Windows Ransomware Detection and Protection: Securing Windows endpoints, the cloud, and infrastructure using Microsoft Intune, Sentinel, and Defender

Protect your end users and IT infrastructure against common ransomware attack vectors and efficiently monitor future threats

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Learn to build security monitoring solutions based on Microsoft 365 and Sentinel
• Understand how Zero-Trust access and SASE services can help in mitigating risks
• Build a secure foundation for Windows endpoints, email, infrastructure, and cloud services

Book Description

If you're looking for an effective way to secure your environment against ransomware attacks, this is the book for you. From teaching you how to monitor security threats to establishing countermeasures to protect against ransomware attacks, Windows Ransomware Detection and Protection has it all covered.

The book begins by helping you understand how ransomware attacks work, identifying different attack vectors, and showing you how to build a secure network foundation and Windows environment. You'll then explore ransomware countermeasures in different segments, such as Identity and Access Management, networking, Endpoint Manager, cloud, and infrastructure, and learn how to protect against attacks. As you move forward, you'll get to grips with the forensics involved in making important considerations when your system is attacked or compromised with ransomware, the steps you should follow, and how you can monitor the threat landscape for future threats by exploring different online data sources and building processes.

By the end of this ransomware book, you'll have learned how configuration settings and scripts can be used to protect Windows from ransomware attacks with 50 tips on security settings to secure your Windows workload.

What you will learn

• Understand how ransomware has evolved into a larger threat
• Secure identity-based access using services like multifactor authentication
• Enrich data with threat intelligence and other external data sources
• Protect devices with Microsoft Defender and Network Protection
• Find out how to secure users in Active Directory and Azure Active Directory
• Secure your Windows endpoints using Endpoint Manager
• Design network architecture in Azure to reduce the risk of lateral movement

Who this book is for

This book is for Windows administrators, cloud administrators, CISOs, and blue team members looking to understand the ransomware problem, how attackers execute intrusions, and how you can use the techniques to counteract attacks. Security administrators who want more insights into how they can secure their environment will also find this book useful. Basic Windows and cloud experience is needed to understand the concepts in this book.

保護您的最終用戶和IT基礎架構免受常見的勒索軟體攻擊向量，並有效監控未來的威脅。

購買印刷版或Kindle書籍將包含一本免費的PDF電子書。

主要特點：

- 學習基於Microsoft 365和Sentinel的安全監控解決方案
- 了解零信任訪問和SASE服務如何幫助減輕風險
- 為Windows終端、電子郵件、基礎架構和雲服務建立安全基礎

書籍描述：

如果您正在尋找一種有效的方式來保護您的環境免受勒索軟體攻擊，那麼這本書就是為您而寫的。從教您如何監控安全威脅到建立對抗勒索軟體攻擊的對策，Windows勒索軟體檢測和保護全都涵蓋其中。

本書首先幫助您了解勒索軟體攻擊的工作原理，識別不同的攻擊向量，並向您展示如何建立安全的網絡基礎和Windows環境。然後，您將探索不同節段中的勒索軟體對策，例如身份和訪問管理、網絡、終端管理器、雲和基礎架構，並學習如何保護免受攻擊。隨著您的學習進展，您將瞭解在系統遭受勒索軟體攻擊或受到破壞時所涉及的取證工作，應該遵循的步驟，以及如何通過探索不同的在線數據來源並建立流程來監控未來威脅的威脅景觀。

通過閱讀本書，您將學習如何使用配置設置和腳本來保護Windows免受勒索軟體攻擊，並提供50個有關安全設置的提示，以保護您的Windows工作負載。

您將學到什麼：

- 了解勒索軟體如何演變成為更大的威脅
- 使用多因素身份驗證等服務來保護基於身份的訪問
- 使用威脅情報和其他外部數據來豐富數據
- 使用Microsoft Defender和網絡保護來保護設備
- 瞭解如何在Active Directory和Azure Active Directory中保護用戶
- 使用終端管理器保護Windows終端
- 在Azure中設計網絡架構以減少橫向移動的風險

本書適合Windows管理員、雲管理員、CISO和藍隊成員，他們希望瞭解勒索軟體問題，攻擊者如何執行入侵，以及如何使用技術對抗攻擊。希望獲得有關如何保護環境的更多見解的安全管理員也會發現本書有用。需要基本的Windows和雲經驗以理解本書中的概念。

1. Ransomware Attack Vectors and the Threat Landscape
2. Building a Secure Foundation
3. Security Monitoring using Microsoft Sentinel and Defender
4. Ransomware Countermeasures - Windows Endpoints, Identity, and SaaS
5. Ransomware Countermeasures – Microsoft Azure Workloads
6. Ransomware Countermeasures - Networking and Zero-Trust Access
7. Protecting Information Using Azure Information Protection and Data Protection
8. Ransomware Forensics
9. Monitoring the Threat Landscape
10. Best Practices for Protecting Windows from Ransomware Attacks

1. 勒索軟體攻擊向量與威脅景觀
2. 建立安全基礎
3. 使用 Microsoft Sentinel 和 Defender 進行安全監控
4. 勒索軟體對策 - Windows 端點、身份和 SaaS
5. 勒索軟體對策 - Microsoft Azure 工作負載
6. 勒索軟體對策 - 網路和零信任存取
7. 使用 Azure Information Protection 和資料保護保護資訊
8. 勒索軟體取證
9. 監控威脅景觀
10. 保護 Windows 免受勒索軟體攻擊的最佳實踐