Microsoft Unified XDR and SIEM Solution Handbook : Modernize and Build a Unified SOC Platform for Future-Proof Security / Raghu Boddu, Sami Lamppu, and Rod Trent.

Format:

Book

Author/Creator:

Boddu, Raghu, author.

Lamppu, Sami, author.

Trent, Rod, author.

Language:

English

Subjects (All):

Computer security.

Computer networks--Security measures.

Computer networks.

Microsoft software.

Physical Description:

1 online resource (296 pages)

Edition:

First edition.

Place of Publication:

Birmingham : Packt Publishing, [2024]

Summary:

Tired of dealing with fragmented security tools and navigating endless threat escalations? Take charge of your cyber defenses with the power of Microsoft's unified XDR and SIEM solution. This comprehensive guide offers an actionable roadmap to implementing, managing, and leveraging the full potential of the powerful unified XDR + SIEM solution, starting with an overview of Zero Trust principles and the necessity of XDR + SIEM solutions in modern cybersecurity. From understanding concepts like EDR, MDR, and NDR and the benefits of the unified XDR + SIEM solution for SOC modernization to threat scenarios and response, you’ll gain real-world insights and strategies for addressing security vulnerabilities. Additionally, the book will show you how to enhance Secure Score, outline implementation strategies and best practices, and emphasize the value of managed XDR and SIEM solutions. That’s not all; you’ll also find resources for staying updated in the dynamic cybersecurity landscape. By the end of this insightful guide, you'll have a comprehensive understanding of XDR, SIEM, and Microsoft's unified solution to elevate your overall security posture and protect your organization more effectively.

Contents:

Cover

Title Page

Copyright and Credits

Dedication

Foreword

Contributors

Table of Contents

Preface

Case Study - High Tech Rapid Solutions Corporation

Introduction

The current environment

A cloud environment

A hybrid cloud architecture

User entities

Collaboration with partners

End user devices

Server infrastructure

An application landscape

An IoT/OT environment

Security challenges

Management concerns

Challenges emphasized by security teams

Concerns raised by CISO

A recent incident response case

Summary

Part 1 - Zero Trust, XDR, and SIEM Basics and Unlocking Microsoft's XDR and SIEM Solution

Chapter 1: Introduction to Zero Trust

Zero Trust and its history

Why do we need Zero Trust?

Zero Trust in security operations

Zero Trust principles and architecture

Zero Trust pillars

A real-life example

Case study analysis

Future of Zero Trust

Further reading

Chapter 2: Introduction to XDR and SIEM

Understanding XDR and SIEM

What is XDR and how did it start?

What is SIEM and how did it start?

How does a SIEM solution work?

What do these *DR acronyms mean?

The benefits of having XDR and SIEM solutions in an enterprise

XDR's benefits and reasons to adopt it

Why do we need to consider SIEM?

How to choose the right XDR and SIEM tool

Chapter 3: Microsoft's Unified XDR and SIEM Solution

What is Microsoft's unified XDR and SIEM solution?

Microsoft Defender XDR

Microsoft Defender for Cloud

Microsoft Sentinel

Other relevant Microsoft Security solutions

Microsoft Defender XDR overview (MDE, MDO, MDA, and MDI)

Microsoft Defender XDR solutions

MDE

MDO

MDA

MDI

Microsoft Entra ID Protection (formerly Azure AD Identity Protection).

Use cases for Entra ID Protection

Extending XDR capabilities to on-premises and hybrid cloud by leveraging MDC

MDC key features

Benefits of using unified XDR for on-premises, multi-cloud, or hybrid cloud scenarios

Microsoft Sentinel - SIEM and SOAR

Sentinel key features

Microsoft Sentinel versus Microsoft Defender XDR

XDR and beyond - exploring commonly used security solutions

Microsoft Defender for IoT

EASM

MDTI

Microsoft Copilot for Security

Microsoft's unified XDR and SIEM solution's benefits over non-MS solutions

The future - Microsoft's influence in cybersecurity

The graphical Windows OS revolution

Reshaping server technology with Windows NT

Outlook and the transformation of email communication

MS Office - standard in productivity software

Internet Explorer - a chapter in web browsing

The future - Microsoft's rising influence in cybersecurity

Part 2 - Microsoft's Unified Approach to Threat Detection and Response

Chapter 4: Power of Investigation with Microsoft Unified XDR and SIEM Solution

Understanding the basics of SOC

Typical SOC roles

Avengers of cybersecurity

Traditional versus modern SOC operations

SOC journey with Microsoft's unified security operations platform

Investigation in Microsoft Sentinel

Investigation in Microsoft Defender XDR

Integrations with other Microsoft security solutions and third-party tools

Microsoft Defender XDR platform - Single pane of glass

Third Party integrations

Chapter 5: Defend Attacks with Microsoft XDR and SIEM

An attack kill chain in XDR and SIEM.

Identity threat detection and response

Microsoft Defender XDR's automatic attack disruption

An overview of Microsoft Defender XDR's automatic attack disruption

Automatic attack disruption key stages

Deception capability in Microsoft Defender XDR

Attack scenarios

An identity-based supply chain attack in the cloud

Business Email Compromise attack

Human-Operated Ransomware

A case study analysis

Chapter 6: Security Misconfigurations and Vulnerability Management

Introduction to security misconfigurations and vulnerabilities

Security misconfigurations

Vulnerabilities

Vulnerability management framework

How can Microsoft's unified solution help to address this?

Microsoft Defender Vulnerability Management

Integration with other tools

ServiceNow integration

Intune/MDE remediation (native integration capability)

API integrations and automation

Chapter 7: Understanding Microsoft Secure Score

What is Microsoft Secure Score?

Why do we need to monitor Secure Score?

Azure secure score in MDC

Identity secure score in Entra ID

Microsoft Secure Score in Microsoft Defender XDR

Understanding your score - how are scores calculated?

How to assess and improve findings

Addressing findings

Integrations

MDC secure score

Microsoft Secure Score

Part 3 - Mastering Microsoft's Unified XDR and SIEM Solution - Strategies, Roadmap, and the Basics of Managed Solutions

Chapter 8: Microsoft XDR and SIEM Implementation Strategy, Approach, and Roadmap

XDR and SIEM assessment and implementation strategy

Security assessments

Security strategies.

Implementation approach and roadmap

Adoption order

What's next?

Chapter 9: Managed XDR and SIEM Services

Managed services overview

Security services

How to select a provider

Pros and cons of using managed services

Generic MSSP framework in the Microsoft ecosystem

Azure Lighthouse

Microsoft Entra ID

Multi-tenant management in Microsoft Defender XDR

Content management in an MSSP scenario

Chapter 10: Useful Resources

Microsoft Unified XDR and SIEM Solution resources

Microsoft Defender for Identity

Microsoft Defender for Office

Microsoft Defender for Endpoint

Microsoft Defender for Cloud Apps

Non-Microsoft XDR and SIEM solutions

XDR solutions

SIEM solutions

Managed XDR and managed SOC providers

Cybersecurity Industry Reports 2023

Community and third-party resources

Some of the blogs

Training

Community tools and GitHub resources

Books

Security shows

LinkedIn groups

Thank you

Index

About Packt

Other Books You May Enjoy.

Notes:

Description based on publisher supplied metadata and other sources.

Description based on print version record.

ISBN:

9781835085844

1835085849

OCLC:

1424951211