Microsoft Enhances Azure Cloud Security for Greater Visibility into Third-Party Access

Microsoft | May 25, 2020

  • Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services.

  • The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today.

  • Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts.


Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services. The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today. Azure Active Directory External Identities is an extension of Azure Active Directory to external identities. This allows Active Directory to secure and manage the identities of third parties that need access to corporate properties, including the range of Office 365 tools. This can provide greater visibility into who actually has access to an organization's applications and data. According to the company, it also will allow developers to build more user-centric experiences for external users and streamline how IT administrators manage directories and identities through Azure Active Directory.


Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts. This API allows organizations to actually get a score on the security posture of their environment. According to Microsoft, it will provide a more effective way to assess risk in the environment and prioritize actions to reduce it. This type of scoring can be very important for many reasons, said Doug Cahill, vice president and group director for cybersecurity at Enterprise Strategy Group."Because of the dynamic nature of cloud, staying on top of how your cloud services are configured is really important. You can inadvertently introduce configuration vulnerabilities. You can leave your infrastructure open to a variety of exploits if you're not regularly hardening your configuration," he said.



Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE
 

"Security to date has largely been treated as an afterthought," he said. "And now that lines of business are doing their own application development, it has become increasingly important to incorporate security at development time as well as build time and runtime."

~ Microsoft Say


It also helps address the confusion around who is actually responsible for configurations—the subscriber to cloud services or the cloud service provider. While Microsoft is not taking responsibility for updating configurations, this scoring capability does provide some visibility to subscribers on where they might have insecure configurations. Developers are the focus of the third announcement. Developers with a verified Microsoft Partner Network account can now mark apps "Publisher Verified." Through this capability, developers can essentially integrate a "publisher verified" stamp in the code, indicating that it is a legitimate piece of software.

” This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said.”


This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said. Along the same lines, Microsoft has announced more granular application consent controls for IT administrators. This allows administrators to create more detailed policies that specify exactly which users can consent to specific applications. In other words, Cahill said, it gives developers a way to create a "white list" for end users based on policy.Finally, Microsoft announced that its Authentication Library now supports additional platforms, including Angular (GA) and Microsoft .Identity.Web for ASP.NET Core. This essentially provides developers with more ways of authenticating access to applications they are building, Cahill explained. Attackers can exploit misconfigurations in hybrid networks composed of Azure Active Directory and Windows Active .


Directory servers to compromise synchronization servers, reveal user passwords, and create backdoors into corporate networks, security researchers from Synacktiv have revealed. The work, one of several similar research ventures conducted on Azure Active Directory security, underlines the need for security teams to learn to navigate the complexities of this fast-growing technology. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. The technology allows an organization’s employees to sign in and access resources in services like Microsoft Office 365, the Azure portal, and SaaS applications, along with internal resources and other cloud-based apps. There is, however, some confusion between Azure AD and Windows AD, the perhaps better-known directory service for centralized domain management.


Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS .
 

Spotlight

RSA’s Mike Brown on the NIST CSF & the RSA Cybersecurity Poverty Index. RSA’s Public Sector Leader, Mike Brown, describes the role of the NIST CSF in the RSA Cybersecurity Poverty Index, and specifically highlights how the CSF highlights cybersecurity risk exposure.

Spotlight

RSA’s Mike Brown on the NIST CSF & the RSA Cybersecurity Poverty Index. RSA’s Public Sector Leader, Mike Brown, describes the role of the NIST CSF in the RSA Cybersecurity Poverty Index, and specifically highlights how the CSF highlights cybersecurity risk exposure.

Related News

DATA SECURITY

Develop Launches New Expert-Level Cybersecurity Academy and Enhances Content

cyber attack, Network security, Mobile security, Computer security, Cyber warfare, Denial of service, Application security | November 11, 2020

Create, a web based learning stage that gives on-request courses to IT and business experts, has extended its library of profession centered substance with another Cybersecurity Academy. The Cybersecurity Academy adds to Develop's developing portfolio, which incorporates a Foundation Subscription, furnishing students with basic information over a wide scope of subjects, and Data Academy, which gives broad Data Science aptitudes and activities. Together, these memberships give experts a full scope of choices to fabricate future-fit aptitudes and discover their track to proficient development. The Cybersecurity courses are proposed for IT/Cybersecurity experts with 2+ long stretches of involvement and incorporates more than 40 hours of master drove online courses. Furthermore endorsers will profit by full admittance to a live practice lab climate alongside fulfillment declarations to archive their advancement, at a yearly membership cost of $399.99. At dispatch the Cybersecurity Academy incorporates: Security Policies with SELinux Secret key Policies Catalog and File Permissions Firewall Implementation Framework Auditing Design SAMBA and NFS As of late, the 2020 Skills and Salary Report created by Develop's accomplice Global Knowledge, mutual that network protection and distributed computing affirmations are related with the most noteworthy IT pay rates the world over. Why Linux Is Important To Cybersecurity Linux is the working framework utilized on most organization gadgets and security machines, including switches, firewalls, cutting edge firewall gadgets, bound together danger the executives passages, virtual private organization concentrators, interruption recognition frameworks, interruption insurance frameworks, security data and function the board apparatuses, remote passageway gadgets, and that's just the beginning. "The purpose of our Cybersecurity Academy is to enable professionals to gain practical knowledge in a hybrid training environment, first through the delivery of online course content, then reinforced with skill building, hands on training in a live environment," said Develop Head of Content, John McKeever. "Users will be trained on how to accurately configure a Linux OS and create a hardened secure environment for end users that need varying levels of access." Future augmentations to the Cybersecurity Academy will zero in on the Windows Domain and furthermore teach endorsers on entrance testing. About Develop Develop is an online learning platform that enables business and technology professionals to get ahead in our tech-driven world. By providing future-focused courses and knowledge checks, Develop's subscription service empowers members to take control of their careers on their terms.

Read More

DATA SECURITY

IBM to Expand Security Portfolio with Plans to Acquire ReaQta

IBM | November 03, 2021

IBM Security today announced an expansion of its cybersecurity threat detection and response capabilities with its plans to acquire ReaQta. ReaQta's endpoint security solutions are designed to leverage AI to automatically identify and manage threats, while remaining undetectable to adversaries. This move will expand IBM's capabilities in the extended detection and response (XDR) market, aligning with IBM's strategy to deliver security with an open approach that extends across disparate tools, data and hybrid cloud environments. As part of today's announcement, IBM also detailed a new suite of XDR offerings under the QRadar brand. IBM QRadar XDR helps security analysts break down the silos between the proliferation of point products in the industry – providing comprehensive visibility across security tools and data sources, whether in the cloud or on-premises, and equipping security teams with the insights and automation they need to act quickly. Upon closing, ReaQta's offerings will become part of this portfolio, adding expanded native XDR capabilities to IBM's security portfolio aimed at helping clients adopt continuous monitoring and rapid response as part of a zero trust approach. Companies today are struggling to secure increasingly dispersed IT environments, with the proliferation of devices, users, and technologies spreading across clouds and on-premises infrastructure. As a result, security events are becoming more difficult and costly to detect and contain, with data breaches costing over $4 million per incident and taking an average of 212 days to identify, according to the 2021 Cost of a Data Breach Report from IBM and Ponemon Institute. "Complexity has created a cloak that attackers are operating under, furthering their ability to circumvent defenders,The future of security is open, using technologies that can connect the security insights that are buried across disparate tools and advanced AI to identify and automatically respond to threats more quickly across their entire infrastructure, from endpoint to cloud. With our expanded capabilities via QRadar XDR and the planned addition of ReaQta, IBM is helping clients get ahead of attackers with the first XDR solution that reduces vendor lock-in via the use of open standards." Mary O'Brien, General Manager, IBM Security IBM Announces Intent to Acquire ReaQta IBM's planned acquisition of ReaQta further differentiates the company's portfolio of connected, open security tools to unify and speed response to security threats. ReaQta, whose primary business office is located in the Netherlands with headquarters in Singapore, will join the IBM Security business unit upon closing. ReaQta was built by an elite group of cybersecurity experts and researchers with AI and machine learning expertise and extensive backgrounds in security operations. Financial terms were not disclosed. The transaction is expected to close later this year, subject to customary closing conditions and required regulatory reviews. ReaQta's behavioral-based platform helps stop known and unknown threats in real-time and can be deployed in a hybrid model – on premise or in the cloud as well as air gapped environments. Through deep learning done natively on the endpoint the platform constantly improves on defining threat behavior tailored to each business per endpoint, allowing it to block any abnormal behavior. ReaQta's platform also leverages a unique 'Nano OS' that monitors the operating systems from the outside, helping to prevent interference by adversaries. "Our mission at ReaQta has been to better equip the defenders, who are tirelessly striving to stay ahead of cyber threats, with advanced technology to quickly identify and block new attacks," said Alberto Pelliccione, CEO at ReaQta. "Joining forces with IBM will enable us to enhance and scale our unique AI capabilities across all types of environments via a proven platform for threat detection and response." QRadar XDR Suite: Open, Connected Approach to XDR An evolution of the IBM QRadar security intelligence portfolio, IBM QRadar XDR is a suite of security software built on IBM's open, cloud-native security platform, Cloud Pak for Security. IBM QRadar XDR spans the core foundational capabilities of threat detection, investigation, and response to help organizations modernize their existing IT and security infrastructure. IBM is implementing an open connected approach to XDR, leveraging its commitment to open security and the Open Cybersecurity Alliance, as well as alliances and integrations with 200 plus cloud and security vendors, creating the industry's largest XDR ecosystem. The QRadar XDR suite also includes IBM native security technologies that customers can choose to leverage for Security Information and Event Management (SIEM), Network Detection and Response (NDR), and Security Orchestration Automation and Response (SOAR). Now with the addition of ReaQta, the QRadar XDR suite will also include an option for Endpoint Detection and Response (EDR), allowing IBM to provide native capabilities for all core XDR functions, while also providing clients the option to leverage existing investments and third-party tools across IBM's broad partner ecosystem. IBM QRadar XDR will also be designed to deliver more accurate alerts while helping reduce manual processes via pre-built detection and response automations. IBM QRadar XDR is also designed to be deployed by managed security service providers, including IBM and others. Connecting Existing Investments Building further on IBM's open approach to XDR, the company also introduced XDR Connect, which helps companies connect and automate threat detection and response across existing toolsets. Part of the QRadar XDR suite, XDR Connect provides a unified streamlined workflow for alert triage, investigation and threat hunting, automated root cause analysis, and response, by connecting to organizations' existing tools or IBM's own XDR technologies. XDR Connect offers a centralized management of security incidents with pre-defined detection and response rules via more than 30 open source, pre-built integrations, and data connectors. It also provides access to the latest threat intelligence insights and data from IBM and third parties. This unique approach allows companies to better capitalize on existing security investments, modernize with new security tools and data sources, and simplify their overall security operations with unified, AI-driven workflows designed for faster, streamlined response. About ReaQta ReaQta is a top-tiered AI Autonomous Detection & Response platform, built by an elite group of cyber security experts and AI/ML researchers. Built with advanced automated threat-hunting features, ReaQta allows organizations to eliminate the most advanced threats in real-time. As experts in AI and behavioral analysis, ReaQta's proprietary dual-AI engines provide organizations across all industries with autonomous, real-time and fully customizable endpoint security, minus the complexity. As a result of automation coupled with intuitive design, ReaQta's customers and partners benefit from performance improvements and are now able to manage and secure more endpoints without the need for highly skilled staff. About IBM Security IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide.

Read More

DATA SECURITY

Safe-T Acquires CyberKick, a Provider of Privacy Solutions and SaaS Security

Safe-T | July 07, 2021

Safe-T Group Ltd., a provider of secure access solutions and intelligent data collection, announced the acquisition of CyberKick Ltd. The closing of the transaction is anticipated next week, subject to assured customary closing situations, with delivering all mandatory documents and endorsements. Its cash concern will be funded with inner cash properties. CyberKick is a supplier of Software-as-a-Service (SaaS) security and privacy tools, intended to decrease users’ susceptibility to threats when making them stronger in their online action, to stop and protect against a broad range of cyber intimidations as well as to deliver consumers with control of their accounts and organization of access to complex data. The acquisition will accompaniment Safe-T’s safe access assortments for establishments with clarifications against recognized and unidentified threats and enlarge its footmark in the remote users’ cybersecurity marketplace. Conferring to unaudited consequences provided to Safe-T, the acquired business produced revenues of around $4.2 million in 2020 and was cost-effective. CyberKick’s confidentiality solution, which was lately launched and in a little time, previously purchased by thousands of end-users, lets users to achieve their online confidentiality with a influential, safe and encoded linking, providing harmless online browsing and keeping them harmless from hackers when using indiscreet Wi-Fi networks. iShield, CyberKicks’s security solution, is a protective online security tool that recognizes, removes, and helps avoid security and data threats that occur unknowingly to many users while browsing online. The solution provides strong, complete safety from online cyber-attacks such as phishing, ransomware, malware, data scams, identity theft, and viruses, all on the internet gateway contact level. By recognizing the dangers and blocking the gateway in advance, the solution secures consumers before any harm is done. About CyberKick CyberKick was built to fight that battle to make the internet a safer place for everyone. CyberKick has a talented and ambitious team of developers who work in harmony together with experienced product enthusiasts to complete its mission a reality. CyberKick’s products consist of two critical fields of cybersecurity are Online Cyber Security and Online Privacy Protection About Safe-T Group Ltd Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of access solutions and intelligent data collection. We also offer competent data collection cloud service based on our world’s fastest and most advanced & secured business proxy network, enabling clients to collect accurate, transparent, & sensitive data from public online sources.

Read More