At Amazing Dino Consulting, we recognize the importance of data classification and protection. With the influx of data coming in and out of organizations daily, safeguarding your sensitive information is more crucial than ever. Leveraging Microsoft Information Protection (MIP) provides an efficient way to classify and protect sensitive data based on its content. In this blog post, we'll explore dynamic content marking, a feature that can automate and tailor protection measures for your documents. What is Dynamic Content Marking? Dynamic content marking in MIP allows organizations to automatically append specific labels, headers, footers, or watermarks to documents based on predefined variables. This provides a layer of information about the document, enhancing data governance and compliance. How Does It Work? When you configure a sensitivity label for content markings in MIP, you can use variables in the text string for your header, footer, or watermark. The supported variables include: ${Item.Label} : Label display name of the label applied. Example: General ${Item.Name} : File name or email subject of the content being labeled. Example: Sales.docx ${Item.Location} : Path and file name of the document or the email subject for an email being labeled. Example: \Sales\2023\Q3\Report.docx ${User.Name} : Display name of the user applying the label. Example: Richard Simone ${User.PrincipalName} : Azure AD user principal name (UPN) of the user applying the label. Example: t est@amazingdino.testing ${Event.DateTime} : Date and time when the content is labeled, either in the local time zone of the user in Microsoft 365 apps or UTC for Office Online and auto-labeling policies. Example: 8/10/2023 1:30 PM Note: The syntax for these variables is case-sensitive. Demonstration First, go to compliance.microsoft.com->Information Protection->Labels and click "create a label". Then, enter the name and associate information.

Azure AD Applicaiton Proxy

In this blog post, we discuss the basics of email security, the security features provided by Office 365, why third-party email security is still required. We state that while Office 365 provides a number of built-in security features, it is important to note that third-party email security is still required. We concludes the blog post and welcome anyone who is interested in learning more about the services to contact us.

There are multiple considerations on selecting SASE solution. Here are soem of my personal view. Point of Presence SASE points of presence (POPs) are typically deployed in public clouds or data centres and are managed by vendors. However, some solution may allow you to add the gateway software and become customer’s POP to meet your need. Each vendor has its own performance limitations for their POPs, including throughput (some vendors only support sub-1Gbps), the number of concurrent sessions, and their auto-scale policy (which may need to be inquired about). Available bandwidth from the POP is key area you need to consider. Beware on the latency between your CPE or client and security POP. For example, your CPE in Vietnam may end up connect to SASE POP in SG which may add up to 40-60ms. Security feature I would say the following are MUST have features TLS/SSL Decryption for detecting callback traffic and the certificate must be installed automatically by the VPN client DNS security - detecting DNS tunnel traffic as some exfiltration traffic are tunneled inside DNS traffic AI-driven and up-to-date URL categorization and filtering capable of zero-day Malware detection For SaaS, it depends on whether you have any existing solution in place, those are the key one you need to look at. SaaS security - please note that not every vendor may support the SaaS that you are using DLP Logging, monitoring and Reporting The following are mandatory features I will look into myself SIEM integration end to end network performance analysis - from end user to the application Be able to search log in the management portal Be able to generate executive summary report with some level of customization Last but not least, you should do proof-of-concept testing to validate your use case when you select right SASE solution. I do see many successful implementation are required well-defined use case and proof-of-concept testing to pick the right solution. Contact us if you need help from selecting right SASE solution for you.

When it comes to cybersecurity, endpoint detection and response (EDR) and extended detection and response (XDR) are two terms you may have heard thrown around. But what exactly do these terms mean and why should you care? In this blog post, we'll explore what EDR and XDR are, how they differ, and how to select the right software for your organization. First, let's start with EDR. EDR refers to the process of detecting and responding to security incidents on endpoint devices such as laptops, servers, and mobile devices. EDR software typically monitors endpoint activity for suspicious behavior, such as the execution of malware, and provides the necessary tools for incident response, such as the ability to isolate or quarantine infected devices. On the other hand, XDR is an extension of EDR, taking a more holistic approach to incident detection and response. Instead of focusing solely on endpoint devices, XDR considers security incidents across multiple points of the network, including cloud, network, and email. This allows for a more comprehensive view of an organization's security posture, enabling the detection of threats that may have otherwise gone unnoticed. When it comes to selecting the right EDR or XDR software, there are a few key factors to consider: Platform coverage: Does the software cover the platforms and devices that are most relevant to your organization? Are you looking for support for Windows, Mac, and Linux systems, or do you need to monitor mobile devices as well? Detection and response capabilities: What types of threats does the software detect and how does it respond to them? Some EDR and XDR software may only detect known threats, while others use machine learning to detect unknown threats. Similarly, some software may only provide basic response capabilities, while others offer advanced options such as automated quarantine or forensic analysis. Integration: Does the software integrate with SIEM or SOC you are already using? For example, if you have a SIEM in place, can the EDR or XDR software send alerts to it? Pricing: What is the cost of the software, including any additional costs such as licensing fees or maintenance? Scalability: Does the software scale to match your organization's needs as it grows and expands? As an example, there was a case with a listed company mainly using Windows computers only with traditional anti-virus software. This company looks for seamless migration toward EDR solution. It takes the following considerations to select right solution and deploy within 4 weeks. The effectiveness of the solution - detection of malicious activities and unknown threats Whether existing SaaS solution has included EDR solution. Please note that some vendor such as Microsoft 365 has incuded this option where you don't need to spend extra to buy additional licenses Whether the solution can easily integrated with the SOC provider, including whether there is custom detection rules on top of this solution This company end up selecting Microsoft Defender for Endpoint as they have been using Microsoft 365 E5 which includes everything that satisify above selection criteria. The other example is about which companies got security incident and need rapid deploying of EDR solution to help to relief the situation. We have seen that customer has used various options such as SentinelOne and CrowdStrike that fix the issue and meet the business need. When selecting EDR or XDR software, it is important to take a holistic approach and consider all the key factors that are relevant to your organization. By doing so, you can select a solution that provides the right level of protection and allows you to effectively respond to incidents as they arise. At Amazing Dino, we understand the importance of cybersecurity and have helped many organizations navigate the EDR and XDR landscape. If you're looking for professional guidance and support in selecting the right software for your organization, please don't hesitate to reach out to us. We're here to help you protect your business and ensure your peace of mind.

Introduction As businesses increasingly rely on technology to support their operations and communication, the security of their IT infrastructure becomes a critical concern. Cyber threats such as malware, phishing attacks, and data breaches can not only disrupt business operations, but also damage a company's reputation and financial well-being. To protect against these threats, it is important for businesses to implement effective security measures for their IT infrastructure. In this blog post, we will explore a simple and effective way to secure the SMB IT infrastructure using various approach. SaaS-first approach Software as a Service (SaaS) refers to software that is delivered and accessed over the internet, rather than being installed and run on a local computer or server. This delivery model has several benefits for businesses, including reduced maintenance and upfront costs, ease of deployment, and automatic updates. A SaaS-first approach involves prioritizing the use of SaaS solutions for the SMB IT infrastructure, rather than relying on traditional on-premises software. This can help businesses reduce the complexity and cost of managing their IT infrastructure, as well as take advantage of the latest technologies and features offered by SaaS providers. There are various SaaS solutions that can be used to secure the IT infrastructure, including cloud-based security and collaboration tools. For example, you can deploy a cloud-based endpoint management solution such as Microsoft Intune to manage and update your Windows PCs, reducing the risk of vulnerabilities. Additionally, you can deploy a cloud-based email security solution, such as Avanan, Proofpoint, or EMS in Microsoft 365, to protect against phishing attacks. Endpoint protection Endpoint devices, such as laptops and smartphones, are an essential part of the SMB IT infrastructure, as they are used to access company resources and data. However, they also present a potential security risk, as they can be lost, stolen, or infected with malware. To protect against these risks, it is important for businesses to implement endpoint protection measures. One effective way to protect endpoint devices is through the use of endpoint detection and response (EDR) systems. These systems use artificial intelligence and machine learning to monitor endpoint activity in real-time and detect and respond to threats. EDR solutions can provide a range of benefits, including the ability to detect and prevent malware infections, identify and investigate suspicious activity, and respond to threats automatically or through manual intervention. There are several EDR solutions available on the market, including Crowdstrike, Microsoft Defender for Endpoint, and Sentinel One . When choosing an EDR solution, businesses should consider the size and needs of the organization, as well as the features and performance of the solution. Some important features to consider include the ability to detect and prevent malware, the level of integration with other security tools and systems, and the level of user control and customization. To ensure the effectiveness of the EDR solution, businesses should also conduct user training, set up security policies and procedures, and regularly update and test the solution. Backup for your SaaS One important aspect of securing the SMB IT infrastructure is ensuring that data is backed up and can be recovered in case of an outage or disaster. When using SaaS solutions, it is important to confirm that the provider offers adequate backup and recovery capabilities. This may include options for backup frequency, location, and duration, as well as the ability to restore data to a specific point in time. For example, you can adopt Dropsuite to backup your Microsoft 365 and Google Workspace. SASE for working anywhere As more businesses adopt remote work, the SMB IT infrastructure must support secure and reliable connectivity from anywhere. A Secure Access Service Edge (SASE) solution can help achieve this by combining network security, cloud security, and network performance optimization into a single, cloud-based service. SASE solutions can provide a secure connection to company resources and applications from any location, using technologies such as virtual private networks (VPNs) and secure web gateways (SWGs). They can also protect against cyber threats such as malware, phishing, and data breaches, using features such as threat intelligence and analytics, sandboxing, and intrusion prevention. By implementing a SASE solution, businesses can enable secure and efficient remote work for their employees. Conclusion In conclusion, securing the SMB IT infrastructure is essential for businesses to protect against cyber threats and support their operations. By using a SaaS-first approach, integrating systems and applications through APIs, protecting endpoint devices, and implementing a secure service edge, businesses can create a secure and efficient IT infrastructure that enables remote work and supports their business goals. By considering the various options and best practices outlined in this blog post, businesses can take steps to ensure the security and reliability of their IT infrastructure.

Email backup and email archiving are important practices that every business should implement in order to protect their critical data and maintain compliance with regulatory requirements. In this blog, we will explain what email backup and email archiving are, why they are important, and why businesses should consider using a third-party solution for these services. What is Email Backup? Email backup is the process of creating copies of your email data and storing them in a secure location. This is done in order to protect against data loss due to hardware failure, human error, or other unforeseen events. By regularly backing up your email data, you can ensure that you have a copy of your critical information in case something goes wrong. What is Email Archiving? Email archiving is the process of storing, preserving, and managing your email data for long-term retention. This is typically done in order to meet regulatory requirements or to keep a record of business communications for legal purposes. Email archiving involves the creation of a copy of your email data and storing it in a secure location that is separate from your primary email system. Why are Email Backup and Email Archiving Important? There are several reasons why email backup and email archiving are important for businesses: Data Loss Prevention: Email is a critical part of most businesses, and losing access to your email data could have serious consequences. By regularly backing up your email data, you can ensure that you have a copy of your data in case something goes wrong. Compliance: Many businesses are subject to regulatory requirements that mandate the retention of certain types of data, including email. Email archiving helps businesses meet these requirements by storing a copy of their email data in a secure location. Legal Protection: In the event of a legal dispute, businesses may be required to produce copies of their email data as evidence. Email archiving helps businesses meet these requirements by storing a copy of their email data in a secure location. Why Use a Third-Party Email Backup and Archiving Solution? While it is possible to create your own email backup and archiving system, there are several reasons why businesses should consider using a third-party solution: Expertise: Third-party email backup and archiving solutions are typically provided by companies that specialize in these services. This means that they have the expertise and resources to provide reliable, secure, and compliant solutions. Ease of Use: Third-party email backup and archiving solutions are often easy to use and require minimal setup and maintenance. This allows businesses to focus on their core operations rather than worrying about managing their email data. Cost-Effective: Third-party email backup and archiving solutions can be more cost-effective than building and maintaining your own system. This is especially true for small and medium-sized businesses that may not have the resources or expertise to build their own system. Examples of the Consequences of Not Having Email Backup and Archiving Here are a few examples of the consequences that businesses may face if they do not have proper email backup and archiving in place: Data Loss: Without proper email backup, businesses may lose access to their email data if something goes wrong with their email system. This could result in lost productivity, lost revenue, and other negative impacts on the business. Non-Compliance: If a business is subject to regulatory requirements and does not have proper email archiving in place, they may face fines and other penalties for non-compliance. Legal Liability: In the event of a legal dispute, businesses that do not have proper email archiving in place may face difficulty producing copies of their email data as evidence. This could result in legal liability for the business. Reputational Damage: If a business experiences a data breach or other data loss event, it could damage their reputation and lead to the loss of customers and revenue. Conclusion Email backup and email archiving are important practices that every business should implement in order to protect their critical data and maintain compliance with regulatory requirements. While it is possible to create your own email backup and archiving system, it is often more cost-effective and easier to use a third-party solution. By using a third-party email backup and archiving solution, businesses can ensure that their email data is secure, compliant, and easily accessible when needed. If you are interested in learning more about email backup and archiving or would like to discuss your options with a trusted provider, we encourage you to contact us for more information. Our team of experts is here to help you find the right solution for your business.