• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft To Build New Azure Cloud Data Centers In Greece

IT security under attack: A typical day in the life of an IT admin or security analyst

December 16, 2020
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

March 4, 2021
8×8 makes raft of updates to platform

BitDam ATP+ protects Office 365 users from unknown threats

March 4, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Cloud Network Engineer – Associate – ATL

March 3, 2021
Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

March 3, 2021
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Sunday, March 7, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Microsoft To Build New Azure Cloud Data Centers In Greece

    Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft makes passwordless push in Azure Active Directory

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

    8×8 makes raft of updates to platform

    BitDam ATP+ protects Office 365 users from unknown threats

    Microsoft Outlines How To Set Up Windows Virtual Desktop

    What’s New in Tufin Orchestration Suite 21-1

    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Microsoft Power BI Premium Per User pricing is a game changer

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Cloud Network Engineer – Associate – ATL

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

IT security under attack: A typical day in the life of an IT admin or security analyst

by AZURE SECURITY NEWS EDITOR
December 16, 2020
in Business
0
Microsoft To Build New Azure Cloud Data Centers In Greece
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

The job of IT admins and IT security analysts are, without a doubt, some of the most important jobs in any company. When things are running smoothly, it is easy for everyone to forget they exist. However, the moment things go askew, everyone points fingers at them.

 IT security professionals are expected to know everything. Most of them are self-taught and have learned on-the-job. Over time, experience has turned them into battle-hardened soldiers. The pressure is real, as they are responsible for the configuration, administration and, most importantly, the security of the entire infrastructure.

Let’s take a look at a typical day in the life of an IT admin or a security analyst to learn about the common difficulties they face while monitoring their IT environment for security changes, working with security tools, and more. Organizations might have a separate Security Operations Center (SOC) team to monitor security events in the network, but most of the time the responsibilities of a SOC team are handled by IT admins. Regardless of who manages these vital duties, the complexities remain the same.

Why is the timely capture of security change information important?

Here’s an example of a password attack on Windows endpoints in an Active Directory environment. Attackers hide in plain sight by using features and tools that are native to the Windows OS, in this case, PowerShell.

//www.youtube.com/watch?v=zrfPCJKLsUM

The only way to detect password guessing attacks is to monitor the logon events across every server in the network. But there are a high volume of logon events produced as we have already observed. The native auditing tools, such as Windows Event Viewer, do not have the necessary abilities to filter through these events, and cannot give you the insights you need.

Typical security challenges faced by IT admins:

Monday morning (A fresh start to the week):

Let’s take a look at a typical day at work for IT admins, and the challenges they face monitoring security changes in the network. We’ll share details in this blog based on candid interactions we’ve conducted recently with IT admins based throughout the world. This schedule may vary, depending on the IT configuration and the industry the organizations belong to.

When we asked what was checked first thing Monday morning, one IT admin offered, a bit sarcastically: “I discover any changes made on the domain while I was away over the weekend! I typically look for unusual logons on servers now that we’re working remotely, and modifications done by our help desks or authorized department managers.”

For example, the security changes that IT admins are looking for could be anything, such as:

  • A simple logon on a server, even a domain controller, or on a cloud directory (like Azure)
  • A permission granted on a file and folder
  • Attribute changes, such as memberships of security groups, or a manager changed for a security object, like users, groups or computers

To discover all the security events that could have occurred from Friday evening and up until Monday morning, IT admins have to depend primarily on Windows event logs. Unfortunately, this log data is dumped into one location, and the sheer number of events makes it complicated to gain a bird’s-eye view of all changes that occurred in the domain.

Before lunch:

Discovering security changes on the domain is time-consuming and, on a good day, the entire process might take up to three hours. It’s even more time-consuming now as  organizations are starting to adopt public cloud services (like Azure AD) alongside traditional on-premises infrastructures.

To maximize available time and resources, IT admins should prioritize and manage the next most crucial tasks of the day by tending to requests and tickets.

Here are examples of some requests that IT admins typically receive, and their internal thought process:

As you can see, although an IT admin tends to the requests and tickets, the skepticism and fear of something unsuitable happening secretly haunts them. Unfortunately, time is not a friend, end users have their job responsibilities and typically can’t wait long for a resolution. After a stressful morning of discovering security changes, handling requests and tickets, it’s finally time for the best part of the day, lunch! (This is probably the only “me time’” IT admins enjoy.)

Afternoon to Evening:

Post-lunch is for confirming if every event that occurred in the network is authorized or not. This is often the most difficult part of the work day as an IT admin needs to survey various components of an IT infrastructure. For example:

  • What are the actions performed by privileged users? Was an end user granted an IT admin role?
  • Did help desk reset a users password? Alternatively, did a user self-reset their own password?
  • Was data inside a file modified? Was a user given access to read or modify a sensitive file or folder?
  • Was the manager of a group changed? Did an end user assume ownership of a folder?

It is crucial for all of the changes above to be monitored. However, a malicious actor with a goal will opt to use stealthier and more advanced techniques, including:

  • Modifying Windows firewall inbound and outbound rules
  • Trying to brute-force a victim’s VPN logon
  • Running scripts to obtain domain-rich information, and discover vulnerabilities and possible opportunities for a privileged escalation
  • Creating a scheduled task to install malware in the registry keys in the systems
  • Introducing malicious executables in core configuration folders (like the SYSVOL folder of group policies) to propagate malware across endpoints
  • Granting illicit consent to an application configured in Azure, to maintain backdoor access, and more

Some of the biggest challenges faced by IT security professionals include varying IT environments, the increasing number of users and devices, modified permissions, access, and data spread across infrastructures, and a high volume of logs produced by various devices in the network.

Clearly, an IT admin cannot depend on the native options to detect these security changes. The process involves a lot of manual work. It is error prone and time-consuming, which makes IT security confusing, at best.

It’s the end of the day, and the IT admin leaves work feeling dejected, hoping things remain unchanged so progress can be made tomorrow. Another day, another dollar, right? No. Unfortunately, this is how security incidents happen.

It’s important to collect the log’s security events, filter them, detect issues, and send alerts on suspicious events promptly.

Sometimes, detecting a security change is not sufficient. Your organization should have a real-time alert mechanism, and a mitigation action in position to counter any unauthorized security changes.

Want to improve your security plan? Visit our IT security under attack page, watch live simulations of widely used attack techniques on various IT environments, like Active Directory, Azure AD, Windows environments and more, and build a complete defense strategy with ManageEngine Log360.

Reference:https://securityboulevard.com/2020/12/it-security-under-attack-a-typical-day-in-the-life-of-an-it-admin-or-security-analyst/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Releases Azure AD My App and New Risk Detections for Identity Protection into GA

by AZURE SECURITY NEWS EDITOR
March 4, 2021
0

Microsoft recently released a few new Azure Active Directory (AD) features, namely My Apps "collections" and new "risk detections" capabilities, into general availability (GA)....

Microsoft Outlines How To Set Up Windows Virtual Desktop

What’s New in Tufin Orchestration Suite 21-1

by AZURE SECURITY NEWS EDITOR
March 3, 2021
0

Tufin 21-1 is packed full of new features and product enhancements, including incorporating many of our customers’ requests, to help...

Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

by AZURE SECURITY NEWS EDITOR
March 2, 2021
0

BitDam, a leading provider of cybersecurity solutions that protect business communications from unknown threats, today announced the availability of BitDam ATP+, its...

Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Cloud Security in Banking Market Report provides a holistic evaluation of the market for the forecast period (2020–2026)....

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Microsoft To Build New Azure Cloud Data Centers In Greece

Yubico Makes Passwordless Authentication Generally Available for Azure AD Users

March 5, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft makes passwordless push in Azure Active Directory

March 5, 2021
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Microsoft Power BI Premium Per User pricing is a game changer

March 4, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In