Blog

(Podcast) CISO Takeaways from the ATO H1 2024 Threat Report

Welcome to “Defend Your Time,” the podcast dedicated to helping you get stronger security, more value, and fewer headaches from your Microsoft security investments. In our latest episode, host Chris Taylor dives into the findings of the H1 2024 Threat Report from the Continuous Advanced Threat Operations (ATO) team. Joining him are security experts Zach Garcia and Dom De Vitto to discuss how these insights can help security leaders stay ahead of threats.

Understanding the Report

Broader Trends and Industry-Specific Insights

Zach emphasizes the importance of understanding broader trends and industry-specific threats. By leveraging the extensive data set from ATO’s managed XDR service, security leaders can identify gaps in their own environments and take proactive measures.

The Challenge of Patch Adoption

One of the key findings is the ongoing lag in vendor patch adoption. Despite the critical nature of patching, many organizations still struggle to keep up. Zach highlights that many high-scoring CVEs from 2023 are still being actively exploited. Dom adds that tools like Microsoft Defender can help identify and mitigate vulnerabilities, even those in unmanaged or shadow IT environments.

Addressing LOLSites

What Are LOLSites?

LOLSites exploit Microsoft-owned domains to bypass security controls, making them a significant concern. These sites can be difficult to block through technical means, requiring a focus on user training and awareness.

Training and Policy Enforcement

Zach and Dom discuss the importance of training users to recognize suspicious links and emails. Additionally, implementing policies to restrict access based on geographic locations or specific networks can help mitigate the risk of credential theft.

Conclusion

The H1 2024 Threat Report provides valuable insights for security leaders looking to strengthen their defenses. By understanding broader trends, addressing patch adoption challenges, and focusing on user training and policy enforcement, organizations can better protect themselves against evolving threats.

Stay tuned for more episodes of “Defend Your Time,” where we continue to bring you the latest in security insights and strategies.

Sharing
Article By

Advanced Threat Operations Team
Ontinue - ATO

Ontinue’s Advanced Threat Operations (ATO) team leverages proactive threat identification, analysis, and mitigation to empower our customers with the resilience needed to tackle the constantly evolving threat landscape.

Carlo Keay

Balazs Greksza

Domenico de Vitto