- CISA Releases New Handbook for Businesses and Public Enterprises
- The guide covers Microsoft’s extended cloud logs
- Microsoft expanded its cloud logs after the July 2023 Outlook incident
Microsoft recently expanded the logging capabilities of its cloud services, which could lead to significant changes for US government organizations.
In July 2023, a Chinese state-sponsored threat actor found a way to access email accounts belonging to officials working at the State Department and the Commerce Department. The consequences were major and led Microsoft to expand free logging capabilities for all Purview Audit Standard users, among other changes.
Today, the US Cybersecurity and Infrastructure Security Agency (CISA) released its guidance, telling government agencies and businesses how to take advantage of the changes.
Browse expanded logs
The new guidelines are a 60-page manual, so the changes could be quite significant.
“These capabilities also allow organizations to monitor and analyze thousands of user and administrator operations performed across dozens of Microsoft services and solutions,” CISA said. “These logs provide new telemetry to improve threat hunting capabilities for business email compromise (BEC), state-level advanced threat activity, and potential insider risk scenarios.”
The instructions also explain how to navigate logs developed in Microsoft 365 and how to use them with Microsoft Sentinel and Splunk Security Information and Event Management (SIEM) systems.
In July 2023, the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft’s Outlook email system to gain unauthorized access to email accounts belonging to US government agencies and other organizations. The attackers used a stolen Microsoft security key to forge authentication tokens, bypassing security measures.
As a result, Microsoft was forced to revoke the compromised security key, strengthen its token validation systems, and improve transparency by providing detailed incident reports and security updates to affected customers. Additionally, its cloud security practices have come under scrutiny and there has been pressure to improve safeguards to avoid similar breaches in the future.
Microsoft also launched its Secure Future Initiative (SFI) in November 2023, a comprehensive cybersecurity program aimed at improving the security resilience of its products and services. It has invested heavily in advanced threat detection, prevention and response capabilities.
Via BeepComputer
