Category Archives : Security

24

Sep

Azure HDInsight brings next generation Hadoop 3.0 and enterprise security to the cloud

MICROSOFT IGNITE, ORLANDO, Florida, September 24, 2018 – Earlier today, Microsoft Corporation announced its continuing support and commitment to enterprises seeking to use Hadoop for open source big data analytics in the cloud. Leading off the series of major upgrades to the Azure HDInsight service is the preview release of Hadoop 3.0, the transformational update to the Hadoop stack that enterprises have been waiting for since earlier this year. In addition, enterprises with strict security and compliance requirements will be able to secure their Azure HDInsight clusters using Enterprise Security Package. And there is something in this release for everybody! Spark developers will particularly like the series of innovations from Microsoft that will now allow them to quickly identify and resolve performance bottlenecks in their code.

We have been honored to be part of the open source analytics community,” said Ryan Waite, Director of Big Data Product Management. “We’re making open source analytics central to our product strategy, from our investments in HDInsight, to our participation in projects like YARN, to our shift to using open source analytics in our internal data lake. The rate of innovation in this space is only increasing with Hadoop 3.0. We are excited

Share

23

Sep

Strengthen security with key Azure innovations
Strengthen security with key Azure innovations

Cybersecurity can be challenging for many organizations. It doesn’t have to be. Migrating your workloads to the cloud can help achieve better security. Microsoft Azure provides you with a highly secure foundation to migrate your workloads to the cloud safely and help reduce infrastructure security costs. Azure also includes built-in security controls to enable defense in depth and unique threat intelligence across trillions of diverse signals from Microsoft services to help identify and protect against rapidly evolving threats. Many global companies like Merrill Corporation and Tenemos are accelerating their cloud adoption due to the security benefits that Microsoft Azure provides.

You can simplify security with the built-in controls available in Azure and integrate with your existing security tools through our partner solutions to gain defense in depth. These controls and services span across identity, networking, and data and even include services to help you protect against threats, manage your security posture, and secure your IoT devices. We have continued to invest in new capabilities in this area. These innovations across built-in controls and through partner integrations provide more flexibility and enhanced security that can extend from cloud to the edge. I am excited to share few capabilities and services that

Share

17

Sep

Programmatically onboard and manage your subscriptions in Azure Security Center

This post was co-authored by Tiander Turpijn, Senior Program Manager.

Securing your Azure workloads has become easier with the release of Azure Security Center (ASC) official PowerShell Module!

Many organizations are looking to automate more tasks, as manual work is prone to human error and creates a potential for duplicative work. The need for automation is especially prevalent when it comes to large scale deployments that involve dozens of subscriptions with hundreds and thousands of resources – all of which must be secured from the beginning.

To streamline the security aspects of the DevOps lifecycle, ASC has recently released its official PowerShell module. This enables organizations to programmatically automate onboarding and management of their Azure resources in ASC and adding the necessary security controls.

This blog will focus on using PowerShell to onboard ASC. Future blog posts will demonstrate how you can use PowerShell to automate the management of your resources in ASC.

In this example, we will enable Security Center on a subscription with ID: d07c0080-170c-4c24-861d-9c817742786c and apply the recommended settings that provide a high level of protection, by implementing the standard tier of Security Center, which provides advanced threat protection and detection capabilities:

Set the ASC to standard.

Share

12

Sep

Azure preparedness for Hurricane Florence
Azure preparedness for Hurricane Florence

As Hurricane Florence continues its journey to the mainland, our thoughts are with those in its path. Please stay safe. We’re actively monitoring Azure infrastructure in the region. We at Microsoft have taken all precautions to protect our customers and our people.

Our datacenters (US East, US East 2, and US Gov Virginia) have been reviewed internally and externally to ensure that we are prepared for this weather event. Our onsite teams are prepared to switch to generators if utility power is unavailable or unreliable. All our emergency operating procedures have been reviewed by our team members across the datacenters, and we are ensuring that our personnel have all necessary supplies throughout the event.

As a best practice, all customers should consider their disaster recovery plans and all mission-critical applications should be taking advantage of geo-replication.

Rest assured that Microsoft is focused on the readiness and safety of our teams, as well as our customers’ business interests that rely on our datacenters. 

You can reach our handle @AzureSupport on Twitter, we are online 24/7. Any business impact to customers will be communicated through Azure Service Health in Azure portal.

If there is any change to the situation, we will keep

Share

12

Sep

Azure preparedness for weather events
Azure preparedness for weather events

As Hurricane Florence, and now Typhoon Mangkhut, continue their journey to the East Coast of the US and SE Asia respectively, our thoughts are with those in its path. Please stay safe. We’re actively monitoring Azure infrastructure in the region. We at Microsoft have taken all precautions to protect our customers and our people.

Our datacenters (US East, US East 2, US Gov Virginia, and East Asia) have been reviewed internally and externally to ensure that we are prepared for this weather event. Our onsite teams are prepared to switch to generators if utility power is unavailable or unreliable. All our emergency operating procedures have been reviewed by our team members across the datacenters, and we are ensuring that our personnel have all necessary supplies throughout the event.

As a best practice, all customers should consider their disaster recovery plans and all mission-critical applications should be taking advantage of geo-replication.

Rest assured that Microsoft is focused on the readiness and safety of our teams, as well as our customers’ business interests that rely on our datacenters. 

You can reach our handle @AzureSupport on Twitter, we are online 24/7. Any business impact to customers will be communicated through Azure Service Health in

Share

12

Sep

How Security Center and Log Analytics can be used for Threat Hunting

Organizations today are constantly under attack. Azure Security Center (ASC) uses advanced analytics and global threat intelligence to detect malicious threats, and the new capabilities that our product team is adding everyday empower our customers to respond quickly to these threats.

However, just having great tools that alert about the threats and attacks is not enough. The reality is that no security tool can detect 100 percent of the attack. In addition, many of the tools that raise alerts are optimized for low false positive rates. Hence, they might miss some suspicious outlier activity in your environment which could have been flagged and investigated. This is something that Security Center and the Azure Log Analytics team understands. The product has built-in features that you can use to launch your investigations and hunting campaigns in addition to responding to alerts that it triggers.

In the real world, if you need to do threat hunting, there are several considerations that you should consider. You not only need a good analyst team, you need an even larger team of service engineers and administrators that worry about deploying an agent to collect the investigations related data, parsing them in a format where queries could

Share

10

Sep

Learn how Key Vault is used to secure the Healthcare AI Blueprint
Learn how Key Vault is used to secure the Healthcare AI Blueprint

System security is a top priority for any healthcare organization. There are many types of security including physical, network, application, email and so on. This article covers the system security provided by Azure Key Vault. Specifically, we examine the Key Vault implementation used in the Azure Healthcare blueprint. The intent is to demonstrate how a Key Vault works by seeing it used with the blueprint.

Securing sensitive data in the real world

In a healthcare organization there are potentially dozens (or hundreds) of users that need access to sensitive data from diverse sources. Doctors, technicians, receptionists — some need access to just x-rays, some to payment schedules, and doctors need patient records. The matrix of users and data stores can be large. Managing so many permissions could be a nightmare. For dashboards or other user interfaces, permission needs to be granted to service accounts. For example, in machine learning a data scientist may need to query data from many data repositories to find correlations, and will need appropriate rights to those data stores.

In the blueprint, a Key Vault stores data like passwords and secrets that system users need access to things like databases and Machine Learning studio (MLS).

Share

04

Sep

Save money on actuarial compute by retiring your on-premises HPC grids

No insurance company should keep on-premises compute grids for actuarial computing. In the past, resistance to the cloud went along these lines: the cloud has a lack of data security, the cloud is expensive, and no one has experience with the cloud. But those arguments are out of date. I have worked in and supported, compute grids at many different Insurance companies. Just before joining Microsoft, I led a project to move workloads to Azure and to decommission on-premises grids globally. At this point, all insurance companies see the increasing demand from growth in the number of policies processed, and new regulations that require changes to the actuarial and accounting systems. IFRS-17 requires changes to workflows, reporting and control throughout the actuarial and accounting process. Now is the time to move to a cloud-based solution on Azure.

Why wait to move to a cloud-based compute solution?

Over the years, I’ve worked in IT departments supporting actuaries, and in an actuarial department working with IT teams. I have seen three main blockers when moving to an all cloud-based solution. It always starts with the Business Information Security Officer (BISO) who has security and business continuity questions. Then the accounting, legal and

Share

30

Aug

Two seconds to take a bite out of mobile bank fraud with Artificial Intelligence

The future of mobile banking is clear. People love their mobile devices and banks are making big investments to enhance their apps with digital features and capabilities. As mobile banking grows, so does the one aspect about it that can be wrenching for customers and banks, mobile device fraud. 

Problem: To implement near real-time fraud detection

Most mobile fraud occurs through a compromise called a SIM swap attack in which a mobile number is hacked. The phone number is cloned and the criminal receives all the text messages and calls sent to the victim’s mobile device. Then login credentials are obtained through social engineering, phishing, vishing, or an infected downloaded app. With this information, the criminal can impersonate a bank customer, register for mobile access, and immediately start to request fund transfers and withdrawals.

Artificial Intelligence (AI) models have the potential to dramatically improve fraud detection rates and detection times. One approach is described in the Mobile bank fraud solution guide.  It’s a behavioral-based AI approach and can be much more responsive to changing fraud patterns than rules-based or other approaches.

The solution: A pipeline that detects fraud in less than two seconds

Latency and response times are critical

Share

22

Aug

Respond to threats faster with Security Center’s Confidence Score

Azure Security Center provides you with visibility across all your resources running in Azure and alerts you of potential or detected issues. The volume of alerts can be challenging for a security operations team to individually address. Due to the volume of alerts, security analysts have to prioritize which alerts they want to investigate. Investigating alerts can be complex and time consuming, so as a result, some alerts are ignored.

Security Center can help your team triage and prioritize alerts with a new capability called Confidence Score. The Confidence Score automatically investigates alerts by applying industry best practices, intelligent algorithms, and processes used by analysts to determine whether a threat is legitimate and provides you with meaningful insights.

How is the Azure Security Center Confidence Score triggered?

Alerts are generated due to detected suspicious processes running on your virtual machines. Security Center reviews and analyzes these alerts on Windows virtual machines running in Azure. It performs automated checks and correlations using advanced algorithms across multiple entities and data sources across the organization and all your Azure resources.

Results of Azure Security Center Confidence Score

The Confidence Score ranges between 1 to 100 and represents the confidence that the alert should

Share