• Data Retention and Compliance : Greg and Dave discussed the challenges law firms face with data retention and compliance, especially with large amounts of data from cases and litigation. Dave highlighted the importance of understanding state-specific requirements and balancing data accessibility with cost and performance considerations.
  
  • State-Specific Requirements: Dave explained that data retention requirements vary by state, and Helient ensures compliance with these regulations for their clients.
• Data Volume: Dave discussed the large volumes of data law firms handle, including case notes, litigation notes, and deposition recordings, and the challenges of managing this data efficiently.
• Data Accessibility: Dave highlighted the need to balance data accessibility with cost and performance, suggesting strategies like keeping recent data readily accessible and archiving older data.
• Endpoint Security and User Experience : Greg and Dave talked about the importance of endpoint security, especially with the increasing use of mobile devices. Dave explained how Helient uses Intune and conditional access policies to ensure secure access to virtual desktops, emphasizing the need for a seamless user experience.
• Intune and Conditional Access: Dave explained how Helient uses Intune for device provisioning and conditional access policies in Azure AD to secure endpoint access.
• MFA and User Adoption : Greg and Dave discussed the challenges of implementing MFA in law firms, particularly the need to balance security with user experience. Dave emphasized the importance of setting user expectations and normalizing MFA prompts to ensure adoption without causing frustration
• Zero Trust Framework : Greg and Dave discussed the importance of the Zero Trust framework in securing law firm environments. Dave highlighted the benefits of using privileged identity management and regular access reviews to ensure a secure and compliant infrastructure.
• Privileged Identity Management: Dave highlighted the benefits of using Azure Privileged Identity Management (PIM) to secure high-level access roles and ensure that only authorized users can perform sensitive actions.
• Data Retention and Compliance: Greg and Dave discussed the challenges law firms face with data retention and compliance, especially with large amounts of data from cases and litigation. Dave highlighted the importance of understanding state-specific requirements and balancing data accessibility with cost and performance considerations.
• MFA and User Adoption: Greg and Dave discussed the challenges of implementing MFA in law firms, particularly the need to balance security with user experience. Dave emphasized the importance of setting user expectations and normalizing MFA prompts to ensure adoption without causing frustration.
• AI and Copilot Adoption: Michael asked about Helient's guidance on adopting AI tools like Copilot in law firms. Dave explained that Helient is extensively testing these tools to ensure they provide value while maintaining data security and compliance.
• Zero Trust Framework: Greg and Dave discussed the importance of the Zero Trust framework in securing law firm environments. Dave highlighted the benefits of using privileged identity management and regular access reviews to ensure a secure and compliant infrastructure.
• Consolidation and Platform Approach: Greg and Dave talked about the advantages of a best-of-platform approach over best-of-breed solutions. Dave emphasized the value of leveraging Microsoft's comprehensive security signals and tools to provide a unified and secure environment for clients.

Interviewing Simon Strain, a Microsoft CSAM (Customer Success Account Manager).
We discuss: support, AI, Berst of Breed vs. Best of Platform, MTC, Zero Trust, Microsoft Dart and much more. Thank you for tuning in.

2024's first episode is with award winning partner Difenda and we are talking Defender for Cloud. #Automation #CloudSecurity #CyberSecurityMaturityModel #Defender #Difenda

We asked 11 security professionals the same question over the course of 2023...."IF you were the new CISO at your "dream organization," what is the first move you make?" We gained insight and identified trends from the answers given, as well as gained insight from what was NOT said. Welcome to 2024 - Happy New Year!

· Microsoft Detection and Response Team, DART

· Nashville, Tennessee

· Posture Management

· Top 3 categories of data breach:

o Cloud misconfigurations is number 3

· Scattered Spider

· Adversary in the middle attacks

· Authentication

· Lemon Duck

· Identity compromise

· Moving at the Speed of DevOps

· Security Training

· DevSecOps

· Threat Modeling

· SQL Injection

· Secret Scanning

· Infrastructure As A Code

· Source Code Management – SCM

· Push Protection

· Key Vault

· Log4j

· Polymorphic

· SBOM – Software Bill of Materials

· NotPetya

· 5th Generation attacks

· WAF – Web Application Firewall

· SMBv1

· AI – Artificial Intelligence

· Black Mamba polymorphic malware

· Azure Policy

· NIST

· Framework

· S3Buckets

· Hub and Spoke

· Resource Groups

· Management Groups

· Permissions

· Subscription Management

All things Microsoft Security Copilot.

• EAP
• GA
• Upskill
• Consolidate

Microsoft Security Copilot is an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes.

A security focused conversation with Mark King, Americas Security Digital Sales Leader where most interview questions were generated by M365 Copilot. We cover Copilot, Sentinel, the magic quadrant, and I.T. staffs wearing multiple hats.

Introductions:

Chris Baird = Sr. Security Consultant

Lighthouse: Global organization

Amren Gill = Purview Security Stack (DLP, Insider Risk)

#ZeroTrust

#Endpoint

#Telemetry

#Privacy

#Compliance

#DataProtection

#Identity

#BestOfBreed

#PrivacyAssessment

#ZeroDay

#MaximizeInvestment

#Ransomware

#DataLeak

#DataAsset

#DataGovernence

#DataCatalog

#CustomerEducation

#DataClassification

#Enterprise

#Global

#PowerShell

#DataRetention

#Dashboard

#SharePoint

#DataDisposal

#LitigationHold

#E-DiscoveryHold

#LegalHold

#FederatedData

#Purview

#Classification

#MetaData

#AIPscan

#ContentExplorer

#PII

#PCI

#Regulation

#Template

#LayeredControl

#DataHandlingPolicy

#TrainableClassifiers

#AImodels

#MultiTennant

#M365

#InsiderRisk

#SolutionsPartner

#E-Discovery

#Attorney

#Agentless

#BehaviorAnalytics

#Threshold

#RiskScore

#ThreatActor

#Context

#RiskProfile

#AdaptiveProtection

#Trends

#RiskAppetite

#Connectors

#HRConnector

#PhysicalBadegeConnector

#EnvironmentScan

#CurrentStateAssessment

#MIP

#Pilot

#PoC

#Trial

#SecurityPosture

#RiskGap