Nicholas DiCola

Prepare for Microsoft Exam SC-900 and demonstrate your real-world knowledge of the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. Designed for business stakeholders, new and existing IT professionals, functional consultants, and students, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Security, Compliance, and Identity Fundamentals level. Focus on the expertise measured by these objectives: Describe the concepts of security, compliance, and identityDescribe the capabilities of Microsoft identity and access management solutionsDescribe the capabilities of Microsoft security solutionsDescribe the capabilities of Microsoft compliance solutions This Microsoft Exam Ref: Organizes its coverage by exam objectivesFeatures strategic, what-if scenarios to challenge youAssumes you are a business user, stakeholder, consultant, professional, or student who wants to create holistic, end-to-end solutions with Microsoft security, compliance, and identity technologies

Become a security automation expert and build solutions that save time while making your organization more secure Key Features What’s inside An exploration of the SOAR platform’s full features to streamline your security operations Lots of automation techniques to improve your investigative ability Actionable advice on how to leverage the capabilities of SOAR technologies such as incident management and automation to improve security posture Book DescriptionWhat your journey will look like With the help of this expert-led book, you’ll become well versed with SOAR, acquire new skills, and make your organization's security posture more robust. You’ll start with a refresher on the importance of understanding cyber security, diving into why traditional tools are no longer helpful and how SOAR can help. Next, you’ll learn how SOAR works and what its benefits are, including optimized threat intelligence, incident response, and utilizing threat hunting in investigations. You’ll also get to grips with advanced automated scenarios and explore useful tools such as Microsoft Sentinel, Splunk SOAR, and Google Chronicle SOAR. The final portion of this book will guide you through best practices and case studies that you can implement in real-world scenarios. By the end of this book, you will be able to successfully automate security tasks, overcome challenges, and stay ahead of threats.What you will learn Reap the general benefits of using the SOAR platform Transform manual investigations into automated scenarios Learn how to manage known false positives and low-severity incidents for faster resolution Explore tips and tricks using various Microsoft Sentinel playbook actions Get an overview of tools such as Palo Alto XSOAR, Microsoft Sentinel, and Splunk SOAR Who this book is forYou'll get the most out of this book if You're a junior SOC engineer, junior SOC analyst, a DevSecOps professional, or anyone working in the security ecosystem who wants to upskill toward automating security tasks You often feel overwhelmed with security events and incidents You have general knowledge of SIEM and SOAR, which is a prerequisite You’re a beginner, in which case this book will give you a head start You’ve been working in the field for a while, in which case you’ll add new tools to your arsenal

Build next-generation security operations with Microsoft Sentinel Microsoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinel's value throughout security operations. Three of Microsoft's leading security operations experts show how to: Review emerging challenges that make better cyberdefense an urgent prioritySee how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat responseExplore components, architecture, design, and initial configurationIngest alerts and raw logs from all sources you need to monitorDefine and validate rules that prevent alert fatigueUse threat intelligence, machine learning, and automation to triage issues and focus on high-value tasksAdd context with User and Entity Behavior Analytics (UEBA) and WatchlistsHunt sophisticated new threats to disrupt cyber kill chains before you're exploitedEnrich incident management and threat hunting with Jupyter notebooksUse Playbooks to automate more incident handling and investigation tasksCreate visualizations to spot trends, clarify relationships, and speed decisionsSimplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks About This Book For cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operationsFor both Microsoft Azure and non-Azure users at all levels of experience

Prepare for Microsoft Exam SC-900 and help demonstrate your real-world knowledge of the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. Designed for business stakeholders, new and existing IT professionals, functional consultants, and students, this Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified: Security, Compliance, and Identity Fundamentals level. Focus on the expertise measured by these objectives: • Describe the concepts of security, compliance, and identity • Describe the capabilities of Microsoft identity and access management solutions • Describe the capabilities of Microsoft security solutions • Describe the capabilities of Microsoft compliance solutions This Microsoft Exam Ref: • Organizes its coverage by exam objectives • Features strategic, what-if scenarios to challenge you • Assumes you are a business user, stakeholder, consultant, professional, or student who wants to create holistic, end-to-end solutions with Microsoft security, compliance, and identity technologies About the Exam Exam SC-900 focuses on knowledge needed to describe: security and compliance concepts and methods; identity concepts; Azure AD identity services/types, authentication, access management, identity protection, and governance; Azure, Azure Sentinel, and Microsoft 365 security management; Microsoft 365 Defender threat protection and Intune endpoint security; Microsoft 365 compliance management, information protection, governance, insider risk, eDiscovery, and audit capabilities; and Azure resource governance. About Microsoft Certification Passing this exam fulfills your requirements for the Microsoft Certified: Security, Compliance, and Identity Fundamentals certification, helping to demonstrate your understanding of the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. With this certification, you can move on to earn more advanced related Associate-level role-based certifications. See full details at: microsoft.com/learn

Master a complete strategy for protecting any Azure cloud network environment! Network security is crucial to safely deploying and managing Azure cloud resources in any environment. Now, two of Microsoft's leading experts present a comprehensive, cloud-native approach to protecting your network, and safeguarding all your Azure systems and assets. Nicholas DiCola and Anthony Roman begin with a thoughtful overview of network security’s role in the cloud. Next, they offer practical, real-world guidance on deploying cloud-native solutions for firewalling, DDOS, WAF, and other foundational services – all within a best-practice secure network architecture based on proven design patterns. Two of Microsoft's leading Azure network security experts show how to: Review Azure components and services for securing network infrastructure, and the threats to consider in using themLayer cloud security into a Zero Trust approach that helps limit or contain attacksCentrally direct and inspect traffic with the managed, stateful, Platform-as-a-Service Azure FirewallImprove visibility into Azure traffic with Deep Packet InspectionOptimize the way network and web application security work togetherUse Azure DDoS Protection (Basic and Standard) to mitigate Layer 3 (volumetric) and Layer 4 (protocol) DDoS attacksEnable log collection for Firewall, DDoS, WAF, and Bastion; and configure NSG Flow Logs and Traffic AnalyticsContinually monitor network security with Azure Sentinel, Security Center, and Network WatcherCustomize queries, playbooks, workbooks, and alerts when Azure's robust out-of-the-box alerts and tools aren't enoughBuild and maintain secure architecture designs that scale smoothly to handle growing complexity About This Book For Security Operations (SecOps) analysts, cybersecurity/information security professionals, network security engineers, and other IT professionalsFor individuals with security responsibilities in any Azure environment, no matter how large, small, simple, or complex