Hello and welcome to the Thursday, August 3rd edition of the Santonet Stormsendor's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Greek Diary from Brad today pointing your attention at Seek and Defender Endpoint.

In early this year, Microsoft announced that they'll be actively sort of supporting SEAC and

integrating it into Defender Endpoint.

Tom has a quick diary now showing you some of the capabilities you're gaining here.

If you're not familiar with SEAC, it's sort of a great behavioral analysis, network

intrusion detection system,

so it does focus on network traffic in modern networks with home users and such. It becomes

more and more difficult to actually collect great network logs. Now, this is exactly where

Seek fits in with Defender endpoint.

You can install it on your endpoints.

So even if users are working from home and such, collect the SEG network data

and then include it in your Hunts and Incent response,

which is exactly what Tom is talking about a bit here.

And imagine that we do have yet another remote unauthenticated API access vulnerability

in Ivanti's Mobile Iron Core.

Yesterday, I think it was just that I mentioned the second vulnerability, which was not really

all that severe. It was this arbitrary

file right vulnerability after you have admin access. Of course, for the last week or two,

we have had lots of stories about hosts getting compromised using the original unauthenticate

API access vulnerability.

...