RunAs Radio

Querying for Breaches with Mark Morowcyznski

Jan 29, 2025

Mark Morowczynski, a Principal Security Researcher at Microsoft and co-author of 'The Definitive Guide to KQL,' dives deep into the world of Kusto Query Language. He explains how KQL can transform log data into actionable insights for security monitoring. They discuss rising cybersecurity threats and the importance of practical improvements like phishing-resistant authentication. With examples from the book, Mark highlights querying techniques to spot unusual account activity and ensure operational excellence. Don't miss tips on harnessing data analytics for enhanced security!

34:07

Creator website

Episode guests

Mark Morowczynski

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Mastering Kusto Query Language (KQL) empowers IT professionals to transform raw data into actionable intelligence for enhanced security operations.

The podcast emphasizes the need for robust security measures, such as MFA and continuous improvement, to counter rising cybersecurity threats.

Deep dives

The Importance of KQL in Security Operations

Kusto Query Language (KQL) serves as a crucial tool in enhancing security operations within Microsoft environments. It allows users to query various data sources such as Azure and M365, enabling them to gather insights relevant to security incidents and system performance. For instance, KQL can be used to check whether conditional access policies are applied correctly, helping organizations identify gaps in their security measures. By mastering KQL, IT professionals can transform raw data into actionable intelligence, ultimately strengthening their security posture.

Intro

2min

Evolution of Technical Roles at Microsoft and Cybersecurity Collaboration

3min

Navigating Cybersecurity Challenges

13min

Harnessing the Power of Data Analytics with Microsoft Fabric

2min

Proactive Application Monitoring and Querying Techniques

11min

Unlocking the Power of KQL for Security Monitoring

3min

Do you Kusto? Richard talks to Mark Morowczynski about his new book, The Definitive Guide to KQL, and the power of Kusto to look across your Azure tenant and understand operational and security issues. Mark talks about being able to query across all log sets, telemetry, the M365 graph, and more - to help understand issues. The book provides example queries you could run today, including knowing the first and last time a user logged on and what devices they used. There are examples of calculating baseline behavior for an account so that you can see when unusual activity starts. There are a ton of excellent queries for operational excellence and cybersecurity - get started today! And for RunAs listeners, you can use code KUSTO to get 30% off the book!

Links

Recorded December 19, 2024

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

RunAs Radio

Querying for Breaches with Mark Morowcyznski

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of KQL in Security Operations

Evolution of Threat Actors and Security Challenges

Advancements in Preventive and Detective Security Controls

Kusto's Role in Operational Excellence

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

RunAs Radio

Querying for Breaches with Mark Morowcyznski

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of KQL in Security Operations

Evolution of Threat Actors and Security Challenges

Advancements in Preventive and Detective Security Controls

Kusto's Role in Operational Excellence

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights