Under attack?

Get in touch

Cybersecurity challenges

Identify Your Vulnerabilities and Risks

Develop and Manage Your IT Securely

Detect and Respond to Intrusion

Respond to and Quickly Overcome a Cyber Attack

Get Cybersecurity Advice

Essential cybersecurity capabilities

How We Help

Predict

Prevent

Detect

Respond

Recover

Our Services

Are you under attack?

Why Truesec

Who We Are

Cases

Our Experts

Careers

Knowledge and Resources

Events

Tech Talks

Trainings

Blog

News

Knowledge Hub

Main menu

Secure Development Might Seem Slow, But It Often Pays Off in the Long Run

Find Vulnerabilities in Your IT Infrastructure Before the Threat Actors Do

Threat Hunting

Red Teaming

Skills Needed for an Efficient Cyber Incident Response Team

Incident and Response

5 Hygiene Hacks for IT: Reduce the Risk of Ransomware

Cybersecurity

Managed Detection & Response

How To Recruit Securely In the Cyber Age

Human Threat Intelligence

Amazon Cognito - A Quick Look Into Token Security

Infrastructure

Secure Development

What Is Anonymous Sudan?

Increased Risk of DDoS Attacks

<p>With rising geopolitical tension and the heightened risk of cyberattacks, the ability to detect and mitigate potential threats is greater than ever. With organizations worldwide relying on its support, Truesec aims to stay relevant by constantly expanding its global presence and capacity to prevent cyber breaches, which the launch of the new U.S. headquarters will reflect.</p>
<blockquote><p><em>I’m excited to announce the opening of our new headquarters in Jacksonville. By continuing to extend the best-in-class MDR service we’ve built in Scandinavia in the U.S. market, we’re combining our global service capacity with a strong local presence.</em><em><br /></em><em>says <strong>Tomas Sjöström</strong>, CEO of Truesec INC. </em></p></blockquote>
<h2>Marketing-Leading Managed Detection and Response </h2>
<p>A key service we’ll be able to expand in the U.S. is Truesec's Managed Detection and Response (MDR) service. Its capabilities are designed to counteract every stage of a cyber attack event chain and control its entirety. That includes active 24/7 attack monitoring and remediation, proactive threat hunting, and counteractive incident response and recovery. </p>
<h2>Internationally Acknowledged Cybersecurity Company</h2>
<p>Truesec has long been at the forefront of protecting organizations against cyber threats and works closely with law enforcement, the insurance sector, and security organizations worldwide. Truesec's offering includes a broad portfolio of technologically advanced cybersecurity services from a team of dedicated cybersecurity experts. </p>
<blockquote><p><em>There’s a need for real capacity to mitigate threats today, and that’s what we are building in this organization. The expansion into the new U.S. headquarters will help us continue to make meaningful improvements in the state of security, not just for our clients in the U.S., but everyone, says </em><strong>Thomas Sjöström</strong>.</p></blockquote>
<h3><strong>About Truesec Group</strong></h3>
<p>Truesec is a global cybersecurity company with a clear purpose: Creating safety and sustainability in a digital world by preventing cyber breach and minimizing impact. Over the years, Truesec has gained a strong reputation and earned the trust of organizations worldwide. Today, Truesec consists of 300+ dedicated cyber specialists – covering the full spectrum of cybersecurity. </p>
<h3><strong>For more information, contact:</strong></h3>
<p><strong>Tomas Sjöström</strong><br />CEO Truesec Inc.<br />+1 (904) 441-9873<br /><a href="mailto:tomas.sjostrom@truesec.com">tomas.sjostrom@truesec.com</a></p>

Truesec Opens New US Headquarters in Florida

<p>In a time of rising geopolitical tension, the cyber threats facing German companies, organizations, and critical infrastructure have reached an all-time high. The country's strong industry and economy make it susceptible to escalating attacks with damaging consequences. Not only are the number of attacks expected to grow in numbers, but also in complexity, severity, and the societal damage they cause. As a result of the increased demand for professional security services in the region, Truesec is therefore establishing local operations in Munich, Germany. </p>
<p><em> –</em> Our partners and clients have long requested Truesec's local presence in Germany and the DACH region. With our track record of assignments in the region and knowledge of the increasing cyber threats facing companies and organizations, launching local operations is a natural next step, says <strong>Anna Averud</strong>, CEO of Truesec Group. <br /></p>
<h2>Truesec Incident Response in Germany </h2>
<p>With more services to follow, Truesec is initially launching its Incident Response services to help organizations safely through a cyber attack with minimal impact and operational downtime. <a href="https://www.truesec.com/experts/markus-lassfolk" target="_blank" rel="noreferrer noopener">Markus Lassfolk</a>, Global SVP for Truesecs Incident Response unit, leads the German expansion until local management is in place.<br /><br /> – Our goal is always to minimize downtime for clients and bring them back to operations as soon as possible. On average, it takes 23 days to restart a business after a ransomware attack. Truesec's clients are generally back in a considerably shorter time: usually, 3-5 days, says <strong>Markus Lassfolk</strong>, Global SVP of Truesec CSIRT, and adds:</p>
<blockquote> – Combining the local presence of one of Europe's strongest Incident Response teams with our global network of cyber experts makes Truesec ideally positioned to help organizations prevent, detect, and fight cybercrime. We look forward to continuing our excellent collaboration with our regional partners and customers"<br /></blockquote>
<h3>A Proven Record of Helping Victims Worldwide</h3>
<p>Several of the larger Nordic companies and public sector actors affected by cyber attacks turn to Truesec, whose <a href="https://www.truesec.com/how-we-help/our-services/cyber-security-incident-response-team" target="_blank" rel="noreferrer noopener">Cybersecurity Incident Response Team </a>investigates most of the most severe incidents in Sweden and worldwide. Truesec works closely with the insurance sector, law enforcement, and security organizations worldwide and has local operations in Germany, Sweden, Denmark, Finland, and the US.<br /></p>
<h3>Victim Of a Cyber Attack? </h3>
<p><a href="https://www.truesec.com/how-we-help/our-services/cyber-security-incident-response-team">Truesecs Incident Response Team</a> (CSIRT) is available 24/7/365 to help get businesses secured and back up and running as fast as possible.<br /></p>
<h3>For more information, please contact:<br /></h3>
<p>Markus Lassfolk, Senior Vice President, Truesec CSIRT <br />+46 (0)70 918 30 12 <a href="mailto:markus.lassfolk@truesec.se"><br />markus.lassfolk@truesec.se</a> </p>
<p> </p>
<p>Anna Averud, CEO, Truesec Group	 <br />+46 (0)70 918 30 48		 <a href="mailto:anna.averud@truesec.com"><br />anna.averud@truesec.com</a> <br /></p>

Truesec Establishes in Germany to Protect Organizations Against Cybercrime

<p>Freely translated nomination:</p>
<blockquote><em>"With twenty years of experience in information and cyber security, he is often seen in the media in connection with cyberattacks, but he is also the one customers call when the worst has happened. With openness, he shares insights and knowledge about the cyber threats against Swedish companies and organizations in a clear and educational way, making Sweden safer."</em></blockquote>
<p>Read more about the nomination here (in Swedish &#x1f1f8;&#x1f1ea;): <a href="https://computersweden.idg.se/2.2683/1.776832/de-kan-utses-till-arets-mest-inflytelserika-vid-tech-awards-2023">"De kan utses till årets mest inflytelserika vid Tech Awards 2023 - Computer Sweden"</a></p>
<p>We are proud to have such a strong and inspiring leader among us, always striving for inclusion and sharing our insights in cyber - and on our joint mission to create a safe and sustainable future. Congratulations on the nomination Marcus!</p><figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/News/Marcus-Murray-Truesec-Group-small.jpeg?w=2999&auto=compress%2Cformat&fit=crop&dm=1677759762&s=5b5bc3eb46815822fb4feb27a92d63fd" alt="Marcus Murray, founder Truesec" /></figure><h4><br />Marcus' Own Words About The Nomination:</h4>
<p><cite class="cite">18 years ago, Truesec was founded on my kitchen table in a suburb in Stockholm, Sweden. I still remember it like yesterday, I had a 2-year-old daughter, literally no money, and I had to quit my job and instead take a big credit in the bank to follow a desire to make a difference.<br /><br />Cybersecurity was not really a word, but I had a strong feeling it would be very important in the future, as the digitization of our society was beginning to pick up speed. Today, cybersecurity is essential to maintaining a sustainable society.<br /><br />Truesec has grown since then. Today I am just one of 300 specialists in a multi-national cyber security organization.<br /><br />Day and night we protect our society in a time of war in Europe. We engage in defending critical infrastructure against nation-state antagonists. We monitor 300.000+ systems 24/7/365. We conduct around 200 complex investigations of complex cyberattacks yearly, and bring damaged organizations back to normal. We bring security to public and private organizations and their applications, systems, networks and cloud. We provide threat intelligence and strategic capabilities to leaders, and we develop best-of-breed digital solutions to scale our capability to more regions.<br /><br />What makes me even more proud are ethical values of Truesec. We are a purpose-driven organization. We prevent and minimize the impact of cyber attacks. To ensure that we, for example, put purpose over profit.<br /><br />We believe in gender equality and that it must start from the top, our amazing CEO <a href="https://www.linkedin.com/in/ACoAAAAqs3oBcxUU_yQDAAHbX1qNH0O2vJ0weIE">Anna Averud</a> has recruited some of the most amazing female leaders into our management team, and it’s shaping our organization in amazing ways.<br /><br />We have a very friendly environment where we help each other and the people around us. We have an environment where you can be yourself no matter what. We have an organization where it’s ok to explore and try with the risk of failing since we know that’s how we learn and grow as individuals and as a team.<br /><br />We believe in collaboration with the government, partner organizations, and even competitors for the greater good.<br /><br />While organizations measure themselves by gross revenue and profit, we measure ourselves by the impact and outcome we bring to society.<br /><br />This organization is the result of each and every one in the Truesec organization.<br /><br />It is a true honor to be recognized together with 4 amazing individuals, Pernilla Ramslöv, Stina Ehrensvard, Deqa Abukar, and Erik Slottner.<br /><br />Nominating me, however, is not because of my individual accomplishments. I am only a front for each and every college working at Truesec. Colleges that impress and humble me every day with their achievements. This nomination is, in reality, yours to share!<br /><br />That said, thank you TechSverige, for the nomination and for appreciating all the individuals working for and with Tech in Sweden</cite>.<cite class="cite"><br /></cite></p>


Marcus Murray Top 50 Most Influential in Tech 2023

Threat Intelligence Report 2023

<h3>Russia Most Likely Behind the Attacks Against Sweden</h3>
<p>Truesec’s Threat Intelligence unit has investigated the threat actor group to shed light on its activities and help identify its true motives. Although the threat actor behind the cyber attacks claims to be “Anonymous Sudan,” there are several indications that the attacks are, in fact, part of a Russian information operation. </p>
<h3>New Truesec Report Shows the True Motives of the Attacks</h3>
<p><a href="https://www.truesec.com/hub/report/anonymous-sudan-threat-intelligence-report" target="_blank" title="Original URL: https://www.truesec.com/hub/blog/what-is-anonymous-sudan Click to follow link." rel="noreferrer noopener">Truesec has released a new report</a> (published Feb. 20, 2023) that explains how the so-called "Anonymous Sudan" has nothing to do with the online activists collectively known as Anonymous. Instead, it was most likely created as part of a Russian information operation to create fear and uncertainty in Sweden to complicate Sweden’s NATO application. </p>

"Anonymous Sudan": Most Likely Russia Attempting to Disrupt Sweden's NATO Application

Anonymous Sudan: Threat Intelligence Report

How To Prevent Ransomware Attackers From Taking Over Your ESXi 8.0 Hosts

Copiloting the Cyber Threat Landscape in the Travel Industry

M365 Security Boost

<p>To build long-term resilience against cyber attacks, Truesec launches Continuous Threat Monitoring, a Threat Intelligence service to extend threat monitoring beyond your perimeter into the adversary’s space.</p>
<blockquote><em>"The criminal underground market for buying and selling access to organizations is rapidly growing. These access brokerages have become essential to the entire cybercriminal ecosystem. Threat groups are actively purchasing access to organizations to scale and speed up their criminal activities." says Christoffer Strömblad, Threat Intelligence Analyst at Truesec.<br /><br />“Today, organizations need to monitor for credential leaks or access brokers selling access to their estate of infrastructure, servers, clients, and users.”</em></blockquote>
<h2>Build a Strong Cyber Defence With Continuous Threat Monitoring</h2>
<p>The attack timeline is wider than the time from breach to incident response. Continuous Threat Monitoring extends the threat monitoring capability to the outside of your perimeter, to the adversary’s space, taking back initiative from the attackers. </p>
<p>Continuous Threat Monitoring provides unique access to a constant stream of relevant and actionable intelligence about threat activity that will enable strategic decisions to build defensive capabilities for long-term resilience against cyber attacks.<br /></p>
<h3>About Truesecs Continuous Threat Monitoring Service</h3>
<p>Truesecs CTM enables the capability to:</p>
<ul><li>Predict attacks by discovering indications that may lead to an attack, such as typo-squatted domains, newly registered certificates, or targeted attacker campaigns. </li><li>Prevent attacks by reacting when access brokers are willing to buy or sell access to accounts, systems, or entire organizations.</li><li>Discover and respond to leaked credentials.</li></ul>
<p>Learn more about how this service can help your organization build stronger cyberdefense and other Threat Intelligence services <a href="https://www.truesec.com/how-we-help/our-services/threat-intelligence">here</a>.</p>
<h4>Christoffer Strömblad Explains More in This Video</h4><figure><iframe width="560" height="315" src="https://www.youtube.com/embed/EdwIv8ytWmw?controls=0" title="YouTube video player" frameborder="0"></iframe></figure>


Predict Cyber Attacks With Continuous Threat Monitoring

VMware ESXi 8.0 and execInstalledOnly - The Good, the Bad and the Ugly

Public Sector Report - November

Cracking the Chaos Ransomware Family

<p>In a joint quest against cybercrime, Europol, the Dutch National Hi-Tech Crime Unit, and selected IT security companies have joined forces to disrupt cybercriminal businesses with ransomware connections. The global initiative No More Ransom helps ransomware victims retrieve encrypted data without paying the criminals.<br /></p>
<blockquote>For every ransom paid, cybercriminal groups grow stronger. At Truesec, we have a strong track record of helping hundreds of clients recover from ransomware attacks – without having to pay a ransom. By being an active contributor to No More Ransom, we can help more victims with our technical expertise and help them minimize the damage from cyber attacks, says Markus Lassfolk Vice President of Truesec Incident Response.</blockquote>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/Users/markus-lassfolk.jpg?w=3090&auto=compress%2Cformat&fit=crop&crop=focalpoint&fp-x=0.498&fp-y=0.458&dm=1634307693&s=bc7cb9465c84f46b3d6d2ba06fe5ec5f" alt="Markus Lassfolk, Vice President, Truesec Incident Respons" /></figure>
<p><em>Markus Lassfolk, Vice President of Truesec Incident Response.</em></p>
<p>The cybersecurity company Truesec has been appointed as Associate Partner after contributing to the development of the new unique decryption tool and keys for the Chaos ransomware family, which will help thousands of victims retrieve encrypted data and valuable information. Truesec has been at the forefront of fighting cybercrime for many years and has extensive experience managing some of the most significant and complex incidents worldwide.</p>
<blockquote>At Truesec, we know firsthand what devastating impact ransomware attacks have on organizations and critical infrastructure. We are happy to contribute to the No More Ransom initiative and welcome any collaboration that helps create safety for our societies. This is a fight we must win together, says Anna Averud, CEO of Truesec Group.</blockquote>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/News/Anna-Averud-CEO-Truesec-Group.jpg?w=2000&auto=compress%2Cformat&fit=crop&dm=1670431229&s=34f79a55dd181dd1e3e5bd7435d36959" alt="Anna Averud, CEO, Truesec Group" /></figure>
<p><em>Anna Averud, CEO of Truesec Group.</em></p>

<h4>About No More Ransom<br /></h4><figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/News/logo_no-more-ransom_Logo-full-blue.png?w=1771&auto=compress%2Cformat&fit=crop&dm=1670575566&s=c57885aced19c16b50686636b4949b77" alt="No More Ransom" /></figure>
<p>No More Ransom, launched in July 2016, is a collaboration between Europol, the Dutch National Hi-Tech Crime Unit, and selected IT security companies, helping ransomware victims retrieve encrypted data without paying the cyber criminals.</p>
<p>Read more here: <a href="https://www.nomoreransom.org/">https://www.nomoreransom.org/</a></p>

Truesec Joins Forces With Europol To Fight Cybercrime

Swedish Energy Sector Report - October

In Times of Espionage and War – The Ethics of Security Vetting

Swedish Manufacturing Industry Report - September

How Much Money Should You Invest in Preventive Cybersecurity?

Holistic Cybersecurity – From Assessment to Strategy

Fortinet CVE-2022-40684 Vulnerability From an Incident Response Perspective

People Change Over Time − So Does the Human Threat Risk

<p>To help strengthen Danish organizations' cyber resilience, reduce risk and limit the consequences, Truesec and WTW in Denmark have developed a new service for all insurance clients launched in 2022. WTW Cyber Defender covers the entire spectrum from prevention to insurance to crisis management.</p>
<h3>Strengthened Cybersecurity With Truesec and WTW Cyber ​​Defender</h3>
<p>WTW Cyber ​​Defender covers the entire spectrum from prevention to insurance to crisis management, with Truesec and WTW each contributing their unique expertise – Truesec in cybersecurity and WTW in cyber insurance. WTW Cyber ​​Defender contributes to reducing the risk of a cyber attack and limiting the consequences.</p>
<p>“We have combined our strengths and created WTW Cyber ​​Defender, which consists of six sub-elements, each of which helps to strengthen a company's cybersecurity. All combined, these elements provide the best prerequisite for preventing damage and avoiding loss due to data security breaches for companies in Denmark,” says Morten von Seelen, CEO ofTruesec A/S.</p>
<p>Read more about <a href="https://www.wtwco.com/-/media/WTW/Insights/2022/10/wtw-cyber-defender.pdf?modified=20221004092528" target="_blank" rel="noreferrer noopener"><strong>WTW Cyber Defender here.</strong></a></p>
<h3>About WTW</h3>
<p>WTW is Denmark's most prominent independent insurance adviser, with more than 35 years of experience in the Danish market. Today, it has over 400 employees in offices throughout the country.</p>
<p>WTW has local and global experts in cyber insurance and can tailor insurance programs for companies in all industries. WTW also provides advice and guidance in claims cases and looks after the company's interests vis-à-vis the insurance company.<br /></p>

<p>To learn how WTW Cyber ​​Defender can improve your organization’s cybersecurity, contact: <a href="mailto:cyberdefender@willistowerswatson.com">cyberdefender@willistowerswatson.com</a>.</p>
<p>Web: <a href="http://wtwco.com/">http://wtwco.com</a></p>
<h3>About Truesec</h3>
<p>Truesec is a global cybersecurity company with a clear purpose: Creating safety and sustainability in a digital world by preventing cyber breach and minimizing impact. Over the years, Truesec has gained a strong reputation and earned the trust of organizations worldwide. Today, Truesec consists of 250+ dedicated cyber specialists covering the full spectrum of cybersecurity.<br /></p><h4>Contacts</h4>
<p>Morten von Seelen, CEO Truesec A/S: <a href="mailto:morten.von.seelen@truesec.com">morten.von.seelen@truesec.com</a></p>
<p>Web: <a href="http://www.truesec.com/">www.truesec.com</a></p>

Reduce the Risk of Cyber Attacks With Truesec and WTW's Cyber Defender

<p>Cyber threats continue to rise, and the demand for qualified cybersecurity expertise is greater than ever. Truesec is the market-leading cybersecurity company in Sweden, with established operations in Denmark, Finland, and the US, with more regions joining soon.</p>
<h2>Erik Jönsson, New Managing Director for Truesec Sweden</h2>
<p>To lead Truesec Sweden, Erik Jönsson has been recruited as Managing Director starting on October 3, 2022. Erik has extensive experience in cybersecurity and has previously worked at Trend Micro.</p>
<blockquote>"Truesec really stands out with its strong culture and dedicated experts. I'm incredibly proud and happy to join a company that consistently and passionately works towards a common goal – to prevent cyber breach", says Erik Jönsson, Managing Director of Truesec Sweden.</blockquote>In 2018, Anna Averud took over as CEO of the cybersecurity group. She has since then, together with the leadership team, established Truesec's managed services, developed the portfolio of consulting services and increased its incident response capacity. Today, Truesec has the largest dedicated Incident Response team in the Nordics and has tripled its turnover in the last three years (in 2021, turnover was 300M SEK). <br /><br />To focus on her role as Group CEO, Anna Averud is handing over operational responsibility for Truesec Sweden to Erik Jönsson.
<blockquote>"Welcoming Erik to our team feels fantastic. His leadership and knowledge in the industry will strongly benefit our customers and take Truesec to the next level together with the team", says Anna Averud, CEO of Truesec Group.<br /><br />"Local leadership in combination with relevant services is central to Truesec Sweden, and the establishment of Truesec in new regions."</blockquote>
<blockquote><em>"With large investments in our range of services and solid delivery capacity, Truesec is in an attractive position to meet the market's growing need for cyber protection. In Sweden today, we are 220 employees. Within a couple of years, we will double our capacity. It's required if we're to be the number one cyber partner", says </em><strong>Erik Jönsson</strong><em>.</em></blockquote>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/News/Erik-J%C3%B6nsson.jpg?w=3000&auto=compress%2Cformat&fit=crop&dm=1664982167&s=c91f3dc2f2f8717808be328049bf8685" alt="Erik Jönsson" /><figcaption>Erik Jönsson, Managing Director Truesec Sweden.</figcaption></figure>

Truesec Strengthens Its Position in Sweden

Manage and Reduce Cybersecurity Risk with NIST Cybersecurity Framework

<p>“We are honored to be recognized as one of the world’s top managed security services providers by MSSP Alert.” says <strong>Tomas Sjöström</strong>, CEO of Truesec Inc.</p><blockquote>"As exciting as this recognition is for Truesec as a company, it's highly reflective of our aim to always stay at the forefront of protecting organizations against cyber threats", Thomas Sjöström says.<br /></blockquote><h3>6th Annual List &amp; Research Identifies Leading MSSPs Worldwide<br /></h3>
<p>The rankings are based on MSSP Alert’s 2022 readership survey combined with the site’s editorial coverage of MSSP, MDR, and MSP security providers. The sixth-annual list and research track the MSSP market’s ongoing growth and evolution. <br /><br />"MSSP Alert congratulates Truesec on this year's honor. The MSSP Alert readership and Top 250 honorees continue to outpace the cybersecurity market worldwide", says <strong>Joe Panettieri,</strong> editorial director of MSSP Alert. <br /></p><h4>About CyberRisk Alliance<br /></h4>
<p>CyberRisk Alliance (CRA) is a business intelligence company serving the high growth, rapidly evolving cybersecurity community with a diversified portfolio of services that inform, educate, build community, and inspire an efficient marketplace. <a href="https://www.cyberriskalliance.com/">Learn more</a>.<br />
</p>

Truesec Named to MSSP Alert’s Top 250 MSSPs List for 2022

Vulnerabilities in Microsoft Exchange (CVE-2022-41040, CVE-2022-41082)

Threat Intelligence

How Secure Boot Protects Your VMware ESXi Hosts Against Persistant VIB Threats VIRTUALPITA and VIRTUALPIE

Espionage in the 21st Century – How Do We Predict and Prevent This Growing Threat?

Prevent Insider Threats From Getting a Foothold With Security Vetting

<p>Organizations today are challenged to keep up with the rapidly growing cybercrime, and Finland is no exception. To help more companies prevent cyber breaches, Truesec continues its journey in making leading cybersecurity expertise available in multiple markets.</p>
<p><strong>Leading Cybersecurity Expertise in Finland and the Nordics</strong></p>
<p>Backed by its financial partner, IK Partners, Truesec now expands to Finland with a handpicked Finnish team of cybersecurity specialists. Truesec Oy will offer leading cyber expertise and solutions in Finland to help organizations prevent and respond to data breaches Expanding into the Finnish market will provide organizations with local support backed by Truesec's strong Nordic presence and capacity. </p>
<blockquote>Now, with Truesec in Finland, and backed by a team of 250 dedicated cybersecurity experts, we’ve greatly increased our capacity to protect Finnish organizations and respond to cyber attacks. Our combined resources give us a leading edge in preventing cybercrime in Finland and globally,” says Sami Laiho, Chief Research Officer, Truesec Oy.</blockquote>
<p>New CEO Matti Vainio will, together with his experienced team, focus on growing and steering the Finnish operations guided by Truesec's purpose: Preventing cyber breach and minimizing impact.</p><blockquote><em>I look forward to leading the expansion of our Finnish business", </em> says <strong>Matti Vainio</strong> CEO of Truesec Oy. <em>“Having a local team of experienced cybersecurity experts, combined with Truesec’s strong Nordic presence and capacity, gives us an advantage in the current market. In Sweden, Truesec is the first choice when it comes to cybersecurity. Our goal is to become preferred cyber partner in Finland as well.”</em></blockquote>
<p><strong>Truesec Continues To Strengthen Its Presence in Europe</strong></p>
<p>Cybersecurity is essential for all organizations to protect their digital assets, maintain service availability, and ensure operations. To meet the growing demand for cybersecurity abilities, Truesec's focus in the past years has been on increasing capacity and broadening its portfolio of cybersecurity solutions. Today, the cybersecurity group is established in the Nordics, Europe, and the US, helping organizations worldwide to prevent cyber breaches.</p>
<blockquote>Given the increased complexity and impact of cyber attacks today, there’s a growing need for cybersecurity expertise to protect businesses and our society. Establishing operations in Finland is a natural development for Truesec, and Sami and Matti’s unique expertise and experience will have great value to our customers in Finland", says Anna Averud, CEO of Truesec Group.</blockquote>

Truesec Launches in Finland With Top Cybersecurity Experts

<p>Through the collaboration, Dustin will strengthen its "Modern Workplace" service by adding Truesec's managed security service Detect and Disarm, which actively monitors and protects customers’ IT environments by detecting and identifying threats and attacks. If any abnormal events are detected, the attackers are stopped, and the company's operations can continue without interruption.</p>
<h3>Small and Medium Businesses Are Exposed to Cyber Threats</h3>
<p>The number of cyber threats and data breaches has increased in recent years, and the growing security challenges are many. Not least, because many businesses are exposed to data breaches and fraud without knowing it. Small and medium-sized companies are exposed to the same risks as larger ones but often do not have the same opportunities to invest in their IT security.</p>
<blockquote>We are very proud and happy to now be able to offer our customers increased security at an attractive price. Truesec is one of the leading security companies in the Nordics with leading expertise in cybersecurity. Together, we are now doing something wholly unique and filling a need in a way that no other actor does today”, says Rebecca Tallmark, EVP SMB Nordic, Dustin.</blockquote>
<p>Dustin's strengthened security offer, "Modern Workplace," will be launched throughout the Nordics on September 2, 2022.</p>
<blockquote>“We are proud and happy about Dustin's trust in choosing us as a security partner. We see an increase in inventive and brutal attacks against businesses of all sizes, and together we’ll increase cybersecurity by making our services available to more organizations. It motivates us greatly as we aim to help organizations and society prevent data breaches", says Anna Averud, CEO of Truesec Group.</blockquote>
<h4>About Dustin:</h4>
<p>Dustin is a leading online-based IT partner in the Nordics and Benelux. They help their customers stay ahead by providing the right IT solutions for their needs, offering approximately 280,000 products with associated services to companies, the public sector, and private individuals. Dustin Group has about 2,400 employees and has been listed on Nasdaq Stockholm since 2015, with its headquarters in Nacka Strand just outside central Stockholm in Sweden.</p>
<h4>Contact:</h4>
<p>Karin Tränk<br />Press &amp; PR Manager<br />press@dustin.se<br />+46 73 850 54 85</p>




Truesec and Dustin Increase Security for Small and Medium-sized Businesses

The Beautiful Peruvian Jeweller That Turned Out to Be a Russian Spy

Hybrid Warfare and the Effects of Hybrid Threats on Cybersecurity

Russian Hacktivism

Stopping the Insider Threat at the Gate

<p>Enterprises deploy Industrial IoT/OT solutions to enable data-driven automation. These solutions are at the core of a connected business; it’s the key enabler for efficient manufacturing, predictive maintenance, smart buildings, energy optimization, and many more use-cases.</p>
<p>Industrial IoT/OT (IIoT/OT) comprises hardware and software that monitors and controls industrial equipment, assets, processes, and events in real-time. The ecosystem of Industrial Control Systems (ICS), Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), Remote Terminal Units (RTU), and Programmable Logic Controllers (PLC) are critical to ensure the operational efficiency and uptime within manufacturing and connected industries.</p>
<p>Industry 4.0 paves the way for more connected industries. This means more exposure of critical infrastructure to cyber threats, which in turn increases the risk of operational outages, both for enterprises and society as a whole.</p>
<p>The attacks on IIoT/OT environments are increasing, and we believe it will continue to be the trend for years to come, in essence, a rotation from attacking enterprise IT environments to attacking what is the backbone of industrial business operations: <u>the </u><u>OT environments</u>.</p>
<p>Generally speaking, we believe that the expertise and focus on cybersecurity within IIoT/OT is not at the level it needs to be, especially not in relation to the potential impact significance of a breach.</p>
<p>There are a few key challenges we see that make up the cybersecurity dilemma for IIoT/OT environments:</p>
<ul><li>Lack of monitoring and insight into industrial networks</li><li>Systems have many legacy devices running unpatched software with limited ability to be updated</li><li>Networks aren’t isolated from the enterprise IT networks</li><li>Networks aren’t properly segmented in between</li><li>Traditional IT EDR/NDR solutions don’t understand industrial protocols, limiting detection possibilities</li></ul>
<p>Most importantly, we believe that the fear of operational outage limits the willingness to upgrade hardware/software in production environments. Hence, we’re pleased to share with you that our new service has <u>zero performance impact</u> on existing operational IIoT/OT environments.</p>
<p>Our new service, <strong>Detect </strong><strong>and</strong><strong>
Disarm for Industrial IoT/OT</strong>, extends our SOC with IIoT/OT-aware behavioral analytics and threat intelligence.</p>
<p>Through agentless NDR monitoring, we bring full visibility into assets and risks in your Industrial IoT/OT environments to enable real-time threat monitoring.</p>
<p>In addition to 24/7/365 managed detection of your IIoT/OT environment, we also bring insights into:</p>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/detect_disarm_iiot_ot_capabilities.jpg?w=1280&h=800&auto=compress%2Cformat&fit=clip&dm=1654256599&s=b6cfaa30f31a774b74adb499d0898465" alt="" /></figure>
<p>This service is seamlessly integrated with all our existing EDR and XDR services to enable interoperability across IT-IoT-OT and a holistic detection; however, it can also be provided as a separate service in those scenarios where it’s needed.</p>
<p>Don’t hesitate to contact us if you want to discuss the IIoT/OT cybersecurity needs for your particular business.</p>
<p><a href="https://www.truesec.com/service/detect-disarm-for-industrial-iot-ot">Click to Learn More</a></p>

Introducing Detect and Disarm for Industrial IoT/OT

The Importance of Detecting Cyber Threats Before Operations are Impacted

Take Immediate Action to Mitigate Cyber Incidents

The Importance of a Holistic Cybersecurity Approach

<p>Cyber attacks are continuing to increase at a worrying pace globally; at the same time, the adoption of IoT (Internet of Things) continues to lead the way for industry digitalization and transformation. We believe that the demand for security and advisory services within the IoT domain will grow dramatically because of the need to protect critical infrastructure from breach and outage.</p>
<p>With the number of reported IoT vulnerabilities skyrocketing exponentially in recent years and 57% of already deployed IoT devices being vulnerable to medium- or high-severity attacks, we believe it’s time to act.</p>
<h3>IoT Is Everywhere<br /></h3>
<p>IoT today is seen everywhere, in all industries, and installations are growing at an exceptionally fast pace, expected to surpass almost 20 billion connected IoT devices globally by the end of 2022, a doubling in just a few years. This means that any elevator, digital lock, industrial production line, and other critical infrastructure is already or will be exposed to the internet.</p>
<p>Enterprises deploy IoT solutions to understand how their products are being used and to be able to make data-driven decisions to optimize operational efficiency. While IoT can enable significant business optimization, it certainly comes with risks. IoT security is today remarkably neglected; Truesec wants to contribute to a mindset shift to bring cybersecurity to the top of the IoT and digitalization agenda.															<br /></p>







<h3>Dedicated IoT Cybersecurity Unit Ready To Help</h3>
<p>We have appointed Patrik Axelsson as CEO for Truesec IoT. He will lead the way for the
dedicated business unit that focuses exclusively on services and advisory for IoT cybersecurity.
</p>
<p>The commitment to the mission of preventing cyber breach and minimizing impact is at the core. We provide a tailored set of services and advice to support enterprises in building secure and sustainable IoT. Whether the enterprise is new to IoT or has a fully operational global IoT deployment, we work with companies of all sizes in any industry.</p>

Truesec Launches IoT Cybersecurity Domain

Ransomware Attacks Linked to Russian Sanctions

Spring4Shell/SpringShell Spring Remote Code Execution Vulnerability: Impact and Response

How Do Red Teams Legally Hack Into Banks?

Analysis of CaddyWiper - Wiper Targeting Ukraine

Anticipating a Russian Cyber Response to Economic Sanctions

10 Recommendations To Prepare for an Escalating Cyber Conflict

Understanding the Value and Use of Threat Profiles

FIN12/Conti Syndicate Use TeamTNT Tools in Ransomware Attacks

Increased Cyber Threat to Critical Infrastructure

A First Step Towards Building a Cyber Threat Intelligence Capability

Threat Intelligence Report 2022

Threats to the Swedish Financial Sector in 2021

Current cyber threat situation in Sweden

<p>Cybercriminals are becoming increasingly efficient at exploiting vulnerabilities to gain access to environments, forcing organizations to assume a breach mentality going forward. <br /><br />The speed of the attacks, from the initial foothold to when the attackers reach their goal, has increased. In less than 24 hours after the initial breach, threat actors can obtain full administrative privileges, which means complete control over the victim's network and IT infrastructure.<br /></p>
<h3>Some Key Findings in our Threat Intelligence Report:</h3>
<ul><li>Ransomware remains the most significant and serious threat to medium and large companies. The number of ransomware attacks in 2021 increased by 26% compared to 2020. </li><li>The increase in the number of cyber attacks is due to the fact threat actors are now using automated tools that enable quicker attacks. Additionally, they recruit less-skilled affiliates that need only follow ready-made instruction manuals to act.</li><li>A majority of intrusions in 2021 began with threat actors exploiting known vulnerabilities in public-facing systems. Cybercriminals can quickly leverage such exploits in mass attacks against unpatched systems.<br /></li></ul>
<h2>Know How to Protect Your Organization in the Coming Year</h2>
<p>In our <a href="https://www.truesec.com/hub/report/threat-intelligence-report-2022" target="_blank" rel="noreferrer noopener">Threat Intelligence Report 2022</a>, you'll find actionable insight into the current threat landscape in Scandinavia and globally and advice on how to prioritize your cybersecurity efforts in the coming year. </p>
<p>Our suggested priorities and cybersecurity recommendations are based almost entirely on responding to real incidents and stopping attacks during 2021. We have delved into every one of them to fully understand the root causes, what could have prevented the breaches, and minimized the impact.<br /></p>

Cybercriminals Have Shifted Tactics to Increase Profit

What Do Drones Have To Do With Social Engineering and Recruited Spies?

State-Sponsored Cyber Attacks Against Ukraine

Vulnerability Analysis of CVE-2022-21907 - HTTP Protocol Stack RCE

<p>Organizations today are challenged to keep up with the rapidly growing cybercrime, given the increased complexity and impact of cyberattacks. In addition, with an ever-evolving threat landscape, there is a growing need for cybersecurity abilities to protect businesses against data intrusion. </p>
<p>To help more organizations prevent cyber breaches, Truesec's focus has been increasing capacity and broadening its portfolio of cybersecurity solutions in the past years. Backed by its new financial partner, IK Partners, Truesec now sets off in Denmark together with a handpicked Danish team of cybersecurity experts. The expansion into the Danish market will give the organizations local support backed by a strong Nordic presence. </p>
<p>Truesec A/S will, through its expertise in cybersecurity, offer increased cyber resilience through threat intelligence-driven services, active IT surveillance, and incident response. Morten von Seelen and his experienced team will steer the Danish operations guided by Truesec's common purpose: Preventing cyber breach and minimizing impact. </p>
<blockquote>Our goal is to secure companies established in Denmark from cyberattacks and minimize impact. Having a team of experienced Danish incident responders and 24/7 monitoring in the Nordics gives us an advantage in the current market. Our team has been a part of many of the biggest incidents in the Nordics in the past years. Combined with Truesec’s total capacity, it will become a real game-changer for our customers in Denmark.<br /> <br />Morten von Seelen, CEO of Truesec A/S.</blockquote>

Truesec Strengthens European Presence – Expands into Denmark

Log4j/Log4Shell Explained - All You Need to Know

Using a Legitimate Application to Create Persistence in Your Azure Active Directory

Log4j - How To Secure Your VMware Horizon, UAG and vCenter Servers Against the Log4Shell Vulnerability (CVE-2021-44228)

Log4Shell / Apache Log4j Injection Vulnerability CVE-2021-44228: Impact and Response

Common Active Directory Misconfiguration

<p>This long-term partnership gives the Red Cross access to Truesec's full range of services and cybersecurity expertise. The organizations will also be collaborating on development projects, during which the Red Cross will offer Truesec its insight and know-how. </p>
<p>With the ongoing digital transformation, IT and information security are becoming increasingly important for the Red Cross. The organization's ability to provide emergency assistance and disaster relief worldwide is dependent upon the robustness of its IT systems and security of its data.</p>
<p>“We are the world's foremost disaster organization. Our capability to provide relief in a crisis depends on our ability to communicate with each other as well as having access to the right information. As an increasingly digital organization, we need to reinforce our IT and information security. Therefore, we have chosen to enter a partnership with Truesec to develop and strengthen our cybersecurity capabilities in a structured way”, says Martin Tägtström, CIO at the Swedish Red Cross. </p>
<p>The partnership is based on a mutual commitment toward a safer and more secure world. By supporting the Red Cross, Truesec is advancing its mission of a secure digital future. </p>
<p>“We look forward to contributing to the Red Cross' important work. They make a true difference to so many in need, and we are grateful for their trust”, says Anna Averud, CEO of Truesec Group.</p>

The Red Cross Calls on Truesec to Strengthen Its Security Posture

ProxyShell, QBot, and Conti Ransomware Combined in a Series of Cyber Attacks

<p>In IK Partners we find our ideal partner to support our vision. Together, we commit to our mission, and endeavor to continuously protect organizations and society from cyber threats.<br /></p>
<p>“We firmly believe that a partnership between Truesec and IK Partners will form a solid basis for capturing value creation opportunities across several dimensions, specifically helping us to further solidify the Group’s market position in the Nordics as well as expand its presence outside current core markets.”, says Anna Averud, CEO Truesec Group.</p>
<p>Read our <a href="https://press.truesec.se/posts/pressreleases/truesec-announcing-a-new-financial-partner">press release</a> in our newsroom.</p>

New Financial Partnership Announcement – Truesec and IK Partners

<h2><strong>Highest Perceived Value in Relationship with Their Customers</strong></h2>
<p>The result from market research company Swedish Radar Ecosystem Specialist's report on IT security vendors (“IT-säkerhetsspecialister, tillit och varumärkeskännedom 2021”), puts Truesec as number one in perceived value in the relationship with their customers.</p>
<p>A total of 321 respondents (IT decision-makers) were asked the question about which suppliers transfer the highest value in relationship with their customers (i.e., perception of value in the relationship). The response was that a large majority (72%) of all respondents viewed Truesec to provide the highest value.</p>
<p>See below results for details (in Swedish):</p>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/Radar-Ecosystems-Specialists-2021-Report-Page-Emotionell-leverant%C3%B6rsutv%C3%A4rdering.PNG?w=1240&auto=compress%2Cformat&fit=crop&dm=1636025270&s=3cb23f41b50ec99a5d9f1174abe10311" alt="From Radar Ecosystem Specialists Report" /></figure>
<p>To access the full report please visit <u><a href="https://radareco.se/" target="_blank" rel="noreferrer noopener">Radar Ecosystem Specialists webpage</a>.</u></p>

Truesec Top-Rated by Clients in Perceived Value

Back in Business After the Largest Ransomware Attack of All Time

Swedish Red Cross on Staying Compliant Through Sensitive Data Breach

UAParser.js npm Package Supply Chain Attack: Impact and Response

Supply Chain

Kaseya Supply Chain Attack Targeting MSPs to Deliver REvil Ransomware

A Ciso's Guide to Incident Readiness

Threat Intelligence Report 2021

<h2><strong>The jury’s motivation</strong>:<br /></h2>
<blockquote><p>“In the last 12 months, we have seen both substantial growth in volume and several large well-known cases of cyber breaches and ransomware attacks. Consequently, increased security is now on everyone’s agenda and top-of-mind for far many more than before. Therefore, it feels safe to have the “Security Partner of the Year” in our corner: <a href="https://www.linkedin.com/company/truesec/">Truesec</a>!”</p></blockquote>
<figure><img src="https://optimise2.assets-servd.host/jealous-emu/production/MicrosoftTeams-image-18.png?w=1800&auto=compress%2Cformat&fit=crop&dm=1633331351&s=1d99d8ddc54a9901428d1b21b80e62a6" alt="Microsoft Partner of the year" /></figure>

Truesec Awarded Microsoft's "Security Partner of the Year" 2021

Test Your Company's IT Defenses: Conduct a Cyber Threat Assessment

When the Cyber Threat Comes From the Inside

Using PetitPotam to NTLM Relay to Domain Administrator

Why Safeguarding Your Digital Assets Is a Must

HiveNightmare aka SeriousSam Local Privilege Escalation in Windows - CVE-2021-36934

How the Kaseya VSA Zero-Day Exploit Worked

Origin of the Kaseya Breach

Secure Your Software Supply Chain – Trusting Third Parties

Secure Your Software Supply Chain  – Threats and Mitigations

Fix for PrintNightmare CVE-2021-34527 Exploit to Keep Your Print Servers Running While a Patch Is Not Available

Exploitable Critical RCE Vulnerability Allows Regular Users to Fully Compromise Active Directory – PrintNightmare CVE-2021-1675 and CVE-2021-34527

Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) – ADV210003 – KB5005413 – PetitPotam

Stories From the CSIRT Front Lines

Guidelines to Help Companies Strengthen Their Cybersecurity

<p class="p1">Ransomware continues to increase in both frequency and scope. <a href="https://www.willistowerswatson.com/sv-SE"><span class="s1">Willis Towers Watson</span></a> and Truesec have therefore determined guidelines for how each company should establish a good cybersecurity posture.</p>
<p class="p1">An increasing number of companies are suffering from cyber attacks, and in recent times this has led both to the suspension of healthcare and to entire communities being affected when critical infrastructure is attacked, an example of that is the US fuel pipeline that led to rising gasoline prices and pains.</p>
<p class="p1">To make it easier for organizations that want to strengthen their cybersecurity, Truesec, and WTW, have developed clear guidelines that support companies to establish good cybersecurity. The guidelines are intended as a basic level, where each organization can decide the next steps, based on its conditions and goals.<br /></p>


Truesec and WTW Announce Joint Guidelines to Help Companies Strengthen Their Cybersecurity

Managing Threats and Vulnerabilities From Third-Party Dependencies

Getting Started With Microsoft Security Baselines

<p>We use <u>OWASP Juice Shop</u> as a training ground. We'll discuss mitigations and how you can avoid the vulnerability class when developing using patterns and best practices for select sets of vulnerabilities.</p>
<p>In this training, we'll start by utilizing the developer console in a web browser and continue to show examples of simple DAST usage (Dynamic Application Security Testing) and tools that can be used to simplify vulnerability discovery.</p>
<p> </p>
<p><em>This training can be performed on-site or remotely. </em></p>

Application Security Testing and Mitigation for Developers and Testers

Chief Technical Officer, Truesec Group

Hacker and Creative

Senior Technical Architect

Principal Forensic Investigator and Cybersecurity Expert

Technical Director of Development

Chief Innovation Officer (CINO)

The knowledge level of the teacher and the ability to convey knowledge raises you high above other companies! There is a passion for the topic that makes it always the latest and with the best advice that comes with the teaching.

We provide you with world class experts at our training sessions.

Our experts

World Class Cybersecurity Expertise

Truesec trainings

Cybersecurity Training To Improve Your Technical Skills

Senior Infrastructure Specialist

Senior Consultant Infrastructure

<p><strong>In this lecture-style class developed and presented by Marcus Pettersson (Senior Consultant), together with Viktor Hedberg (Senior Consultant Secure Infrastructure), you will learn how to protect and defend identities, devices, and data using the latest features in Microsoft 365. By understanding how the different products work and integrates with each other, you will see several new opportunities you may already have access to in your M365 subscriptions.</strong></p>
<p>The training is divided in to four sessions, each covering different aspects of M365. The Sessions are held online at 3 pm to 5 pm CET. All sessions are presented in English.</p>
<p><strong>F</strong><strong>irst session</strong> will focus on Azure AD, where we will talk about the importance of Zero trust and why you need to change many of the default settings in Azure AD to secure your identities.</p>
<p><strong>Second session</strong> will cover how to protect your infrastructure using Microsoft 365 Defender. We will cover the different defender services to ensure that we can protect our endpoints and identities from threats and how we can use the capabilities of M365 Defender to investigate suspicious activity in the environment.</p>
<p><strong>Third session</strong> will focus on endpoints and how we can ensure that our devices can be secure and managed in the new hybrid work era. We will look at how Intune can help us secure both desktop and mobile operating systems.</p>
<p><strong>Fourth session</strong>, we will look at the compliance features within Microsoft 365. Many organizations store sensitive information in Office 365, which makes it important to ensure that the information does not end up in the wrong place. We will use Microsoft Purview services to classify and protect sensitive information.</p>
<p>After these sessions, you will have a unique and deep understanding of the threat-protection and compliance stack in Microsoft 365, how you can leverage it in your own environment, and prepare for when the worst happens.</p>
<h2>Course description:</h2>
<h3>Session 1 – Securing Azure AD</h3>
<p>Azure AD is the identity platform used by all Microsoft 365 services. In this module you will learn why it’s so important to have good security controls in place and how to configure Azure AD to ensure your users and sign-ins are protected.</p>
<ol><li>Why the default settings in Azure AD needs to be changed.</li><li>Start your Zero Trust journey with Conditional Access.</li><li>Secure your MFA registrations.</li><li>Understand the possibilities (and dangers) with Enterprise Applications.</li><li>Protect your sign-ins with Identity Protection.</li><li>Protect your administrative roles with Privileged Identity Management.</li><li>Understand why logging is so important and how Azure AD logs will help your investigations.</li></ol>
<h3>Session 2 – Understanding Microsoft 365 Defender</h3>
<p>Microsoft 365 contains a lot of powerful security features. Microsoft 365 Defender is a collection of multiple security services aimed at different parts of your IT infrastructure. In this module, you will learn how the Defender suite help to secure your modern workplace and how to get the most out of the services.</p>
<ol><li>Protect your Endpoints with Defender for Endpoint.</li><li>Get insight in your domain controller traffic with Defender for Identity.</li><li>Ensure that your organization is protected from e-mail originating threats with Defender for Office365.</li><li>Monitor and control your cloud application usage with Defender for Cloud Apps.</li></ol>
<h3>Session 3 – Protect your endpoints with Microsoft Endpoint Manager</h3>
<p>With the new hybrid-work era, it’s important to have good management abilities on your endpoints wherever in the world they are located and weather you are using Windows, Mac, iOS, or Android devices. All of them needs to be managed and monitored so your users can feel safe while performing their day-to-day work. In this module, you will learn how Endpoint Manager can be used to properly manage and enforce security controls across your device platform.</p>
<ol><li>Configure Windows Autopilot.</li><li>Onboard your mobile devices.</li><li>What is Apple Business Manager and why is it important?</li><li>Enforce security settings to your devices.</li><li>Safeguard your corporate data on private and corporate owned mobile devices.</li><li>Use your devices to strengthen your Zero Trust configuration.</li><li>Ensure that only the devices you approve can be enrolled. </li></ol>
<h3>Session 4 – Compliance in Microsoft 365</h3>
<p>With a lot of potential sensitive information used and stored within Microsoft 365, it’s important as an organization to ensure that this information does not end up in the wrong hands. In this module you will learn how to use the available Purview compliance features to protect your sensitive data.</p>
<ol><li>How Microsoft Purview Information Protection will classify and protect your documents and email messages.</li><li>Use Purview Data Loss Protection to prevent information leakage to external parties.</li><li>What is in-place and litigation hold and when should you use it.</li><li>Understand how eDiscovery will help you to investigate mailbox, Teams, and SharePoint activities in your own environment.</li></ol>
<p>Why it is so important to enable the Unified Audit Log, and how should you use it in case of a breach.</p>
<p><strong><span dir="ltr"><br /></span></strong></p>
<h4><strong>Quick facts / FAQ:</strong></h4>
<ul><li>What language will be used? <br /><em>All sessions are held in English.</em></li><li>Will you receive a recording after the sessions? <br /><em><span dir="ltr">Yes, a recording of the session will be available for download after the session</span>.</em></li><li>We are a couple of colleagues who would like to participate, can we purchase one ticket and join from a conference room? <br /><em>Tickets are priced per person, so all participants need to purchase their own. But joining from a conference room with colleagues sounds great!</em></li><li>Can you join onsite at Truesec premises? <br /><em>No, this is a remote only session.</em></li></ul>

M365 Security Boost | Price: 7500 kronor (SEK) | Dates: March 22, March 29, April 19, April 26 | Time: 15:00-17:00 (GMT+1) | Virtual

M365 Security Boost | Price: 750 dollar (USD) | Dates: March 22, March 29, April 19, April 26 | Time: 9am-11am (EST) | Virtual

<p>This helps reduce the risk of being affected both by mistakes in development and, for example, vulnerabilities in third-party dependencies. Additionally, a secure coding standard increases the ability to introduce effective static code analysis (SAST) and can simplify debugging by reducing the number of potential pathways in code.</p>
<p>In this training, we either present general recommendations on patterns or adapt the recommendations to the frameworks and languages in use.</p>
<p><em>This training can be performed on-site or remotely.</em></p>

Secure Coding Patterns

<p>In this lecture-style class developed and presented by Viktor Hedberg, Senior Consultant at Truesec and Microsoft MVP, alongside Marcus Pettersson, Senior Consultant at Truesec, you'll learn how to protect and defend identities, devices, and data using the latest features in Microsoft 365. By understanding how they all fit together and can be integrated, you'll realize the opportunities you may already have access to in your M365 subscriptions.</p>
<p>We'll begin with hybrid Identity, including Defender for Identity and Identity Protection, and then move through Defender for Office 365. This will allow us to protect access to data and ensure that we have a first line of defense against malware and phishing attempts.</p>
<p>Next up, we'll secure our endpoints with Defender for Endpoint and Microsoft Endpoint Manager. The focus will be on Windows, but we'll cover Linux, macOS, Android, and iOS because that's the reality for many IT administrators out there today.</p>
<p>Once we've implemented our first line of defense, it's time to combine them all into Microsoft Cloud App Security and Microsoft Threat Protection. You'll learn how Cloud App Security integrated with MDE can give you complete control of your Shadow IT and how it becomes your hub for security. We'll also share how you can collect logs from all these tools, and others, into Azure Sentinel, showing you how to use a SIEM in the most efficient way.</p>
<p>Lastly, we'll put all of this to the test by running simulated attacks and defending against them. You'll also be given a unique insight into how Truesec works proactively to protect our customers. The grand finale is all about being prepared for when the worst happens and how you should handle an IT breach or attack. We'll share the best approaches from our Incident Response team so that you can be more prepared.</p>
<p>When you've finished the class, you'll have a unique and deep understanding of the threat-protection stack in Microsoft 365, how you can leverage it in your own environment, and prepare for when the worst happens.</p>
<h3>Course Outline</h3>
<p><strong>Cloud Protected Identities</strong></p>
<ul><li> How to properly configure Azure AD Connect and why you should</li><li> Microsoft Defender for Identity (MDI)</li><li> Azure AD Identity protection</li><li> Multi-factor authentication</li><li> Privileged Identity Management</li></ul>
<p><strong>Threat Protection in Office 365 and Azure</strong><br /></p>
<ul><li> Microsoft Defender for Office 365 (MDO)</li><li> Data security and compliance</li><li> Microsoft Cloud App Security – Introduction</li></ul>
<p><strong>Protect and Defend Your Endpoints</strong></p>
<ul><li> Microsoft Defender for Endpoint (MDE)</li><li> Windows 10 security and hardening</li><li> Protecting Linux and MacOS</li><li> Mobile Device Management using Microsoft Intune</li><li>Compliance and reporting</li></ul>
<p><strong>Integrations and Log Management</strong></p>
<ul><li> Microsoft Threat Protection</li><li> Auditing and security in Office 365 and Azure</li><li> Microsoft Cloud App Security (MCAS) – Deep-dive</li><li> Azure Sentinel</li></ul>
<p><strong>Real-Life Cybersecurity</strong></p>
<ul><li> Using MCAS to control shadow IT</li><li> Introduction to threat hunting in Azure Sentinel and MDE</li><li> Attack simulations</li><li> Incident response in real life</li></ul>
<p> </p>
<h3>The Fine Print</h3>
<p>Level 300</p>
<h4>Who Should Attend</h4>
<p>
IT security engineers<br />
IT security architects<br />
Device Administrators<br />
Workplace architects</p>
<h4>Prerequisites</h4>
<p>Understanding of Active Directory and Azure Active Directory<br />
Understanding of especially Windows 10, authentication, and security features<br />
Basic understanding of Microsoft Azure services<br />
Understanding of Office 365</p>
<h4>Material</h4>
<p>Slidedeck<br />
Scripts<br />
Links<br />
Tips and tricks</p>
<p> </p>

Implementing Microsoft 365 Security Solutions

Implementing Microsoft 365 Security solutions

<p>This two-day lecture-style course, developed and presented by Simon Binder, Microsoft MVP, is aimed at device administrators that want to learn how to configure and manage devices independent of operating system. We will not cover Configuration Manager in detail, but we will deep-dive into your different options for managing Windows machines.</p>
<p>You'll not only finish this course with plenty of new knowledge but also with some challenging mindsets and boosted self-confidence that will enable you to create the best possible mobile experience for your users.</p>
<p> </p>
<h2><strong>Class Outline</strong></h2>
<p>Configuring the MS Intune service</p>
<ul>
<li>Choosing your Windows-management approach</li>
<li>Microsoft Intune service design and considerations</li>
<li>ABM/ASM, Android Enterprise</li>
<li>Microsoft Cloud App Security, Microsoft Defender ATP, Microsoft Store for Business</li>
</ul>
<h3>Modernizing Windows Management</h3>
<ul>
<li>Co-management</li>
<li>Security baselines and configuration policies</li>
<li>Application management</li>
<li>Windows Update for Business</li>
</ul>
<h3>Making the Apple Eco-system Ready for Work</h3>
<ul>
<li>Apple Business/School Manager deep-dive</li>
<li>MacOS</li>
<li>iOS/iPadOS</li>
<li>First- and third-party integrations (like JAMF)</li>
</ul>
<h3>Securing Android With Android Enterprise</h3>
<ul>
<li>Android Enterprise</li>
<li>OEM config and other configuration options</li>
<li>First- and third-party integrations</li>
</ul>
<h3><strong>Protecting Access to Apps and Data</strong></h3>
<ul>
<li>Application Protection Policies</li>
<li>Windows Information Protection</li>
<li>Conditional Access</li>
<li>First- and third-party integrations</li>
</ul>
<h3>Troubleshooting and Reporting</h3>
<ul>
<li>Troubleshooting</li>
<li>Reporting</li>
<li>Compliance</li>
</ul>
<h3>The Fine Print</h3>
<p>Level 300</p>
<h4>Who Should Attend</h4>
<p>Device administrators<br />
Digital Workplace architects and service owners<br />
Configuration Manager administrators<br />
2- and 3-line support engineers</p>
<h4>Prerequisites</h4>
<p>Basic understanding of Azure AD<br />
Basic understanding of applicable operating systems (for your organization) – iOS, Android, MacOS, and Windows 10<br />
Basic understanding of Powershell<br />
Optional:<br />
Basic understanding of Microsoft Endpoint Manager – Configuration Manager</p>
<h4>Material</h4>
<p>Slidedeck<br />
Scripts<br />
Links<br />
Tips and tricks</p>

Managing Endpoints With Microsoft Intune

<p>Learn how to take control of your mobile devices and allow your workforce to be productive while ensuring that your corporate data is secure. This course focuses on managing devices with Microsoft Intune.</p>
<h3>Hands-on Labs</h3>
<p>Over 60 percent of your time in class is dedicated to hands-on labs and exercises based on self-perceived real-life scenarios and methods verified to work in production environments. And the best part, you get access to all the sample files and scripts.</p>
<h3>Class Outline</h3>
<p><strong>Manage and Create User and Group Identities</strong></p>
<ul>
<li>Set up and configure a demo tenant for Mobile Device Management</li>
</ul>
<p><strong>Prepare for Mobile Device Enrollment</strong></p>
<ul>
<li>Configure enrollment restrictions</li>
<li>Personal and corporate-owned devices</li>
<li>Apple DEP and Configurator</li>
<li>Android for Work</li>
<li>Windows Autopilot</li>
<li>Device enrollment experience for iOS, macOS, Android, and Windows 10</li>
</ul>
<p><strong>Manage Mobile Device Policies</strong></p>
<ul>
<li>Device features and restrictions</li>
<li>WiFi profiles</li>
<li>Email profiles</li>
<li>VPN profiles</li>
<li>SCEP certificates</li>
<li>PKCS certificates</li>
<li>Custom configurations (OMA-URI)</li>
</ul>
<p><strong>Manage Mobile Apps</strong></p>
<ul>
<li>App Configuration policies</li>
<li>App Protection policies</li>
<li>App stores integration (Apple VPP, Android for Work, and Microsoft Store for Business)</li>
<li>App inventory</li>
<li>App categories</li>
<li>Mobile device and apps inventory</li>
</ul>
<p><strong>Secure Access to Resources</strong></p>
<ul>
<li>Conditional Access</li>
<li>Compliance policies</li>
<li>Role-based Administration</li>
<li>End-user branding experience and license terms</li>
<li>Automate common tasks with PowerShell</li>
</ul>
<h3>The Fine Print</h3>
<p><strong>Level</strong><br />
300 (Advanced)</p>
<p><strong>Who Should Attend</strong><br />
IT Pros and Systems Administrators</p>
<p><strong>Prerequisites</strong><br />
Basic understanding of Windows Server and Active Directory</p>
<p><strong>Material</strong><br />
Student Lab Manual, slide decks, and lab files</p>
<p> </p>

Mobile Device Management Using Microsoft Intune

Mobile Device Management Using Microsoft Intune - may-19-2020-remote-virtual-only-simon-binder

Senior Consultant

<p><strong>Online Virtual | Attend in Person</strong><br /></p>
<p><strong>Level</strong>: 200</p>
<p><strong>Prerequisites:</strong><br />Basic scripting knowledge in any scripting language.</p>
<p><strong>Course Objectives:</strong><br />After completing this lab, you'll have learned the fundamentals of PowerShell and should have a good understanding of how to automate daily tasks, site management, and much more using PowerShell.</p>
<p><strong>Material:</strong><br />Lab manual and presentations.</p>
<p>In this lab, you’ll learn the following:</p>
<p>– What is PowerShell – cmdlets, modules, aliases, profiles, and drives.<br />– Using the pipeline, objects, storing, knowing, and processing data.<br />– Functions, conditional statements, WMI, remoting, and best practices.</p>
<h2>Chapters</h2>
<ul><li><strong>Intro to PowerS</strong><strong>hell</strong><ol><li>What is PowerShell?</li><li>What can I do with PowerShell?<ol><li>Scripts</li><li>UIs</li><li>Desired State Config</li><li>Discussion about some things I’ve written for clients</li></ol></li><li>Know your IDE<ol><li>PowerShell ISE</li><li>Visual Studio Code</li><li>Terminal</li><li>Text Editor</li></ol></li><li>OOP and PowerShell<ol><li>Intro to the concept of Everything is an Object</li><li>Properties/Methods</li><li>PowerShell Case Sensitivity</li></ol></li><li>Hello World<ol><li>Running Lines vs. Script</li><li>Tab Completion</li><li>PowerShell Sessions</li></ol></li><li>Getting Help<ol><li>Get-Help, Get-Command, Get-Member</li><li>Google</li></ol></li></ol></li><li><strong>Cmdlets, Modules, Functions, and the Pipeline</strong><ol><li>What is a Cmdlet?<ol><li>Types of Cmdlets<ol><li>Binary</li><li>Script</li></ol></li><li>Intro to common Cmdlets<ol><li>Write-Host</li><li>Write-Info/Error/Warning/Output</li><li>Get-Content</li><li>Out-File</li><li>Out-Null</li></ol></li><li>Alias<ol><li>Why I don’t use them!</li></ol></li></ol></li><li>What is a Module?</li><li>What is the Pipeline?</li><li>What is a Function?</li></ol></li><li><strong>Variables and Basic Datatypes</strong><ol><li>What is a variable?<ol><li>User-defined Variables</li><li>Environmental Variables</li><li>Special Variables<ol><li>$null</li><li>$ErrorPreference for example</li></ol></li><li>Global Variables</li></ol></li><li>What do you mean by DataTypes?<ol><li>String<ol><li>Expandable</li><li>Literal</li><li>String operations</li></ol></li><li>Integer<ol><li>Integer operations</li></ol></li><li>Boolean<ol><li>Bool operations (intro to comparing)</li></ol></li><li>Date<ol><li>Date operations</li></ol></li></ol></li><li>Getting information about a variable<ol><li>GetType()</li><li>Get-Member</li></ol></li><li>Parenthesis, Brackets, and Square Brackets<ol><li>Difference between the three</li></ol></li><li>Data Structures and Collections of Objects<ol><li>Simple Array</li><li>ArrayList</li><li>List&lt;Type&gt;</li><li>Hash Table</li><li>Creating Objects from Hash Table</li></ol></li><li>Conditionals, Time for a Decision<ol><li>Operators</li><li>If/Then</li><li>If/Then/Else</li><li>If/Then/ElseIf</li><li>Testing your Conditionals</li><li>Combining Conditionals<ol><li>-and -or</li></ol></li><li>Switch</li><li>Comparing to $null</li></ol></li><li>Loops, Loops, Loops<ol><li>While</li><li>Do Until</li><li>Do While</li><li>For</li><li>ForEach</li><li>ForEach-Object</li><li>(1..10) Example</li></ol></li><li>Error Handling<ol><li>What is an Error?</li><li>Why am I handling it?</li><li>Types of Errors<ol><li>Terminating</li><li>Non-Terminating</li><li>ErrorAction</li></ol></li><li>Pipeline Pollution<ol><li>What does Polluting the Pipeline mean?</li><li>Example</li><li>How to fix</li></ol></li></ol></li><li>Getting data you want (Selecting, Filtering, Sorting)<ol><li>Select-Object</li><li>Where-Object</li><li>Sort-Object</li></ol></li><li>Functions<ol><li>What is a function?</li><li>Why use a function? Or When to use a function?</li><li>Writing Simple Functions<ol><li>Simple Function</li><li>Simple Function w/Args</li></ol></li><li>Writing Advanced Functions<ol><li>Function with Params</li><li>Function with Advanced Params</li><li>Function with Advanced Params + Common Params</li></ol></li></ol></li><li>Writing and using Cmdlets (Script based)<ol><li>Writing your own cmdlets</li><li>Using your own cmdlets</li></ol></li><li>Dot Sourcing<ol><li>Manual Dot Sourcing</li><li>Profile load dot sourcing</li></ol></li></ol></li>
</ul>

Introduction to PowerShell

Introduction to PowerShell  - Jun 27- Jul 1, 2022 - Tim Davis

Introduction to PowerShell - Feb 14-18, 2022 - Tim Davis

<p>This lab is developed by two experienced Windows Client deployment and management experts, Johan Arwidmark and Peter Löfgren, which makes this lab unique.</p>
<p>The systems and tools used during this training is Group Policy, ConfigMgr, VB Script, PowerShell, so some basic knowledge of that will be a benefit for you.</p>
<h3>Tailored Training or a Scheduled Course?</h3>
<p>We can help you or your team understand your specific skills and development needs. <a href="mailto:hello@truesec.se">Send us a request</a>, and we’ll guide you, or reserve a spot on our next scheduled course below.</p>
<p> </p>
<p><strong>Level</strong><br />
300</p>
<p><strong>Target Audience</strong><br />
IT-pros</p>
<p><strong>Prerequisites</strong><br />
Basic knowledge of Windows Server and Windows Client</p>
<p><strong>Course Objectives</strong><br />
Get a better understanding of the tools available to manage Windows 10 and how to best utilize them.</p>
<p><strong>Material</strong><br />
Labmanual</p>
<p><strong>Details</strong><br />
• Technical Drilldown<br />
• Remote Management<br />
• Remote UI Access<br />
• Enterprise Security<br />
• Manage User Data<br />
• Patch Management<br />
• Customizing Windows 10<br />
• Client Health</p>

Introduction to Windows 10 Management

<p><strong>To improve your organization's resilience against social engineering, you must first understand the anatomy of social engineering attacks. This social engineering class is developed by leading experts at Truesec who not only investigate real social engineering attacks, but also perform social engineering attacks themselves in assessments and Red Team engagements.</strong></p>
<p>A unique hands-on lab for IT managers and security professionals that covers all vectors of social engineering attacks. Learn how to run a phishing campaign to train your users and how to investigate a suspected phishing attack. Besides phishing, this course covers CEO scams, vishing (phone calls), malicious software, physical intrusions, and many other social engineering vectors.</p>
<p>This two-day class wraps up with a discussion on frameworks and methodologies to increase user awareness and maximize the results of user training.</p>
<p> </p>
<div id="lab_text_holder">
<div class="tabContent">
<p id="details" class="smallText"><strong>Level:<br />
</strong>200-300</p>
<p><strong>Who Should Attend:</strong><br />
IT security professionals, CISOs, CSOs</p>
<p><strong><strong>Prerequisites</strong>:</strong></p>
<ul>
<li class="smallText">Basic understanding of IT</li>
<li class="smallText">Preferably a technical background or technical role </li>
</ul>
<p><strong>Goals:</strong></p>
<ul>
<li>Understand how attackers think and different social engineering vectors.</li>
<li>Understanding of fundamental psychological principles.</li>
<li>Practical use of tools to create phishing campaigns to test your organization.</li>
<li>Learn how to investigate phishing and social engineering attacks.</li>
<li>Recommended approaches to create awareness and training programs.</li>
</ul>
<p> </p>
<p><strong>Material:</strong></p>
<ul>
<li>Virtual machines:
<ul>
<li>Windows 10</li>
<li>Kali Linux</li>
</ul>
</li>
<li>Office 365 demo tenant</li>
</ul>
<h2>
<strong>Class Outline</strong></h2>
<p><strong>Day 1:</strong></p>
<ul>
<li>Introduction to social engineering</li>
<li>Demo: Spearphishing with MFA bypass</li>
<li>Recon:
<ul>
<li>Open sources (OSINT)</li>
<li>Human sources (HUMINT)</li>
<li>Technical recon</li>
</ul>
</li>
<li>Phishing:
<ul>
<li>Scenarios and delivery techniques</li>
<li>Landing pages, hosting, website cloning, credential collection</li>
<li>Post-breach activities: forwarding rules, internal phishing, exfiltration, etc.</li>
<li>Protection and detection</li>
</ul>
</li>
<li>Sender mailbox</li>
<li>Landing pages</li>
<li>Post-breach: Forwarding rules, internal phishing, mailbox dumping, etc.</li>
<li>Challenge
<ul>
<li>Create a phishing campaign</li>
<li>Exfiltrate data from hijacked mailboxes and create forward rules</li>
<li>Investigate each other’s campaigns</li>
</ul>
</li>
</ul>
<p><strong>Day 2: </strong></p>
<ul>
<li>Psychological principles, criminology, and manipulation</li>
<li>Vishing:
<ul>
<li>Demo: Caller ID spoofing</li>
</ul>
</li>
<li>Physical intrusions:
<ul>
<li>Challenge: Lockpicking </li>
</ul>
</li>
<li>Malware 
<ul>
<li>Introduction to basic concepts</li>
<li>Delivery, concealment, covert channels, and persistence</li>
<li>Protection and detection</li>
<li>Demo</li>
</ul>
</li>
<li>Cyber training and awareness</li>
</ul>
</div>
</div>

Social Engineering, the Human Side of Security [2 Days]

<h3>Class Overview</h3>
<p>Traditional security methods have focused on using an organization’s network as the primary security limit. But in today’s world, network security often bypasses, especially when data and resources are hosted outside the traditional network boundary, or when opponents gain access to workstations inside the network boundary through phishing and other attacks. Cyber ​​attacks target accounts and other areas of privileged access to quickly access targeted data and systems using credential theft and reuse attacks such as token manipulation, pass-the-hash, and pass-the-ticket.</p>
<p>In this training, you will learn how to handle these critical issues with security features built into Windows Client and Server, as well as in Azure and Microsoft 365, and maximize your investment in the Microsoft platform. It is a unique hands-on lab for IT professionals and IT managers covering all aspects of Windows Enterprise security regarding cyber attack and defense.</p>
<p>The training covers threats that include advanced, persistent (APT), identity theft, hacker tools, and technologies used by cybercrime and malicious authors. It also focuses on how to defend and protect a modern Windows environment using the latest and greatest built-in features and components along with PKI and certificate-based authentication, privileged identity management, remote administration, just-in-time access, behavior monitoring, and more.</p>
<p>Instructors discuss protection and mitigation strategies for each attack scenario covered in the training, based on their extensive real-world experience and knowledge. Using examples from incidents, attacks, and Red Team exercises, they demonstrate the importance of governing privileged access and how it minimizes your organization’s attack surface and thwarts in-progress attacks.</p>
<p>Key players of the Truesec cybersecurity team, consisting of both red and blue team members and other security experts, developed this unique training based on real-world experience from numerous incident response cases, penetration tests, security health checks, Red Team exercises, and security design and architecture projects. They include some of the world’s leading security experts, Cloud and Enterprise Security MVPs, and recognized Microsoft Ignite speakers.</p>
<p>After taking this course, you will fully understand the threats of today and be able to implement security controls that are proven to defend your Microsoft infrastructure effectively in the real world. You will take home key knowledge based on the instructors’ many years of experience helping customers in the field investigate and mitigate security challenges.</p>
<h4><strong>Level</strong></h4>
<p>300 (Advanced)</p>
<h4><strong>Who Should Attend</strong></h4>
<p>IT technicians, administrators, architects, and IT managers who want to learn more about cybersecurity with a focus on Microsoft security.</p>
<h4><strong>Prerequisites</strong></h4>
<p>Good IT knowledge in enterprise environments and in Windows systems, with some experience administrating cloud services.</p>
<h4><strong>Material</strong></h4>
<p>Student lab manual and tools.</p>
<figure id="attachment_1206" style="width:723px;" class="wp-caption alignnone"><img class="wp-image-1206 size-full" src="https://www.truesec.com/wp-content/uploads/2016/11/Speaker-CyberSecure-TrueSec3.jpg" alt="" width="723" height="483" /><figcaption id="caption-attachment-1206" class="wp-caption-text">Hasain “The Wolf” Alshakarti – Well known Cyber Security and Identity Expert</figcaption></figure>
<p> </p>
<h2>Class Outline</h2>
<h4> </h4>
<h3>Module 1 – Introduction</h3>
<ul>
<li>Intelligence report – the latest threats and notes from the field</li>
<li>Anatomy of APTs and targeted attacks</li>
<li>Crypto mining</li>
<li>Ransomware / crypto locking</li>
</ul>
<h4> </h4>
<h3>Module 2 – Initial Recon</h3>
<ul>
<li>Advanced information gathering</li>
<li>Social engineering using social networking, email, and similar</li>
<li>Network and host-based enumeration</li>
<li>System and service enumeration</li>
<li>Vulnerability analysis</li>
</ul>
<h4> </h4>
<h3>Module 3 – Remote Attacks</h3>
<ul>
<li>The anatomy of exploitation</li>
<li>Buffer overflows</li>
<li>Attack frameworks</li>
<li>Password-based attacks, passive and active (brute force, spraying, reuse)</li>
</ul>
<h4> </h4>
<h3>Module 4 – Web/SQL-Based Attacks</h3>
<ul>
<li>The anatomy of web/SQL exploitation</li>
<li>OWASP Top 10</li>
</ul>
<h4> </h4>
<h3>Module 5 – Client-Side Attacks</h3>
<ul>
<li>Phishing attacks</li>
<li>Credential theft</li>
<li>Exploit-based attacks using attack frameworks</li>
</ul>
<h4> </h4>
<h3>Module 6 – Lateral Movement</h3>
<ul>
<li>Remote access tools and Trojans</li>
<li>Lateral movement using dependencies</li>
<li>Passing the hash and passing the ticket</li>
<li>Token manipulation</li>
<li>Other credential extraction</li>
</ul>
<h4> </h4>
<h3>Module 7 – Miscellaneous Attacks</h3>
<ul>
<li>Wireless attacks</li>
<li>Physical attacks including attacks on encrypted laptops</li>
<li>Mobile platforms</li>
</ul>
<h4> </h4>
<h3>Module 8 – System Hardening</h3>
<ul>
<li>Intelligence report – The latest features, tools, and techniques from the field</li>
<li>Windows enterprise-hardening strategies</li>
<li>Security policy configuration, security compliance, and enterprise distribution</li>
<li>System security update strategies – patch management</li>
<li>Implementing AppLocker in the real world</li>
<li>Health attestation (Hyper-V guarded fabric and physical endpoints)</li>
<li>Device encryption (BitLocker)</li>
<li>Device Guard (TPM, Credential Guard)</li>
<li>Hardening system management (WinRM, PowerShell, RDP, WMI, RPC, etc.)</li>
</ul>
<h4> </h4>
<h3>Module 9 – Enterprise Authentication and Authorization</h3>
<ul>
<li>PKI-based authentication</li>
<li>Virtual smartcards, smartcards</li>
<li>Authentication Mechanism Assurance</li>
<li>Active Directory authentication strategies</li>
<li>Claims-based authentication and identity federation (ADFS, Azure AD, other cloud services)</li>
<li>Authentication policies and silos (AD, Kerberos)</li>
<li>Windows Hello for Business</li>
<li>MFA (Azure MFA, Azure AD, token-based, passwordless)</li>
<li>Service accounts (managed service accounts, service account strategies)</li>
<li>Privileged Access Management (Privileged Access Management with Active Directory, Azure Privileged Identity Access Management, JIT, JEA, etc.)</li>
<li>Secure Score (Azure AD, Office 365, Azure ATP)</li>
<li>Dynamic Access Control and conditional access policies (on-prem, Azure AD)</li>
</ul>
<h3> </h3>
<h3>Module 10 – Network Security</h3>
<ul>
<li>IPSEC/domain Isolation (zero trust networks)</li>
<li>Server/service isolation (OnPrem, Azure Security Groups, Azure Firewall)</li>
<li>Windows Advanced Firewall</li>
<li>Direct access/always-on VPN</li>
</ul>
<p> </p>
<h3>Module 11 – Auditing</h3>
<ul>
<li>Endpoint monitoring (Sysmon, ELK)</li>
<li>Windows Defender ATP</li>
<li>Azure Log Analytics</li>
<li>PowerShell logging</li>
<li>Advanced auditing</li>
</ul>
<p> </p>
<h3>Module 12 – Data Protection</h3>
<ul>
<li>Azure Identity Protection</li>
<li>BitLocker</li>
<li>Rights Management Services</li>
<li> File system encryption</li>
</ul>
<p> </p>
<h3>Module 13 – Summary</h3>
<ul>
<li>Mitigation and protection strategies</li>
<li>Incident response</li>
</ul>

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Identify Your Vulnerabilities and Risks

Develop and Manage Your IT Securely

Detect and Respond to Intrusion

Respond to and Quickly Overcome a Cyber Attack

Get Cybersecurity Advice

How We Help

Our Services

Are you under attack?

Identify Your Vulnerabilities and Risks

Develop and Manage Your IT Securely

Detect and Respond to Intrusion

Respond to and Quickly Overcome a Cyber Attack

Get Cybersecurity Advice

How We Help

Our Services

Are you under attack?

Application Security Testing and Mitigation for Developers and Testers

Enquire training

Online trainings

Training

M365 Security Boost

Training

Application Security Testing and Mitigation for Developers and Testers

Training

Secure Coding Patterns

Training

Implementing Microsoft 365 Security Solutions

Training

Managing Endpoints With Microsoft Intune

Training

Mobile Device Management Using Microsoft Intune

Training

Introduction to PowerShell

Training

Introduction to Windows 10 Management

Training

Social Engineering, the Human Side of Security [2 Days]

Training

Cybersecurity Threats and Defenses in a Microsoft 365 Platform

Stay ahead in cyber

You might also like...