Service Principles in the Spotlight: Insights from Microsoft’s Security Experts

<p>Senior Data Scientist <a href="https://www.linkedin.com/in/emilyyale2a2516182/" rel="noopener noreferrer" target="_blank">Emily Yale</a> and Senior Threat Hunt Analyst at Microsoft <a href="https://www.linkedin.com/in/christopher-bukavich-7534b09b/" rel="noopener noreferrer" target="_blank">Chris Bukavich</a> join Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Chris focuses on incident response, investigation, and detection of major incidents, while Emily works on developing and improving detections for Microsoft's internal security. Emily and Chris were co-presenters at this year's BlueHat conference. They discussed unmasking Azure-based adversaries with an emphasis on monitoring service principles,  how their respective expertise in data science and cybersecurity contributed to the session, and the challenges of monitoring service principles in Azure. This concept has evolved from traditional service accounts. </p><p> </p><p> </p><p><strong>In This Episode You Will Learn</strong>:    </p><p> </p><ul><li>The importance of monitoring spikes in activity </li><li>Criteria for identifying malicious behavior targeting service principles </li><li>Historical context of service principles and their increasing relevance </li></ul><p> </p><p><strong>Some Questions We Ask:</strong>    </p><p> </p><ul><li>How can you proactively monitor and detect anomalies related to service principles? </li><li>What challenges arise when profiling service principles based on past behavior? </li><li>When can service principles be tied to user authentication? </li></ul><p> </p><p><strong>Resources:</strong>  </p><p><a href="https://www.linkedin.com/in/emilyyale2a2516182/" rel="noopener noreferrer" target="_blank">View Emily Yale on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/christopher-bukavich-7534b09b/" rel="noopener noreferrer" target="_blank">View Chris Bukavich on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a> </p><p> </p><p><strong>Related Microsoft Podcasts:</strong> </p><ul><li><a href="https://msthreatintelpodcast.com/" rel="noopener noreferrer" target="_blank">Microsoft Threat Intelligence Podcast</a> </li><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a> </li><li><a href="https://uncoveringhiddenrisks.com/" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a> </li></ul><p><br></p><p>      </p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a> </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p>

The BlueHat Podcast · Microsoft