Category Archives : Security

17

Sep

Programmatically onboard and manage your subscriptions in Azure Security Center

This post was co-authored by Tiander Turpijn, Senior Program Manager.

Securing your Azure workloads has become easier with the release of Azure Security Center (ASC) official PowerShell Module!

Many organizations are looking to automate more tasks, as manual work is prone to human error and creates a potential for duplicative work. The need for automation is especially prevalent when it comes to large scale deployments that involve dozens of subscriptions with hundreds and thousands of resources – all of which must be secured from the beginning.

To streamline the security aspects of the DevOps lifecycle, ASC has recently released its official PowerShell module. This enables organizations to programmatically automate onboarding and management of their Azure resources in ASC and adding the necessary security controls.

This blog will focus on using PowerShell to onboard ASC. Future blog posts will demonstrate how you can use PowerShell to automate the management of your resources in ASC.

In this example, we will enable Security Center on a subscription with ID: d07c0080-170c-4c24-861d-9c817742786c and apply the recommended settings that provide a high level of protection, by implementing the standard tier of Security Center, which provides advanced threat protection and detection capabilities:

Set the ASC to standard.

12

Sep

Azure preparedness for Hurricane Florence
Azure preparedness for Hurricane Florence

As Hurricane Florence continues its journey to the mainland, our thoughts are with those in its path. Please stay safe. We’re actively monitoring Azure infrastructure in the region. We at Microsoft have taken all precautions to protect our customers and our people.

Our datacenters (US East, US East 2, and US Gov Virginia) have been reviewed internally and externally to ensure that we are prepared for this weather event. Our onsite teams are prepared to switch to generators if utility power is unavailable or unreliable. All our emergency operating procedures have been reviewed by our team members across the datacenters, and we are ensuring that our personnel have all necessary supplies throughout the event.

As a best practice, all customers should consider their disaster recovery plans and all mission-critical applications should be taking advantage of geo-replication.

Rest assured that Microsoft is focused on the readiness and safety of our teams, as well as our customers’ business interests that rely on our datacenters. 

You can reach our handle @AzureSupport on Twitter, we are online 24/7. Any business impact to customers will be communicated through Azure Service Health in Azure portal.

If there is any change to the situation, we will keep

12

Sep

Azure preparedness for weather events
Azure preparedness for weather events

As Hurricane Florence, and now Typhoon Mangkhut, continue their journey to the East Coast of the US and SE Asia respectively, our thoughts are with those in its path. Please stay safe. We’re actively monitoring Azure infrastructure in the region. We at Microsoft have taken all precautions to protect our customers and our people.

Our datacenters (US East, US East 2, US Gov Virginia, and East Asia) have been reviewed internally and externally to ensure that we are prepared for this weather event. Our onsite teams are prepared to switch to generators if utility power is unavailable or unreliable. All our emergency operating procedures have been reviewed by our team members across the datacenters, and we are ensuring that our personnel have all necessary supplies throughout the event.

As a best practice, all customers should consider their disaster recovery plans and all mission-critical applications should be taking advantage of geo-replication.

Rest assured that Microsoft is focused on the readiness and safety of our teams, as well as our customers’ business interests that rely on our datacenters. 

You can reach our handle @AzureSupport on Twitter, we are online 24/7. Any business impact to customers will be communicated through Azure Service Health in

12

Sep

How Security Center and Log Analytics can be used for Threat Hunting

Organizations today are constantly under attack. Azure Security Center (ASC) uses advanced analytics and global threat intelligence to detect malicious threats, and the new capabilities that our product team is adding everyday empower our customers to respond quickly to these threats.

However, just having great tools that alert about the threats and attacks is not enough. The reality is that no security tool can detect 100 percent of the attack. In addition, many of the tools that raise alerts are optimized for low false positive rates. Hence, they might miss some suspicious outlier activity in your environment which could have been flagged and investigated. This is something that Security Center and the Azure Log Analytics team understands. The product has built-in features that you can use to launch your investigations and hunting campaigns in addition to responding to alerts that it triggers.

In the real world, if you need to do threat hunting, there are several considerations that you should consider. You not only need a good analyst team, you need an even larger team of service engineers and administrators that worry about deploying an agent to collect the investigations related data, parsing them in a format where queries could

10

Sep

Learn how Key Vault is used to secure the Healthcare AI Blueprint
Learn how Key Vault is used to secure the Healthcare AI Blueprint

System security is a top priority for any healthcare organization. There are many types of security including physical, network, application, email and so on. This article covers the system security provided by Azure Key Vault. Specifically, we examine the Key Vault implementation used in the Azure Healthcare blueprint. The intent is to demonstrate how a Key Vault works by seeing it used with the blueprint.

Securing sensitive data in the real world

In a healthcare organization there are potentially dozens (or hundreds) of users that need access to sensitive data from diverse sources. Doctors, technicians, receptionists — some need access to just x-rays, some to payment schedules, and doctors need patient records. The matrix of users and data stores can be large. Managing so many permissions could be a nightmare. For dashboards or other user interfaces, permission needs to be granted to service accounts. For example, in machine learning a data scientist may need to query data from many data repositories to find correlations, and will need appropriate rights to those data stores.

In the blueprint, a Key Vault stores data like passwords and secrets that system users need access to things like databases and Machine Learning studio (MLS).

04

Sep

Save money on actuarial compute by retiring your on-premises HPC grids

No insurance company should keep on-premises compute grids for actuarial computing. In the past, resistance to the cloud went along these lines: the cloud has a lack of data security, the cloud is expensive, and no one has experience with the cloud. But those arguments are out of date. I have worked in and supported, compute grids at many different Insurance companies. Just before joining Microsoft, I led a project to move workloads to Azure and to decommission on-premises grids globally. At this point, all insurance companies see the increasing demand from growth in the number of policies processed, and new regulations that require changes to the actuarial and accounting systems. IFRS-17 requires changes to workflows, reporting and control throughout the actuarial and accounting process. Now is the time to move to a cloud-based solution on Azure.

Why wait to move to a cloud-based compute solution?

Over the years, I’ve worked in IT departments supporting actuaries, and in an actuarial department working with IT teams. I have seen three main blockers when moving to an all cloud-based solution. It always starts with the Business Information Security Officer (BISO) who has security and business continuity questions. Then the accounting, legal and

30

Aug

Two seconds to take a bite out of mobile bank fraud with Artificial Intelligence

The future of mobile banking is clear. People love their mobile devices and banks are making big investments to enhance their apps with digital features and capabilities. As mobile banking grows, so does the one aspect about it that can be wrenching for customers and banks, mobile device fraud. 

Problem: To implement near real-time fraud detection

Most mobile fraud occurs through a compromise called a SIM swap attack in which a mobile number is hacked. The phone number is cloned and the criminal receives all the text messages and calls sent to the victim’s mobile device. Then login credentials are obtained through social engineering, phishing, vishing, or an infected downloaded app. With this information, the criminal can impersonate a bank customer, register for mobile access, and immediately start to request fund transfers and withdrawals.

Artificial Intelligence (AI) models have the potential to dramatically improve fraud detection rates and detection times. One approach is described in the Mobile bank fraud solution guide.  It’s a behavioral-based AI approach and can be much more responsive to changing fraud patterns than rules-based or other approaches.

The solution: A pipeline that detects fraud in less than two seconds

Latency and response times are critical

22

Aug

Respond to threats faster with Security Center’s Confidence Score

Azure Security Center provides you with visibility across all your resources running in Azure and alerts you of potential or detected issues. The volume of alerts can be challenging for a security operations team to individually address. Due to the volume of alerts, security analysts have to prioritize which alerts they want to investigate. Investigating alerts can be complex and time consuming, so as a result, some alerts are ignored.

Security Center can help your team triage and prioritize alerts with a new capability called Confidence Score. The Confidence Score automatically investigates alerts by applying industry best practices, intelligent algorithms, and processes used by analysts to determine whether a threat is legitimate and provides you with meaningful insights.

How is the Azure Security Center Confidence Score triggered?

Alerts are generated due to detected suspicious processes running on your virtual machines. Security Center reviews and analyzes these alerts on Windows virtual machines running in Azure. It performs automated checks and correlations using advanced algorithms across multiple entities and data sources across the organization and all your Azure resources.

Results of Azure Security Center Confidence Score

The Confidence Score ranges between 1 to 100 and represents the confidence that the alert should

22

Aug

Reduce your exposure to brute force attacks from the virtual machine blade

Attackers commonly target open ports on Internet-facing virtual machines (VMs), spanning from port scanning to brute force and DDoS attacks. In case of a successful brute force attack, an attacker can compromise your VM and establish a foothold into your environment. Once an attacker is in your environment, he can profit from the compute of that machine or use its network access to perform lateral attacks on other networks.

One way to reduce exposure to an attack is to limit the amount of time that a port on your virtual machine is open. Ports only need to be open for a limited amount of time for you to perform management or maintenance tasks. Just-In-Time VM Access helps you control the time that the ports on your virtual machines are open. It leverages network security group (NSG) rules to enforce a secure configuration and access pattern.

Today we are excited to announce the public preview of configuring Just-In-Time VM Access from the virtual machine blade to make it even easier for you to reduce your exposure to threats.

In one simple click, a Just-In-Time VM access policy is applied to a VM. This will configure a policy that locks down

10

Aug

Enhance security and simplify network integration with Extension Host on Azure Stack

We are excited to share a new capability we are bringing to Azure Stack to further enhance the security posture and simplify network integration for our customers. Today, each Azure Service on Azure Stack adds functionality to the portal for its portal experience via a module called, a portal extension. Each of these portal extensions uses a separate network port. As the number of Azure services increases, so do the number of ports that must be opened on a firewall that supports Azure Stack.

Our customers told us we need to improve this this posture, and we’ve listened. We’re bringing the Extension Host solution to Azure Stack so only one port (443) is required to be opened. This solution is already available on Azure, allowing all requests to be funneled through one port, reducing the ports that need to be opened on the firewall, and allowing customers to communicate with these end points via proxy servers.

In its first release, the User and Admin portal default extensions have moved to this model, thereby reducing the number of ports from 27 to one. Over time, additional services such as the SQL and MySQL providers will also be changed to use the