In recent months, we have seen in the media how important companies and institutions have suffered computer attacks that have exposed millions of sensitive data and collapsed their corporate networks. According to data from the INCIBE (National Cybersecurity Institute), last year more than 120,000 incidents were registered in Spain, this figure being 40% higher than the previous year.

Indeed, security is one of the great challenges that companies face. However, the sophistication of attacks is evolving by leaps and bounds, reaching such a high level that it can take many months to discover the intrusion in the network and therefore causing a great impact on the company.

To deal with these types of advanced threats, Microsoft offers us Microsoft Defender for Endpoint (previously called Microsoft Defender Advanced Threat Protection). It is a powerful solution that combines Windows 10 technology and Azure’s intelligent cloud service to provide businesses with proactive protection , post-breach detection , automated investigation , and advanced threat response on their networks.

Much more than an antivirus
Microsoft’s antivirus is Windows Defender and is included in all Windows operating systems. Instead, Microsoft Defender for Endpoint is a set of advanced security solutions in the cloud that, among other sources, draws on antivirus (Windows Defender or not).

How exactly does it help you protect yourself?

In general, it helps you:

• Detect advanced and zero-day attacks ( Attack that exploits an unknown vulnerability ), from the analysis of the environment, the behavior and the use of machine learning, showing you detailed information on the extent of the security breach through the central console and offering you solutions to mitigate it.
• Get a real-time analysis of your entire equipment infrastructure through a central console that displays information on the status and activity of protected equipment.
• It gives you instant access to the analysis of 6 months of information regarding the behavior of the company to carry out a forensic analysis, giving you an inventory of files, URLs and connections throughout the network.
• Save time for your IT department thanks to automatic alert investigation.
• Offers a single platform approach
• Protection against next-generation attacks: Polymorphic or mutant viruses that are difficult to detect because they constantly change their malicious code.
• Reduction of attack surfaces, through different functionalities such as web protection, controlled access to folders or application control, protects equipment by minimizing attack surfaces.

How does it work?

The tool continuously monitors the network for malicious activity or abnormal behavior through:

• Behavior sensors: Integrated into equipment and devices, they collect and process behavioral signals from the operating system (for example, network communications, file and process modifications). This information is then sent to the Cloud Security console for analysis and exchange of signals with the Microsoft Intelligent Security Graph.
• Threat Intelligence: Microsoft has a team of global security specialists and a community of hunters who are dedicated exclusively to searching for and finding new malicious techniques, continually training Microsoft Defender for Endpoint to help you be more and more effective.
• Cloud security analysis: Thanks to BigData and machine learning, it analyzes the information received from the sensors and compares it with historical and anonymous information from millions of devices spread around the world as well as by the Artificial Intelligence of threats included in the Windows Defender for Endpoint itself, to detect anomalous behavior, hacker techniques, and similarity to known attacks.

Automatic threat investigation and resolution

With the power of the cloud, machine learning, and behavioral analytics, Microsoft Defender for Endpoint provides intelligent protection capable of tackling the most sophisticated and advanced threats. In numbers, it processes 970 million malicious events per day through Microsoft’s business and consumer ecosystem, making its intelligence more powerful day by day. However, detecting threats is only half the battle, 80% of companies receive a large volume of alerts on their systems, causing the IT department to spend a large part of its resources on investigation and remediation tasks.

To solve this problem, Microsoft Defender for Endpoint includes a feature that we want to highlight called ” automatic investigation “: This feature automatically investigates alerts and applies artificial intelligence to determine if it is really a threat in order to decide what actions to take, too , automatically. This functionality saves time and effort for IT departments, allowing them to focus on more strategic tasks for the company.

Protection not only for Windows

One of the most recent features that Microsoft has added to Microsoft Defender for Endpoint is the ability to protect not only Windows computers, but also extend it to devices with other operating systems, both desktop and mobile. Thus, Microsoft Defender for Endpoint is now compatible with iOS, Android and MacOS , and is capable of protecting us from phishing attacks and malicious links on different devices. Keep in mind that mobile devices represent an increasing threat in vulnerability to phishing attacks for two main reasons. First, because email links usually come not only from email, but also from messaging applications, SMS and other applications. And second, because on these devices it is more difficult to see the URL you are going to click (due to the simple fact of having less screen) and because of the ease of clicking even by mistake.

Specifically, Windows Defender for Endpoints protects against malicious links using these three techniques:

• Anti-phishing . Unsafe links to mobile applications are blocked instantly, and then security teams are notified through the Microsoft Defender Security Center portal.
• Blocking insecure connections . It blocks certain insecure connections made by applications without the user’s knowledge. Subsequently, notify through the security portal.
• Custom indicators . It allows security teams to create personalized accesses and locks based on their needs.

Features of the Microsoft Defender Security Center portal

Microsoft Defender for Endpoint helps the IT department to effectively manage the company’s network, offering it a centralized administration and management portal for all alerts and security measures of the equipment, with functionalities that allow you to:

• Move through the different navigation panels to access: Security Operations, Security Score or the Threat Analysis Panel.
• Manage security alerts for the entire network.
• Control and manage the automatic investigations that have been carried out.
• Through a powerful advanced query- based search tool, you will be able to proactively “hunt” and research through your company data.
• In the list of machines section you can control the computers incorporated into Windows Defender ATP obtaining detailed information on risks and alerts.
• Get a quick overview of the application’s service status .
• Update your configuration options, allowing you to customize retention policies, enable advanced features, and create Power BI reports that allow you to interactively analyze machines, alerts, and investigation status.

Navigation panels

Security Operations Panel

This panel provides a snapshot of the network showing a detailed view on the various security alerts on computers and users. Through this dashboard, you can quickly explore, investigate, and determine where and when suspicious activity has occurred and easily understand the context in which it arose.

The dashboard has interactive windows that provide indications on the general health status of the organization, such as active alerts, machines and users at risk, active automatic investigations, and a suspicious activity dashboard that displays audit events based on detections of various safety components.

The tool also offers the possibility of simulating attacks so that you can check their level of effectiveness before continuing to incorporate teams.

Threat Analysis Dashboard

Threats emerge with increasing frequency and through this dashboard, you can quickly assess your security position, including the impact and resilience of your company in the context of specific threats. You will also be able to continuously assess and monitor your risk exposure to Specter and Meltdown , two of the main vulnerabilities in the processor chips through which attackers can access your computer.

The dashboard offers a set of interactive reports published by the Microsoft Defender for Endpoint research team at the time a new threat and attack is identified. From the mitigation recommendations section, you can execute specific actions to improve the visibility of the threat and increase the resistance of your company.

In addition to the functionalities that we have discussed in the article, we want to highlight the following:

Isolation

Speed of response and isolation are the key to successful security attack prevention. Therefore, when the tool detects that a computer is compromised, it automatically suspends the user’s account and isolates the infected device to prevent access to the network, drastically reducing the attack surface. Also, even if the machine is isolated, the IT department has total control over that equipment at risk, to be able to analyze it and mitigate the security breach.

Detonation

You can submit suspicious files for deep inspection and full analysis in minutes, in an isolated network environment, and lock the files if they are malicious.

Conditional access based on team risk

Microsoft Defender for Endpoint can control access to sensitive information based on the risk level of the computer itself. In this way, it guarantees that only authenticated users who use a device registered with the company will be able to access company data in Office 365 and also that it can only be accessed if the equipment is in good condition (without viruses, Trojans, etc). Therefore, if a threat is detected on a device, the affected device’s ability to access sensitive information is instantly blocked as long as the threat remains active.

Threat and vulnerability management

This capability uses a risk-based approach to identify, prioritize, and repair machine vulnerabilities and misconfigurations. It includes:

• Real-time discovery through device inventories, which offer automatic information on security configuration data and computer vulnerabilities.
• Inventory of the company’s software, as well as changes related to new installations, uninstallations and patches.
• Constant visibility of application usage patterns for better prioritization and decision making in the event of suspicious behavior.
• Control and visibility over the security configurations of the company, showing information and alerts in real time on emerging problems such as disabled antivirus or erroneous configurations. Issues are reported on the dashboard with actionable recommendations.
• Threat intelligence that helps prioritize and focus on those vulnerabilities or threats that pose the most critical risk to the business.
• One-click remediation requests, through integration with Microsoft Intune. It also provides real-time monitoring of the status and progress of remediation activities across the enterprise.
• Provides information on additional alternative mitigations, such as configuration changes that can reduce the risk associated with software vulnerabilities.

Integration with Microsoft 365 tools
You can provide Microsoft Defender for Endpoint with more information and intelligence when assessing the risk level of each machine with the integration of:

• Microsoft Defender for Identity: Detects if the machine suffers anomalous behavior (lateral attacks, for example) and, if this is the case, the risk of the machine increases in order to prioritize the revision of it.
• Azure Information Protection (AIP): Comparing two machines with the same vulnerabilities, the one that has documents labeled with AIP will have a higher level of risk (having sensitive information) and, therefore, will be prioritized.
• Microsoft Cloud App Security (MCAS): Allows those applications that MCAS has marked as unauthorized, to be locked on the computer without being able to use, regardless of the network to which it is connected.

Microsoft Defender for Endpoint licensing?

There are different licensing modalities depending on the type of endpoint that we want to protect. Licensed users can use Microsoft Defender for Endpoint on a maximum of five simultaneous devices.

• Microsoft Defender for Endpoint can be purchased individually
• Included in Windows 10 E5 ( includes all security capabilities of version E3 + Microsoft Defender for Endpoint)
• Included in Microsoft 365 E5 (includes Windows 10 Enterprise E5, Office 365 E5, and EMS E5)
• Included in the Microsoft 365 E5 Security Add-on

For servers:

• Connecting servers to Azure Security Center
• Microsoft Defender for Endpoint License for Servers

As a conclusion, we can affirm that Microsoft Defender for Endpoint covers the life cycle of threats from beginning to end, from detection to investigation and response automatically, taking your company to a maximum level of protection.

At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.

Do you want to know more about Windows 10 Enterprise E5 or Microsoft 365? Contact us!

Yes, I want to know more!

Microsoft Teams is the scaffold on which companies build collaboration between work teams . It is the unified work area that integrates everything we need for team productivity, from meetings, chat, sharing files with teams, keeping the planning of our projects synchronized or integrating our favorite applications, whether Office or other third-party ones.

Every few months Microsoft includes enhancements to Teams that make team collaboration even more efficient. And this 2020, full of disruptive changes in our way of working, and therefore of collaborating, has accelerated innovation and brought a wave of news to the platform .

However, sometimes companies do not use the full potential of the tool , either because they do not know what it is capable of or because, even knowing it, no one has shown them how to do it. And this means that, even with the necessary licensing, teams are forced to look for partial solutions from other manufacturers that generates friction in collaboration and slows down productivity.

That is why from Softeng we have released one of our courses, consisting of three videos included in our Minerva training portal, where we show you one of the virtues of Teams incorporated in recent months: live events . With Live Events we can broadcast video content and hold online meetings to the large audiences we want in the simplest and most agile way possible.

With Minerva, our clients learn to use all Microsoft technology and to unleash its full potential through courses and short videos, information pills with a simple, visual format and a 100% practical approach.

Take advantage now, because the course will only be open for the next 15 days!

Do you want to know more about our Minerva training portal? Contact us!

Yes i want to know more

Microsoft Lists is the new Microsoft 365 application that allows us to quickly track information and organize work in lists, so that we can control the entire process flow between Microsoft Teams, SharePoint Online and Outlook.

The operation of Microsoft Lists is simple, as it allows you to create ready-to-use tables of records from scratch or by templates, and easily share them with anyone and from any device. The lists are intelligent, since they allow to keep all the users involved synchronized and informed through alerts and thanks to their collaborative features. Lists is also very flexible, since it allows us to customize lists to our liking and according to the needs of our work and our organization.

The application is designed to track incidents, track assets, routines, contacts, inventories, events and much more.

The functionalities that we highlight are:

• Microsoft Lists home (web) and mobile application: which offers the ability to create new lists, share, access recent and favorite lists in one place to manage all your lists.
• Microsoft Teams & Microsoft Lists: allows you to create a new list or add an existing list directly in a Teams channel, you can combine the lists with parallel conversations.
• Predefined list templates: Lists offers various templates tailored to start common scenarios with preconfigured structure, forms, views and formats.
• Customizable views, smart rules and sharing: organizing your lists is everything, for this reason Lists will make it easier for us to view your information, build rules and share them with confidence.

Let’s dive into each functionality in detail.

Microsoft Lists home (web) and mobile app

To get to the main page of Microsoft Lists we will click on the Lists icon found in the Microsoft 365 application launcher. In this section you will be able to see and manage all your lists. In addition, you will be able to create new lists from existing lists, import data from Excel tables, and the most striking and innovative thing is that you will be able to use various list templates that Lists brings by default, adapted to specific use cases.

Beyond creation, you can manage all your lists, select your favorites, see the most recent and even shared lists.

Lists Home puts all your lists at your fingertips in the web browser, and by the end of 2020 the Microsoft Lists mobile application will arrive.

Microsoft Teams & Microsoft Lists

Thanks to the perfect integration between Microsoft Team and Microsoft Lists, you will be able to collaborate with your entire organization in lists, using flexible views such as grids, cards and calendars. The agile display and quick organization of the information will improve the user experience to make it clearer and more concise. You will be able to add existing lists to channels, groups and individual conversations.

The predefined list templates

Microsoft Lists incorporates a series of templates that will help you save time creating new lists or serve as inspiration. It has a preview so you can say which template best suits your requirements, anyway, you can modify them to your liking and needs. Also to save time you can create a list from an existing list, inheriting the structure and format. You can even create a list from Microsoft Excel, importing the data from a table.

Customizable views, smart rules, and sharing keeps everyone in sync

From Microsoft Lists we can improve the visualization of the data to make it simple and intuitive. Thanks to this, your organization can get the most out of it and maximize your productivity.

There are four main views with which we can configure our lists. The List, Grid, Gallery, and Calendar view formats. Each default view has its advantages; we can decide which is the most convenient. For example, the Gallery view could be used when you want to highlight images or the calendar view when the information to be displayed includes dates. Also for a better organization you can customize by adding filters or ordering to have a more attractive display.

Smart rules are similar to the filters we already have in Outlook, with the same philosophy “If this happens, do that.” Thanks to this, we can configure some actions and warnings when certain events occur in our lists. Also, the possibilities increase when we talk about the integration with Power Apps and Power Automate.

Finally, you can share lists with edit or read-only permissions. You can also share individual items, enable or disable editing capabilities, set an expiration date, or require a password before accessing the data. This will make working with your colleagues efficient and fast. People with access will be able to add comments to the list or item to increase team productivity and communication.

We remember that Microsoft 365 has made the deployment of Microsoft Lists during the month of September. The integration of all the functionalities shown and the publication of the mobile application for Android and iOS is also planned for the next few weeks.

Last Thursday, October 22, our webinar “Resilient companies: the fastest, most productive and safest solution to implement remote work” took place , an event where more than 200 companies had the opportunity to join us and enjoy a presentation led by Jordi Fernández, Cloud Solutions Manager, and Alex Imbernon, Head of Cybersecurity.

The event was divided into two parts, a first where it was exposed what is the path that a company should take to become resilient and a second where we were able to attend a practical demo to see what the proposed solution consists of.

The challenges of the resilient company

In the first part of the event, our colleague Jordi Fernández started from the concept of resilience for the company, defined as the capacity that organizations have to continue being competitive without being affected by external factors , and how to achieve this the need arises to enable efficient teleworking and sure.

To do this, he first looked at the implications of conventional options, such as VPN connections or classic remote desktop infrastructures, and how they impact at the IT level due to their complex maintenance and the limitation of the sizing of the infrastructure, at the level of the performance of users for the poor experience it offers and a general business level for the great security risk that it entails.

Introducing Windows Virtual Desktop

He then introduced us to Windows Virtual Desktop, Microsoft’s latest virtual desktop solution that allows us to connect to a Windows 10 desktop from anywhere and on any device , with an experience identical to if you were using Windows 10 installed on your own computer.

Jordi ended his presentation by explaining the benefits that Windows Virtual Destop offers for companies, dividing it into five main points:

• Productivity for users , because thanks to an outstanding user experience, you work from anywhere with the same comfort as doing it in the office.
• Security and control , because the information is protected in Azure and therefore does not compromise the company due to possible breaches, kidnappings or information leaks.
• Savings in infrastructures and licenses , because the infrastructure is dimensioned according to the needs of each moment. So you are only paying for what you use.
• Simplicity for IT , because you no longer have to manage the infrastructure as in conventional solutions. IT simply manages it as if they were physical corporate teams, in a unified way.
• As a consequence of the above, resilience for the company . Having these options ready to deploy as they are needed allows the organization to be prepared for contingencies of any kind.

Demo | Windows Virtual Desktop

In the second part of the event Alex Imbernon made a live demo showing the experience and capabilities of the service that Jordi had previously commented on.

To do this, he started by running the Windows Virtual Desktop application for Windows and, after two-factor authentication, accessed his desktop. From here we could see the demo divided into two blocks.

Operation of the environment at the level of user productivity.

In this first block, Alex taught the productivity level experience that Windows Virtual Desktop offers. To do this, we were able to see live how, when starting applications such as OneDrive or Outlook, the information is ready and preloaded in advance, without having to wait for a data synchronization.

Another advantage that he showed us within this productivity block is a live call through Teams. Thanks to the optimization for Windows Virtual Desktop, the audio and video synchronization is perfect and without any latencies. As it should be, if we didn’t take into account that everything is running on a remote machine.

Security applied to the environment

During the second block he focused on showing how, with proper configuration and deployment, Windows Virtual Desktop offers protection at all levels.

• Identity level . Through passwordless systems and multi-factor authentication.
• Information and data level . We saw how the system does not allow you to copy files between the virtual desktop and the computer from which you connect and how it protects information labeled as sensitive, such as bank accounts or credit cards.
• Device level . He showed the Azure dashboard where to apply compliance and configuration policies and where IT enables the applications that each user needs. In addition, we could see the Defender ATP panel in a scenario in which it warned of several vulnerabilities, which tells us which applications we should update.

In the last part of the event, Alex closed the Windows Virtual Desktop application from his PC and switched to a Mac, from where he connected to the environment through a web browser, in this case Safari. Once authenticated, again with multifactor, the desktop was shown in the browser with the same applications loaded that it had left in its previous session.

Of course, the event ended up giving voice to the attendees through a question and answer space.

In summary

In less than an hour we were able to enjoy a very practical event, where we discovered the importance of deploying remote work to ensure that our company remains productive regardless of external factors, the disadvantages of conventional options to enable it and how Windows Virtual Destkop is the solution that allows you to do it in a simple, efficient, safe way and, in addition, with cost savings .

We remind you that those of you who are already Softeng customers have the complete video available on your Minerva portal .

If you want to know more about Windows Virtual Desktop, here is a post where we explain it in depth.

In the past post we talked about the security features of the Windows 10 Enterprise E3 version , Microsoft’s safest operating system that protects the device, identity and information of companies, also helping them to make proactive decisions in any situation of threat, covering more or less aspects depending on the version.

In this new article we are going to talk about Windows 10 Enterprise E5 , Microsoft’s most complete offering for its operating system that includes all the security capabilities of the E3 version adding an advanced security layer through Microsoft Defender for Endpoint, formerly Microsoft Defender Advanced Threat Protection (ATP), a powerful security tool that offers maximum protection for your company.

Windows 10 Enterprise security tools combined with Defender work as follows:

What does Microsoft Defender for Endpoint offer you?

Defender for Endpoint leverages Microsoft technology and expertise to help detect , investigate, and provide an immediate response to advanced persistent threats and data breaches on your networks. Defender for Endpoint helps you:

• Get a real-time analysis of your entire equipment infrastructure through a central console that displays information on the status and activity of protected equipment.
• Detect advanced and zero-day attacks, from the analysis of the environment, the behavior and the use of Machine Learning technology, showing you detailed information on the extent of the security breach through the central console and offering solutions to mitigate it.
• Instant access to the analysis of 6 months of information regarding the behavior of our company to carry out a forensic analysis, offering you an inventory of files, URLs and connections throughout the network.

The agility of detection offered by Defender for Endpoint saves you time and resources , while also limiting the amount of damage caused by a security breach.

How does Defender for Endpoint work?

Defender for Endpoint combines the client technology built into Windows 10 and a robust cloud service. Defender for Endpoint continuously monitors the network for malicious activity or abnormal behavior through:

• Behavior sensors: Integrated in the devices, which collect and process behavioral signals from the operating system (for example, network communications, file modifications and any type of process). This information is then sent to the Cloud Security console for analysis.
• Threat Intelligence: Microsoft has a team of global security specialists and a community of “hunters” dedicated exclusively to finding new malicious techniques and continually training Defender for Endpoint to help it become increasingly effective.
• Cloud security analysis: Thanks to BigData and machine learning, it analyzes the information received from the sensors and compares it with historical and anonymous information from millions of devices spread around the world and by Defender for Endpoint’s own threat intelligence , to detect abnormal behavior, hacker techniques, and similarity to known attacks.

Screen 1 -Central console that offers a summary of the general status of the network and alerts. Screen 2 – View of an alert about a possible threat.

Screen 1 – Status and alerts view of a network computer Screen 2 – Provides detailed information about an identified attack on the network and how to solve it.

The current landscape forces companies to be protected against security threats and to be able to detect and respond quickly to them. At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.

Do you want to know more about Windows 10 Enterprise E5? Contact us!

Yes, I want to know more!

Several weeks after the celebration of the event organized by IDG Research in which Softeng participated and in which the main cybersecurity trends during the crisis caused by COVID19 were explored and analyzed, the implications of teleworking and the preparation for the new normal. The company has prepared a report that includes the main topics that were discussed both in the proposals of the technology providers that participated and in the practical cases of companies that shared their experience and learning.

Strategy gains priority over operations

IDG points out that the health crisis has had a short-term impact on the operations of the security departments, which have needed to quickly implement new solutions while attending to the different incidents. However, once this stage has passed, companies have begun to wonder what the new normal will be like and consider how to redefine their security strategy.

In all cases, the return to normality has generated changes in the organizational model, even transforming the business model. Organizations have realized that the change is irreversible: the work environment is going to be a hybrid between face-to-face and remote activity . On the other hand, digital channels are going to be consolidated in all businesses. All this changes the risk map of organizations and with it the security strategy.

During the event, the areas of greatest impact were discussed, focusing on three main points:

Employee protection

Employees are the starting point since they have been accessing the company remotely from their homes. In this sense, companies have faced several challenges:

• Employee in a different environment than usual: In many cases, employees have had to work with personal devices and in an environment very different from the one they have in the office, reconciling work and family activity at the same time. All of this has led to a drop in security practices that were routinely followed, making them vulnerable to human error, phishing or social engineering attacks.
• Undefined work profile: Many companies did not have telework defined within the user profiles and although mobility was defined, it was not defined to have access to all the applications used in the company.
• Disruption on the perimeter: As a rule, the perimeter approach was based on the fact that employees worked within the corporate environment, except for those who worked in mobility as an exception.
• Loss of control over data: The risks of teleworking not only affect the device but also the data that the user manages, downloads and stores.

To overcome these challenges, these solutions were discussed during the conference:

• Employee awareness: Through training sessions and knowledge of company protocols and policies.
• Review accesses and privileges: To have visibility at all times to detect inappropriate or suspicious access and maintain control of compliance.
• Review the traditional concept of perimeter: To consider alternatives that incorporate Zero Trust principles.
• Protect data: Adding encryption and maintaining a more robust governance of data.

Protection of hybrid environments
During the crisis, many companies have accelerated the adoption of the Cloud, having to deal with hybrid environments in an unplanned way. The challenges that companies have faced in this regard are:

• Manage access: At this point the challenge is twofold, on the one hand, it is necessary to protect the user’s access to multiple services without impacting their experience. On the other hand, if there is no robust privilege policy, there may be improperly defined permissions (eg problem in the configurations) and open security breaches. This is compounded in the case of external collaborators.
• Control the Shadow IT: Remote work has increased the propensity to use resources without the supervision of the security area that escape from corporate security policies.
• Change in traffic patterns: There has been a change in the pattern of information traffic between the user and the different environments they access. In particular, the upload has multiplied, generating vulnerabilities.

To overcome these challenges, the solution offered during the conference was:

• Reinforce access and identities: Through double authentication systems or biometric measures.
• Integrate management: Lean on tools that allow an integrated perspective of all environments to carry out centralized management.
• Analyze traffic: Detect anomalous and subtle behaviors and connections, which go unnoticed by standard security tools, and which are related to complex, uncategorized attacks (eg new attack typologies).
• Compliance control: Implement the necessary security tools to ensure regulatory compliance.

Income protection
Companies have had to quickly migrate to digital channels to stay active. This has led to the following challenges:

• Urgency in the implementation of digital tools. Companies have been quick to search for solutions in the market. If you do not have the security area, a Shadow IT can be introduced that opens multiple vulnerabilities.
• Tensioning of applications. The pattern of use of applications has changed multiplying their use remotely and from new devices. However, many applications were not ready for these new patterns, impacting their security, performance or user experience.
• Increased risk: Companies have inevitably assumed greater risk to ensure the continuity of their activity. However, if they do not have visibility into this risk, they will not be able to manage it properly.

To overcome these challenges, the solutions offered during the conference were:

• Test and validate new tools. To equip employees with the necessary tools to be able to telecommute and prevent employees from looking for their own alternatives (Shadow IT)
• Strengthen applications: Applications that have not been designed to be used over the Internet or in a massive way need a revision so that they can accommodate new usage patterns.
• Measure risk and safety position. Through tools that allow knowing the security position.

Softeng’s participation in the conference

Our CEO, Carlos Colell, participated with a presentation called “How to protect our companies in the new era of teleworking” in which he began by explaining the current scenario in which companies find themselves and how the rush towards teleworking has shown that companies were not prepared to adopt the necessary security measures.

Carlos then explained about the most common security mistakes in companies, among which is having a security strategy based on passwords; emphasizing that companies must understand that the passwords of some user will be exposed for sure, sooner or later and therefore new measures must be taken such as, for example, the double authentication factor. Likewise, another of the common mistakes is having several security solutions from different manufacturers that results in a lack of communication between products, requires more dedication and causes a longer reaction time.

Finally, he spoke about the strategy to improve security and concrete recommendations to overcome the most common challenges and protect companies in this new normal.

As a conclusion to everything that was exposed in this conference, we can highlight that teleworking has come to stay and for that reason, the concept of cybersecurity has completely changed to adapt to a new paradigm of massive teleworking and an exponential growth of cyber attacks that They try to take advantage of this new situation.

There are many companies that are daily affected by security breaches that cause the theft, kidnapping and destruction of confidential information. All these gaps tend to have a common origin: compromised user passwords.

In many cases (more than 52%), these gaps are the result of human error (users using the same passwords they use when registering on certain websites, opening emails requesting to log in to a fraudulent form, using passwords simple, etc ..).

Indeed, password theft is becoming very common and highlights the importance of protecting the user’s identity beyond their password, as it will eventually end up compromised. Clearly, an account protected only by a password is an easy target for attackers.

Not all victims remain anonymous

Recently a news item has been published in the media about the identity theft attack (phishing) that the municipal urban transport company of Valencia (EMT) has suffered. In this case, the “hackers” sent emails on behalf of a company manager to the head of administration in which they ordered the payment of various financial operations worth 4 million euros and unfortunately the employee trusted by making these payments. These types of scams are becoming more and more relevant among companies that do not protect themselves adequately but do not come to light for obvious reasons (shame). In this case, the company is public and for that reason it has appeared in the media, although in effect, from Softeng we are seeing clients who have not yet committed to protecting themselves, suffering similar cases.

How can you prevent something similar from happening in your company?

The solution

You can help prevent some of the identity attacks by adopting a strategy of training your employees to protect against phishing, but what will really help you is that it is practically irrelevant if your password is stolen, adding an additional step to authenticate.

Two-step authentication (called MFA ) provides an additional layer of security to your company, being an access control method that allows you to confirm the identity of a user to prove that they are who they say they are. It works by requesting two, or more, of the following methods of authentication:

• An item you know (usually a password or pin).
• An item you have (a trusted device, such as a mobile phone or digital key).
• A biometric characteristic that identifies you (a fingerprint or your face).
• An App on your device, protected, that allows the user to authorize access.

With the use of various factors to verify the identity of a user, the vast majority of password theft attacks are neutralized since their work is multiplied exponentially as they need to “hack” more than one system at the same time to gain access.

Two-step authentication is very easy to use and includes the ability to configure trusted locations (branches, headquarters, …) for greater security and user convenience.

Recommendation

The usual advice about changing your passwords often or making your passwords difficult, really does not help against the millions of attacks that are suffered daily (more than 300 million fraudulent login attempts directed at cloud services from Microsoft). The idea is, if your password hasn’t been stolen from you, why change it? Or … if a hacker already has your password and you don’t know it, why wait 2 months to change it?

According to studies, multi-factor authentication solutions block 99.9% of these unauthorized login attempts .

Don’t you think the time has come to incorporate it into your company?

How can you have two-step authentication?
This feature is included in the Azure Active Directory Premium subscription and in the packages that it contains: A solution that, in addition to helping to guarantee access to applications and data only to people who really are who they say they are, includes the ability to apply smarter restrictions through three key features:

• Conditional access : To limit access to applications from outside the company (based on group membership, geographic location and device status).
• Identity protection: Risk-based conditional access. For this, strange behaviors are analyzed (for example, you have logged in from very far locations in an impossible time, you try to access from a computer not managed by the organization and others).
• Management of privileged identities: Administration and protection of administrator accounts, allowing to assign the administrator role to a user temporarily, alerting the change and supervising their access to resources.

If you wish, see all the details of Azure Active Directory Premium

Ultimately, hackers have more and more methods at their disposal to obtain user credentials and, in most cases, they will end up obtaining it.

Do you want to know more about how to protect the identity of your users? Contact us!

Yes i want to know more

Why does your company need to increase security against new threats?

As technology advances, so do security threats turning into sophisticated attacks increasingly difficult to detect and capable of bypassing enterprise perimeter firewalls. Although many of our clients have solutions to protect the identity, the information and the devices, a new need is born to evolve security towards a more proactive model, focused on the ability to discover the attacker and stop his attacks, this is called smart security.

But what really is smart security? It is the technology that, based on powerful predictive analysis engines, is capable of analyzing large amounts of data from signals, evidence, contexts, indicators and processes and capable of creating a map that learns from itself and evolves in real time, reducing the time required to detect a security threat and thus facilitate decision-making regarding it.

The solution: the Office 365 smart security tool

Microsoft has an extensive repository of threat data and the techniques necessary to detect patterns that correspond to attack behaviors; All this information, supervised and managed by an exclusive company center with the best cyber defense experts worldwide, is what feeds the company’s products and services related to the security of its customers in real time.

Office 365 Threat intelligence uses this collection of knowledge and intelligence to give you broad visibility into the most sophisticated threats, helping you protect your networks, intercept, and respond to security incidents through:

• Interactive tools that analyze and monitor systems for threats and suspicious content.
• Alerts and detailed information about the origin of the attacks on your company.
• Analysis of the prevalence and severity of threats.
• Suggestion of immediate corrective actions to respond to attacks and defend your company.

Threat dashboard   The dashboard is an excellent resource for monitoring source signals such as user activity, authentications, email, compromised computers, and generally any suspicious activity.

Through the information that this view offers you, you can:

• Determine the nature of an attack: With detailed information on the malware and the family of origin.
• Determine the point of origin attack: Through a heat map that indicates the country of origin of the attack.
• Identify users who have been compromised: With detailed information on the threat and the ability to track a specific user.
• Create alert policies: To control suspicious activities in your company.  
• Get a global view: Of threats and trends around the world.

Office 365 Threat intelligence is now part of Microsoft Defender for Office 365, formerly Office Advanced Threat Protection (ATP), providing an analysis of top users, malware frequency, and security recommendations related to your business.

Explorer

Through the threat explorer view you get an in-depth analysis of the attacks directed at your organization helping you to apply the necessary corrective actions to defend your company.

From the browser you can view:

• A graph with the volume of attacks on your company over time: To analyze in depth the prevalence and danger of threats.
• A list of the main threats detected:

  From this view you can click on a specific threat to see details on how it is impacting your organization, the affected users (recipients, sender addresses and IP addresses), along with a link to the malware family file for details. technicians, knowing what abnormal behaviors to look for and how to defend oneself in case of attack.

• C orreos suspicious e: To track campaigns phishing or malware targeted at users in your company. Also, from the incident list view, you can take corrective actions, for example, remove malicious links or emails.  

• Obtain reports of suspicious content activities: Through these reports, you can track activities that put the security of your company at risk, for example, confidential files that are shared outside your organization and risky user activities, for example , suspicious logins.

Attack Simulator   Administrators can simulate different threat scenarios to identify the most vulnerable users and assess the security configurations of company systems in the event of a real attack.

This new capacity of Microsoft’s intelligent security tool offers companies the possibility of having their systems prepared for any security incident.

Threat Tracker

This new ability helps companies to clearly see global campaigns and attacks or your organization, as well as the possibility to explore them to know them in detail and take remediation actions if necessary.

The panel offers four categories:

• Featured Campaigns or Noteworty Campaigns: This view monitors large known attacks such as the WannaCry ransomware attack or the Petya malware attack. Through this dashboard, the IT department can quickly review and assess threats and their impact.
• Campaign Trends: This view monitors email threats affecting the company’s Office 365 environment, showing user-level malware trends, identifying attack families, and providing advanced information to administrators on threats that require further Attention.
• Saved Queries and Tracked Queries: These views help administrators conduct deeper investigations, saving all searches performed in the Office 365 Threat Intelligence Explorer as queries so they can monitor and evaluate malware and phishing events. Additionally, saved queries can be converted to tracked queries for quick and easy ongoing tracking.

Office 365 Threat Intelligence is now part of Microsoft Defender for Office 365 , the combination of the two products make up Plan 2 of Defender for Office 365 that is included in Microsoft 365 Enterprise E5 and Office 365 Enterprise E5 . Likewise, you can purchase the product also as an independent service.

If you want to see the tool in action, we invite you to view the product demo:

In addition to Office 365 Threat intelligence, Microsoft has more solutions that are based on intelligent security, such as Azure Active Directory premium 2 that offers risk-based conditional access, analyzing anomalous behavior (For example, logging in from far away locations in a time).

If you are an Office 365 customer and you still do not have the identity of your users protected ( Azure Active Directory ), protection for confidential information ( AIP ) and advanced protection for company mail ( Defender for Office 365 ), we recommend that you start by them. ?

Want to know more about Office 365 Threat Intelligence and Microsoft Defender for Office 365? Contact us!

Yes, I want to know more!

The situation generated by COVID-19 has caused many companies to have to choose the telework modality in an urgent and hasty way. This modality was not contemplated in their contingency plans and has caused that in many cases the environments from which employees work are not sufficiently protected. This situation is an open door for cyber attackers, since they can access companies to steal information, infect or use whatever they want.

From Softeng, based on our accumulated knowledge and experience, we tell you about the main measures you must take to make teleworking safe for both your company and your employees.

Measures to be taken by the IT department

1. Establish corporate policies and procedures
The IT department should develop a secure teleworking policy that includes:

• Guidelines and rules for safely accessing corporate resources.
• Procedure to be followed by employees in the event of a security incident.
• Training all employees on the telework policy.

2. Identity protection
To ensure that the identity of users is not supplanted, our advice is to have a multi-factor authentication system (MFA). Thanks to this double verification system for access to company services, we will more effectively protect access to corporate resources, applications and help us comply with data protection requirements.

3. Equipment protection
In all equipment used by employees to access company information, IT must ensure that certain security measures are followed. If they are corporate teams, it will be feasible to control and secure them centrally and automated by IT, and in the case that they are personal, since it is not feasible to fully control them, IT must send users instructions on how to verify and / or apply the measures. minimal. These security measures are mainly:

• Latest updates of operating system and applications.
• Antivirus software.
• Secure settings in applications (web browsing, email, etc.).
• Updated certificates.
• Automatic lock for inactivity.
• Data protection through encryption.

Finally, to ensure that the aforementioned parameters are met and to avoid information leaks, it is advisable to have a comprehensive device management solution in a way that helps IT maintain control of both corporate and personal devices that are use to access company information.

4. Protection of applications and data
IT must implement technical measures to ensure that users access corporate data only through applications approved by the company and that the data is protected regardless of its location, whether on a corporate or personal computer. In addition, you should evaluate the convenience of applying data loss prevention (DLP) policies in the organization, in order to automatically and unattendedly prevent leaks of sensitive information by employees (whether by mistake or deliberate ).

5. Awareness of users
Make sure your employees are aware of the risks of teleworking, maintaining a continuous communication channel, for example, with recommendations on how to detect Phishing, avoid clicking on links from suspicious sources, main known attacks these days and in general, any which makes them understand the importance of being cautious.

6. Continuous monitoring of company security
Increase security event monitoring levels to quickly detect:

• Unusual remote activity
• Failed authentication attempts
• Alerts against VPN related attacks

Actions to be taken by employees

1. Awareness of users
Two of the best allies to help ensure the protection of the company are prevention and awareness, and both are the responsibility of the workers themselves. Before beginning to telecommute, the employee must ensure that he understands the company’s policies and procedures and the security risks that human failure can cause.

Cyber criminals take advantage of moments of crisis to increase their attacks and characterize emails with topics related to current affairs, so that right now it is very easy to receive an email that talks about COVID-19 and that is really a phishing attack. For this reason, they should pay attention to the links before clicking on them and never do so if the source of the links is not our trust.

2. Secure connections
In case of accessing remote services, do so only through secure protocols (HTTPS), access only known sites that use the https protocol, through secure connections and with certificates that are in order.

3. Equipment protection
Whether you are going to use company or personal equipment, it is necessary to make the environment in which you will work as private and secure as possible. Even if we are at home, it is important to secure our devices to prevent, for example, that another family member can access our devices and company information and, by mistake, delete information. For this reason, it is important to have locking mechanisms for the devices. Likewise, if we work with a corporate team, we must remember that making personal use of it can entail significant security risks.

Conclusions
The current landscape forces companies to be protected against security threats and to be able to quickly detect and respond to them, so you cannot risk it. At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, advising and accompanying you throughout the process to protect your company and your employees.

We want to help you!

In addition to these measures that we hope have been useful to you, we want to help you much more and for this, we have prepared a live demo webinar in which we will comment on the most common attacks that companies are suffering in this specific scenario of teleworking (the most without knowing it) and how we should protect ourselves to avoid them. Keep consulting this newsletter and you will discover all the details of the webinar. We will wait for you!

Do you want to know how we can help you? Contact us!

Yes i want to know more

The new way of working of companies using cloud technology to boost their growth and adapting to the new collaboration and mobility needs of their employees, has opened new fronts of risks and security vulnerabilities. Companies are increasingly aware that their employees must be able to work better together, regardless of where they are. However, they are concerned about their ability to protect themselves from cyber attacks and keep their data safe.

Recently, Microsoft conducted a survey in Spain of companies with less than 300 users on security and from it they obtained that 80% of companies with less than 300 users feel vulnerable to a cyberattack and more than 71% have already suffered one. However, despite this reality, not all companies are sufficiently aware of the risks of not being protected. The proof ? More than half of companies do not have essential measures such as the ability to remotely wipe corporate data from an employee device (lost or stolen), protect the identity of their users, or use encryption. information for (emails, files, etc). And if we ask about more advanced protection measures to protect ourselves against threats (phishing, ransomware, targeted attacks) or simply from information leaks caused by employees (by accident or not), in our experience, more than 80% of companies they are not protected.

The solution: Microsoft 365 Business

To respond to the needs of companies and increase the protection of their confidential information, Microsoft offers a solution that provides the best productivity tools and modern collaboration with Office 365, advanced security and device management.

With Microsoft 365 Business you can:

• Increase the productivity of your company, improving technology to meet the growing needs of your company.
• Expand the security of your data , protecting your company’s sensitive information on all PCs, phones and tablets.
• Improve the mobility of your employees, being able to access their job safely from anywhere.
• Safely manage your employees’ devices, with Intune, Windows 10, the most secure Microsoft operating system and Office 365.

Microsoft 365 Business is divided into 3 pillars:

Collaboration

It offers the tools of Office 365 Business Premium, which help your company to:

• Improve productivity with smart tools built into Office.
• Promote communication and collaboration between the people of your organization.
• Work better as a team, collaborating from anywhere and on any device.
• Optimize work processes.

Secure device management

It offers the necessary tools to manage your employees’ devices efficiently and safely, helping you to:

• Remotely manage devices against theft, loss and loss of employees with Microsoft Intune.
• Enforce security policies to protect business data on all devices, including iOS, Android, and Windows PCs.
• Configure computers to automatically install Office and Windows 10 apps and updates with Autopilot on Windows 10.
• It offers you upgrade rights to Windows 10 Pro from Windows 7, Windows 8 and Windows 8.1 Pro versions

Security and compliance

It offers the security and compliance tools that help your company to:

Identity and data protection

• Prevent unauthorized access to your data in the cloud through a second authentication using a mobile app, an automated phone call or a text message with Azure Active Directory Multifactor Authentication.
• Label and set permissions on files to ensure confidentiality when required, using Azure Information Protection.
• Track and revoke documents to control shared data.
• Protect against sophisticated threats hidden in email attachments and links, gain defenses against zero-day threats, Ransomware, and other advanced malware attempts with Office 365 Advanced Threat Protection.
• Apply data loss prevention policies to help protect sensitive information with Data Loss Prevention (DLP).
• Enforce malware protection to help keep Windows 10 devices safe from viruses, spyware, and other malicious software – Windows Defender.
• Enable unlimited cloud archiving and long-term preservation policies to ensure email is never lost – Exchange Online Archiving.
• Microsoft recently introduced Azure AD conditional access policies that allow you to set specific conditions on how your company data can be accessed.

Compliance

The GDPR implies for companies 3 obligations in the field of security:

• Protect personal data
• To be able to demonstrate to the AEPD that we are protected.
• Being able to detect security breaches and notify them in less than 72 hours.

In this sense, Microsoft 365 Business, through its security tools, helps you comply with the regulation as follows:

• Assessing compliance risk.

• Identifying the data.

• Keeping the data protected.

• Detecting and reacting to the theft of personal data.

All these processes are covered with the security tools mentioned in the identity and data protection part, also adding: Compliance Manager, Litigation Hold, Data Subject Request and eDiscovery.

In conclusion, with Microsoft 365 Business your company will be able to achieve more and gain peace of mind, providing the appropriate technology to your employees so that they can work safely where, when and how they want, helping you boost the competitiveness of your company.

Do you want to know more about Microsoft 365 Business? Contact us!

Yes, I want to know more