SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsAs companies continue to embrace the cloud, attackers also have shifted their attack methods to target cloud infrastructure. A popular target in 2020 has been an identity-based compromise (Verizon, 2020). Azure Active Directory is the identity provider behind Office 365, Azure, and thousands of applications for 200,000 companies, processing 30 billion authentications a day (Microsoft Corporation, 2021). Reducing attacker dwell time for any infrastructure is one of the most fundamental ways to minimize a breach's scope and financial impact. This paper provides an investigation into the effects on attacker dwell time when leveraging Microsoft's Security Operation Guide for Azure Active Directory.