WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 25, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Microsoft recently released a report, Cyber Signals, detailing recent trends in the ransomware sphere, most notably the rise of the ransomware-as-a-service (RaaS) economy. RaaS groups, instead of doing the attacking themselves, are selling the toolkits and information necessary for other criminals to perform successful attacks.
In light of these trends, Microsoft has suggested some preventive measures you can take within your Microsoft 365 toolset to protect your environment against ransomware. However, if you’re like most organizations out there, you have tools outside the Microsoft suite. In this blog, we’ll review the recommendations from the report and how to supplement your ransomware strategy beyond just Microsoft tools using the ReliaQuest security operations platform, GreyMatter.
Microsoft’s recommendations focus on three key areas: credential hygiene, visibility, and tool management.
The big recommendation here is multi-factor authentication (MFA). The tech giant advises that organizations implement a zero-trust policy, requiring MFA “on all devices, in all locations, at all times” using Microsoft Authenticator or other tools like FIDO keys. You should also apply this strategy to the cloud in addition to your on-prem resources, Microsoft says, since attackers are increasingly targeting cloud assets.
Network segmentation is key to preventing lateral movement. In its recommendations, Microsoft emphasizes the importance of developing a logical segmentation of your networks, so that if the worst happens, you can efficiently shut down the affected areas and limit spread. Microsoft offers multiple features within Azure to help you do this, including Network Security Groups, Web Application Firewall, and various password and access tools.
In addition to bolstering your protections, Microsoft suggests implementing a regular audit for compromised credentials so security teams can quickly isolate accounts that show evidence of compromise before things get out of hand. There are a number of tools out there to help you do this, including the open-source BloodHound. But be wary—attackers also use it to their advantage.
Blind spots continue to plague security organizations. Recent research by the Ponemon Institute shows that 58% of security leaders cite “lack of visibility and blind spots in coverage” as the number-one difficulty with protecting business assets. And when a potential attacker or RaaS “access broker” gets wind of a blind spot, it can mean big money for them and big losses for their target.
So, it makes sense that Microsoft would list addressing blind spots as a key measure in preventing ransomware, and they cite the proper installation and maintenance of security products as the best way to do that. And, of course, they list several of their own tools to help address blind spots, including Microsoft Defender Antivirus, 365 Defender, Defender for Endpoint, and Defender for Identity.
Learn how ReliaQuest can amplify Microsoft Defender >
Most companies employ several security tools to help them protect their assets and optimize their security operations, which broadens the attack surface and introduces more opportunity for error. Microsoft recommends following these steps to help protect your organization from ransomware infections via your tooling:
Microsoft Defender for Endpoint provides a threat and vulnerability management capability that can help Microsoft users identify and repair vulnerabilities.
The advice provided in Cyber Signals is on-point. However, most organizations have security tools that reside outside the Microsoft 365 E5 ecosystem, including SIEMs, firewalls, and EDRs. Microsoft provides powerful capabilities within its software set—ReliaQuest GreyMatter amplifies those capabilities to cover your non-Microsoft tools, too.
At ReliaQuest, we’ve built our security operations platform, GreyMatter, to integrate with any tool you already have—including but not limited to the Microsoft 365 E5 suite, so you are protected from end to end and can manage all your security tools in one platform.
GreyMatter uses robust automation and innovative technology to extend the protections recommended above to any tool you’re already using. With bi-directional integrations, GreyMatter can communicate to and from your security tools, providing greater visibility across your network and better insights into tool performance. It also allows GreyMatter to ensure your tools are constantly up to date.
And, with our recent acquisition of Digital Shadows (now ReliaQuest), we can search the dark web for any indication that your credentials or other assets have been leaked or otherwise compromised and to help you quickly take action to address threats to your organization.
With ReliaQuest GreyMatter, you can gain true protection across your ecosystem, whether you’re an exclusively Microsoft shop or not.