - a chapter in web browsing
  • The future - Microsoft's rising influence in cybersecurity
  • Summary
  • Further reading
  • Part 2 - Microsoft's Unified Approach to Threat Detection and Response
  • Chapter 4: Power of Investigation with Microsoft Unified XDR and SIEM Solution
  • Understanding the basics of SOC
  • Typical SOC roles
  • Avengers of cybersecurity
  • Traditional versus modern SOC operations
  • SOC journey with Microsoft's unified security operations platform
  • Investigation in Microsoft Sentinel
  • Investigation in Microsoft Defender XDR
  • Microsoft Copilot for Security
  • Integrations with other Microsoft security solutions and third-party tools
  • Microsoft Defender XDR platform - Single pane of glass
  • Microsoft Sentinel
  • Third Party integrations
  • Case study analysis
  • Summary
  • Further reading
  • Chapter 5: Defend Attacks with Microsoft XDR and SIEM
  • An attack kill chain in XDR and SIEM.
  • Identity threat detection and response
  • Microsoft Defender XDR's automatic attack disruption
  • An overview of Microsoft Defender XDR's automatic attack disruption
  • Automatic attack disruption key stages
  • Deception capability in Microsoft Defender XDR
  • Attack scenarios
  • An identity-based supply chain attack in the cloud
  • Business Email Compromise attack
  • Human-Operated Ransomware
  • A case study analysis
  • Summary
  • Further reading
  • Chapter 6: Security Misconfigurations and Vulnerability Management
  • Introduction to security misconfigurations and vulnerabilities
  • Security misconfigurations
  • Vulnerabilities
  • Vulnerability management framework
  • How can Microsoft's unified solution help to address this?
  • Microsoft Defender Vulnerability Management
  • Microsoft Defender for Cloud
  • Microsoft Sentinel
  • Microsoft Copilot for Security
  • Integration with other tools
  • ServiceNow integration
  • Intune/MDE remediation (native integration capability)
  • API integrations and automation
  • Case study analysis
  • Summary
  • Further reading
  • Chapter 7: Understanding Microsoft Secure Score
  • What is Microsoft Secure Score?
  • Why do we need to monitor Secure Score?
  • Azure secure score in MDC
  • Identity secure score in Entra ID
  • Microsoft Secure Score in Microsoft Defender XDR
  • Understanding your score - how are scores calculated?
  • How to assess and improve findings
  • Addressing findings
  • Integrations
  • MDC secure score
  • Microsoft Secure Score
  • Case study analysis
  • Summary
  • Further reading
  • Part 3 - Mastering Microsoft's Unified XDR and SIEM Solution - Strategies, Roadmap, and the Basics of Managed Solutions
  • Chapter 8: Microsoft XDR and SIEM Implementation Strategy, Approach, and Roadmap
  • XDR and SIEM assessment and implementation strategy
  • Security assessments
  • Security strategies.
  • Implementation approach and roadmap
  • Adoption order
  • What's next?
  • Case study analysis
  • Summary
  • Further reading
  • Chapter 9: Managed XDR and SIEM Services
  • Managed services overview
  • Security services
  • How to select a provider
  • Pros and cons of using managed services
  • Generic MSSP framework in the Microsoft ecosystem
  • Azure Lighthouse
  • Microsoft Entra ID
  • Multi-tenant management in Microsoft Defender XDR
  • Content management in an MSSP scenario
  • Case study analysis
  • Summary
  • Further reading
  • Chapter 10: Useful Resources
  • Microsoft Unified XDR and SIEM Solution resources
  • Microsoft Defender XDR
  • Microsoft Sentinel
  • Microsoft Defender for Identity
  • Microsoft Defender for Office
  • Microsoft Defender for Endpoint
  • Microsoft Defender for Cloud Apps
  • Microsoft Defender for Cloud
  • Non-Microsoft XDR and SIEM solutions
  • XDR solutions
  • SIEM solutions
  • Managed XDR and managed SOC providers
  • Cybersecurity Industry Reports 2023
  • Community and third-party resources
  • Some of the blogs
  • Training
  • Community tools and GitHub resources
  • Books
  • Security shows
  • LinkedIn groups
  • Thank you
  • Index
  • About Packt
  • Other Books You May Enjoy.

Similar Items