As the world comes together to combat COVID-19, and remote work becomes a critical capability for many companies, customers have asked us how to best maintain the security posture of their cloud assets while enabling more remote workers to access them.
Misconfiguration of cloud security controls has been at the root of several recent data breaches, so it’s extremely important to continue monitoring your security posture as usage of cloud assets increases.
To help you prioritize the actions that you need to take, we are listing three common scenarios for remote workers and how to leverage Azure Security Center security controls to prioritize relevant recommendations for these scenarios:
1. As more users need to access resources remotely, you need to ensure that Multi-Factor Authentication (MFA) is enabled to enhance their identity protection.
Azure Security Center has a security control called Enable MFA, ideally you should remediate all recommendations that are part of this security control, as shown below:
2. Some users might need remote access via RDP or SSH to servers that are in your Azure infrastructure.
Instead of allowing full 24 x 7 access to those servers, ensure that you are using Just-In-Time (JIT)
https://azure.microsoft.com/blog/fileless-attack-detection-for-linux-in-preview/This blog post was co-authored by Aditya Joshi, Senior Software Engineer, Enterprise Protection and Detection. Attackers are increasingly employing stealthier methods to avoid detection. Fileless attacks exploit software vulnerabilities, inject malicious payloads into benign system processes, and hide in memory. READ MORE
Today Microsoft Azure Sphere is generally available. Our mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. General availability is an important milestone for our team and for our customers, demonstrating that we are ready to fulfill our promise at scale. For Azure Sphere, this marks a few specific points in our development. First, our software and hardware have completed rigorous quality and security reviews. Second, our security service is ready to support organizations of any size. And third, our operations and security processes are in place and ready for scale. General availability means that we are ready to put the full power of Microsoft behind securing every Azure Sphere device.
The opportunity to release a brand-new product that addresses crucial and unmet needs is rare. Azure Sphere is truly unique, our product brings a new technology category to the Microsoft family, to the IoT market, and to the security landscape.
IoT innovation requires security
The International Data Corporation (IDC) estimates that by 2025 there will be 41.6 billion connected IoT devices. Put in perspective, that’s more than five times the number of people on earth today. When we consider why
This post was co-authored by Suren Jamiyanaa, Program Manager, Azure Networking
We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are excited to share several new Azure Firewall capabilities based on your top feedback items:
ICSA Labs Corporate Firewall Certification. Forced tunneling support now in preview. IP Groups now in preview. Customer configured SNAT private IP address ranges now generally available. High ports restriction relaxation now generally available.
Azure Firewall is a cloud native firewall as a service (FWaaS) offering that allows you to centrally govern and log all your traffic flows using a DevOps approach. The service supports both application and network level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.
ICSA Labs Corporate Firewall Certification
ICSA Labs is a leading vendor in third-party testing and certification of security and health IT products, as well as network-connected devices. They measure product compliance, reliability, and performance for most of the world’s top technology vendors.
Azure Firewall is the first cloud firewall service to attain
This post was co-authored by Yair Tor, Principal Program Manager, Azure Networking.
Last November we introduced Microsoft Azure Firewall Manager preview for Azure Firewall policy and route management in secured virtual hubs. This also included integration with key Security as a Service partners, Zscaler, iboss, and soon Check Point. These partners support branch to internet and virtual network to internet scenarios.
Today, we are extending Azure Firewall Manager preview to include automatic deployment and central security policy management for Azure Firewall in hub virtual networks.
Azure Firewall Manager preview is a network security management service that provides central security policy and route management for cloud-based security perimeters. It makes it easy for enterprise IT teams to centrally define network and application-level rules for traffic filtering across multiple Azure Firewall instances that spans different Azure regions and subscriptions in hub-and-spoke architectures for traffic governance and protection. In addition, it empowers DevOps for better agility with derived local firewall security policies that are implemented across organizations.
For more information see Azure Firewall Manager documentation.
Figure one – Azure Firewall Manger Getting Started page
Hub virtual networks and secured virtual hubs Azure Firewall Manager can provide security management for two
Today we’re pleased to publish Data Protection and Privacy Compliance in the Cloud: Privacy Concerns Are Not Slowing the Adoption of Cloud Services, but Challenges Remain, original research sponsored by Microsoft and independently conducted by the Ponemon Institute. The report concludes with a list of 10 recommended steps that organizations can take to address cloud privacy and security concerns, and in this blog, we have provided information about Azure services such as Azure Active Directory and Azure Key Vault that help address all 10 recommendations.
The research was undertaken to better understand how organizations undergo digital transformation while wrestling with the organizational impact of complying with such significant privacy regulations as the European Union’s General Data Protection Regulation (GDPR). The research explored the reasons organizations are migrating to the cloud, the security and privacy challenges they encounter in the cloud, and the steps they have taken to protect sensitive data and achieve compliance.
The survey of over 1,000 IT professionals in the US and EU found that privacy concerns are not slowing cloud adoption and that most privacy-related activities are easier in the cloud, while at the same time, most organizations don’t feel they have control and visibility they need to
We’ve released our newest Azure blueprint that maps to another key industry-standard, the Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark. This follows the recent announcement of our Azure blueprint for FedRAMP moderate and adds to the growing list of Azure blueprints for regulatory compliance, which now includes ISO 27001, NIST SP 800-53, PCI-DSS, UK OFFICIAL, UK NHS, and IRS 1075.
Azure Blueprints is a free service that enables cloud architects and central information technology groups to define a set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new trusted environments within organizational compliance requirements. Customers can apply the new CIS Microsoft Azure Foundations Benchmark blueprint to new subscriptions as well as existing environments.
CIS benchmarks are configuration baselines and best practices for securely configuring a system developed by CIS, a nonprofit entity whose mission is to ”identify, develop, validate, promote, and sustain best practice solutions for cyber defense.” A global community collaborates in a consensus-based process to develop these internationally recognized security standards for defending IT systems and data against cyberattacks. Used by thousands of businesses, they offer
Cryptocurrency mining attacks continue to represent a threat to many of our Azure Linux customers. In the past, we’ve talked about how some attackers use brute force techniques to guess account names and passwords and use those to gain access to machines. Today, we’re talking about an attack that a few of our customers have seen where a service is exploited to run the attackers code directly on the machine hosting the service.
This attack is interesting for several reasons. The attacker echoes in their scripts so we can see what they want to do, not just what executes on the machine. The scripts cover a wide range of possible services to exploit so they demonstrate how far the campaign can reach. Finally, because we have the scripts themselves, we can pull out good examples from the Lateral Movement, Defense Evasion, Persistence, and Objectives sections of the Linux MITRE ATT&CK Matrix and use those to talk about hunting on your own data.
For this attack, the first indication something is wrong in the audited logs is an echo command piping a base64 encoded command into base64 for decoding then piping into bash. Across our users, this first command
We are pleased to share that Azure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS). The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. Microsoft’s successful audit can also help enable Azure customers to build upon our certification and seek their own certification to more easily comply with an ever-increasing number of global privacy requirements.
Being the first major US cloud provider to achieve a PIMS certification is the latest in a series of privacy firsts for Azure, including being the first to achieve compliance with EU Model clauses. Microsoft was also the first major cloud provider to voluntarily extend the core data privacy rights included in the GDPR (General Data Protection Regulation) to customers around the world.
PIMS is built as an extension of the widely-used ISO/IEC 27001 standard for information security management, making the implementation of PIMS’s privacy information management system a helpful compliance extension for the many organizations that rely on ISO/IEC 27001, as well as creating a strong integration point
https://azure.microsoft.com/blog/new-azure-security-center-and-azure-platform-security-capabilities-2/At Microsoft Ignite we’re sharing the many new capabilities our teams have built to improve security with Azure Security Center and the Azure Platform. We have a long list of new innovations, and this blog provides our general direction and READ MORE