Episode 11

Inside Microsoft GHOST with Matt Zorich

Exploring Threat Hunting

In this episode of ThreatCast , Ru and Matt dive deep into the world of Microsoft GHOST, a specialised team focused on cybersecurity hunting within Microsoft. Matt explains the role of the DoD (Detection and Response Team), their work on incident response for customers dealing with ransomware and nation-state attacks, and how Microsoft telemetry plays a crucial role in detecting and mitigating threats.

Spotify

Overview

Together, they explore the challenges of securing a global enterprise like Microsoft, focusing on the detection and response landscape, adversary-in-the-middle attacks, and the growing role of AI in threat detection. Matt also offers unique insights into how companies can bolster their defenses by implementing multi-factor authentication (MFA) and securing core systems like Active Directory and Azure admin portals.

Matt’s expertise is rooted in his journey through Microsoft’s DoD (Detection and Response Team), and his contributions to KQL (Kusto Query Language), which are revolutionizing the way threats are hunted and neutralized across the Microsoft ecosystem.

What is covered?

  • Microsoft Ghost's Role in Cybersecurity: Learn how this dedicated internal team tackles advanced threats and adversary activity across the company and for its global customers.
  • Ransomware and Nation-State Attacks: Discover how Microsoft's detection teams are staying ahead of these highly targeted and complex cybersecurity threats.
  • Securing Critical Systems: Explore the importance of protecting Active Directory and enforcing mandatory MFA for better security across cloud environments.
  • AI’s Role in Threat Detection: Unpack how AI tools are reshaping security operations, the risks and benefits they bring, and how they can improve speed and efficiency without compromising data.
  • Building a Strong Security Strategy: Understand the importance of holistic security strategies that address the evolving nature of cyber threats, while focusing on continuous learning and adaptation.

Highlights