Microsoft Enhances Azure Cloud Security for Greater Visibility into Third-Party Access

  • Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services.

  • The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today.

  • Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts.


Microsoft announced a slew of security enhancements this week, most focused on its Azure cloud services. The enhancements extend Azure Active Directory outside of the Microsoft world, demonstrating that Microsoft understands the hybrid and multi-cloud nature of most organizations today. Azure Active Directory External Identities is an extension of Azure Active Directory to external identities. This allows Active Directory to secure and manage the identities of third parties that need access to corporate properties, including the range of Office 365 tools. This can provide greater visibility into who actually has access to an organization's applications and data. According to the company, it also will allow developers to build more user-centric experiences for external users and streamline how IT administrators manage directories and identities through Azure Active Directory.


Azure Security Center also received some updates, including Secure Score API, a new way for users of Azure cloud services to improve risk assessment and prioritize threat alerts. This API allows organizations to actually get a score on the security posture of their environment. According to Microsoft, it will provide a more effective way to assess risk in the environment and prioritize actions to reduce it. This type of scoring can be very important for many reasons, said Doug Cahill, vice president and group director for cybersecurity at Enterprise Strategy Group."Because of the dynamic nature of cloud, staying on top of how your cloud services are configured is really important. You can inadvertently introduce configuration vulnerabilities. You can leave your infrastructure open to a variety of exploits if you're not regularly hardening your configuration," he said.



Learn more: LEVERAGING GREATER SOCIAL ENGAGEMENT FOR IMPROVED CYBER HYGIENE
 

"Security to date has largely been treated as an afterthought," he said. "And now that lines of business are doing their own application development, it has become increasingly important to incorporate security at development time as well as build time and runtime."

~ Microsoft Say


It also helps address the confusion around who is actually responsible for configurations—the subscriber to cloud services or the cloud service provider. While Microsoft is not taking responsibility for updating configurations, this scoring capability does provide some visibility to subscribers on where they might have insecure configurations. Developers are the focus of the third announcement. Developers with a verified Microsoft Partner Network account can now mark apps "Publisher Verified." Through this capability, developers can essentially integrate a "publisher verified" stamp in the code, indicating that it is a legitimate piece of software.

” This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said.”


This will allow organizations to better understand whether verified or unverified apps are being used, and enable them to configure consent policies based on publisher verification, Microsoft said. Along the same lines, Microsoft has announced more granular application consent controls for IT administrators. This allows administrators to create more detailed policies that specify exactly which users can consent to specific applications. In other words, Cahill said, it gives developers a way to create a "white list" for end users based on policy.Finally, Microsoft announced that its Authentication Library now supports additional platforms, including Angular (GA) and Microsoft .Identity.Web for ASP.NET Core. This essentially provides developers with more ways of authenticating access to applications they are building, Cahill explained. Attackers can exploit misconfigurations in hybrid networks composed of Azure Active Directory and Windows Active .


Directory servers to compromise synchronization servers, reveal user passwords, and create backdoors into corporate networks, security researchers from Synacktiv have revealed. The work, one of several similar research ventures conducted on Azure Active Directory security, underlines the need for security teams to learn to navigate the complexities of this fast-growing technology. Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service. The technology allows an organization’s employees to sign in and access resources in services like Microsoft Office 365, the Azure portal, and SaaS applications, along with internal resources and other cloud-based apps. There is, however, some confusion between Azure AD and Windows AD, the perhaps better-known directory service for centralized domain management.


Learn more: GOOGLE AND KPMG SECURITY EXPERTS SHARE THEIR INSIGHTS ON COVID-19 RELATED CYBER SCAMS .
 

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va


Other News
Cloud Security

Checkmarx Announces Technology Partner Program to Enable the Industry's Most Extensible, Code-to-Cloud Enterprise AppSec Ecosystem

PR Newswire | October 19, 2023

Checkmarx, the industry leader in cloud-native application security for the enterprise, today announced its Checkmarx Technology Partner program, enabling organizations to easily extend the leading AppSec platform with a wide range of technology partner capabilities. The combination of best-of-breed technology partners with the leading enterprise AppSec platform helps organizations shift everywhere, from code to cloud, with a unified AppSec posture integrated into the software development life cycle (SDLC). Checkmarx' Technology Partner Program helps organizations simplify management across their AppSec programs, get more value out of existing AppSec solutions and drive better security outcomes. Providing broad support for greater AppSec maturity throughout the entire SDLC, the Checkmarx Technology Partner program enables partners and their customers to centralize and simplify discovery in these key areas through Checkmarx One: Vulnerability and risk management systems: Aggregate, normalize and prioritize vulnerabilities and risks with a unified, holistic view with partners like ArmorCode, Brinqa and ServiceNow. SDLC tools: Integrate AppSec at all stages of the software development lifecycle within the environments and tools used daily by analysts, developers and testers with partners like GitLab, JetBrains and Security Compass. Cloud and runtime security: Match cloud assets at runtime with application source code projects so that vulnerabilities found in the developer source code are enriched with runtime context, and runtime cloud security inventories are enriched with AppSec findings – all possible through partners like AWS, Cisco Panoptica and Sysdig. Emerging technologies: Work with the most innovative startups and technologies including AI and GenAI to shape tomorrow's AppSec solutions landscape with partners like Mobb.ai. Expanding this ecosystem simplifies the process of mitigating AppSec risk for our partners' customers, making their applications exponentially more secure during a time of escalating threats, said Kobi Tzruya, Chief Research and Development Officer at Checkmarx. From protecting AI-generated code to helping build trust between developers and security teams, Checkmarx One is already the AI-driven, enterprise-ready AppSec platform of choice. Now working with other leading technology companies to meet the need for streamlined, consolidated solutions will make life easier and applications safer for everyone. Checkmarx recently announced Sysdig as its latest technology partner, bringing runtime container insights into Checkmarx One so organizations can prioritize vulnerabilities associated with container packages that are actually running and that pose the most risk. "The top application security vendors have a responsibility to team up to provide more robust and complete solutions for the world's enterprises," said Bryan Smoltz, VP of Technology Alliances at Sysdig. "By delivering runtime insights within Checkmarx One, customers have clear visibility into the workloads that are running in production so they can make better-informed security decisions. Together, we're helping to bring maximum protection at cloud speed." Technology partners also benefit from the program with new marketing and sales opportunities, and by making their solution readily accessible to Checkmarx' more than 1,800 customers, including 60% of the Fortune 100. The Checkmarx One platform scans more than 100 billion lines of code monthly and its world-renowned Checkmarx Labs security research team provides ongoing threat intelligence to inform product development and to advise customers of their best defenses in today's threat landscape. For more information about becoming a Checkmarx Technology Partner, visit this page. Click here to explore the Checkmarx One partnership ecosystem. About Checkmarx Checkmarx is the enterprise application security leader and the provider of Checkmarx One™, the industry-leading cloud-native AppSec platform that helps enterprises build #DevSecTrust. Powered by the intelligence from our industry-leading AppSec security research team, and our AI-driven technology and services, our platform is designed to enable CISOs, AppSec and development leaders to prioritize their teams' focus on what impacts their business. Our offerings secure every phase of development for every application, from the very first line of code through production, while simultaneously balancing the dynamic needs of security and development teams. It's no longer just about shifting left or right - it's about shifting everywhere. We are honored to serve more than 1,800 customers, which includes 60 percent of all Fortune 100 organizations. We are committed to moving forward with unwavering dedication to the safety and security of our customers, and the applications that power our day-to-day lives. Checkmarx. Make Shift Happen.

Read More

Cloud Security

SafeGuard Cyber Launches Contextual-AI Powered Platform to Investigate and Remediate Unmonitored Communications in Minutes

Business Wire | October 06, 2023

SafeGuard Cyber today launched the next generation of its industry-leading integrated cloud communications security and compliance platform to investigate and remediate unmonitored communications in minutes. Powered by Contextual AI, the FirstSight platform alerts security teams to high frequency and costly attacks such as credential theft, impersonation, phishing, malware, policy violations, and insider threats across the expanding communication attack surface. FirstSight protects business communications and manages risk across email, collaboration, conferencing, messaging and social channels. The platform enables security and compliance teams to have visibility across all employee communications, while maintaining privacy, to keep organizations secure and compliant. FirstSight detects threats and policy violations, provides actionable evidential data to analysts, understands the threats potential magnitude of impact to an organization, and helps analysts make informed responses to communication threats wherever they exist. Hackers are using AI to mount more automated, aggressive, and coordinated language-based attacks across multiple communication channels, making it challenging for today’s resource-constrained security teams to respond to every detected threat, said Chris Lehman, CEO, SafeGuard Cyber. The key to a better defense is to prioritize remediation efforts based on the potential damage each threat could cause. With the most advanced threat impact analysis capabilities in messaging security, SafeGuard Cyber FirstSight is a game-changer for security teams to respond to the most impactful threats across business communication channels. FirstSight protects employees wherever they are communicating while maintaining their privacy through fine-grained access controls and workflow optimizations. Key capabilities of the platform include: Unified Visibility: The only platform on the market to provide unified visibility across the entire communications attack surface, eliminating visibility gaps and saving security and compliance teams time and money by replacing siloed solutions. With deep visibility into communication channels – from Microsoft 365 email to Slack, Teams, Zoom, Telegram, and WhatsApp – security teams can detect and investigate risks in a centralized view. Contextual AI: Built on an ontological architecture that utilizes LLMs, behavioral analysis, social knowledge graphs, and generative AI, FirstSight incorporates domain-specific knowledge about the customer's enterprise. This, combined with understanding the relationships between threats, vulnerabilities, and available countermeasures, enables customers to react more quickly and effectively to threats. Threat Impact Analysis: Provides threat risk score, categories of potential impact – such as financial, business disruption, brand damage, data loss, and data theft – and suggested actions for remediation. With the platform’s threat impact capabilities, resource-constrained organizations can effectively prioritize remediation of the most significant risks to a business and make informed responses to multi-channel threats. About SafeGuard Cyber SafeGuard Cyber’s industry-leading integrated cloud communications security and compliance platform empowers organizations to proactively mitigate regulatory policy violations and threats such as credential theft, phishing, and insider threats across email, mobile, and web messaging apps, collaboration apps, and social platforms. Powered by contextual AI and built on an ontological architecture, the SafeGuard Cyber Platform utilizes LLMs, behavioral analysis, social knowledge graphs, and generative AI to enable security and compliance teams to have visibility across all employee communications, detect attacks, review evidential data, understand the magnitude of impact, and make informed responses to threats. SafeGuard Cyber is the only platform to provide unified visibility across the entire communication attack surface.

Read More

API Security

Data Theorem Introduces Industry’s First CNAPP Workflow Optimizations for Attack Path Analysis and Protection of APIs and Software Supply Chains

Business Wire | October 25, 2023

Data Theorem, Inc., a leading provider of modern application security, today introduced an industry-first attack path analysis of APIs and software supply chain exploits to its Cloud-Native Application Protection Platform (CNAPP) called Cloud Secure. The new release includes machine learning (ML)-based hacker toolkits and improved visualizations that boost discovery of potential data breaches in first-party APIs and third-party software supply chain assets hosted in multi-cloud environments. As a result of today’s launch, organizations can now leverage an advanced ML-based CNAPP solution to best secure their cloud-native apps and discover weaknesses which could lead to data breaches. Previously, organizations had to rely on cloud security posture management (CSPM) and agent-based cloud workload protection platforms (CWPP) that lack the ability to accurately detect attack surfaces such as first- and third-party APIs that lead to the critical path hackers utilize to successfully exploit vulnerabilities and extract sensitive data. Data Theorem’s new release of Cloud Secure now delivers Cloud Hacker Toolkits powered by a new set of visualization features and ML enhancements for exploit prioritization, helping organizations focus on the most critical vulnerabilities that hackers can take advantage of for a cyberattack to extract data from cloud-native apps. In addition, Cloud Secure now offers ML-powered optimized Cloud Assets inventory with new visualizations for organizations to better understand the relationships between applications (mobile and web), APIs (first and third party), and the myriad of cloud resources. As a result, organizations for the first time can have an accurate inventory of their cloud-native and cloud-hosted applications, and visualize the growing attack surfaces including APIs they develop themselves and APIs that come from leveraging open-source software, third-party software development kits (SDKs), and public cloud services within their software supply chains. As we have seen, machine learning, and particularly generative language learning model (LLM), offers a new set of innovations and creativity for both security practitioners and attackers, said Doug Dooley, Data Theorem COO. Data Theorem is pleased to offer the industry’s first CNAPP solution which leverages some of the more useful elements of machine learning combined with run-time analysis, observability, and active protection. Cloud Secure continues to lead the industry as the most application-centric CNAPP offering helping organizations uncover new attack vectors in cloud-native applications and APIs that ultimately prevent large-scale data breaches. ML-powered Hacker Tool Kits and Optimized Cloud Assets, in addition to Cloud Secure’s other advancements in this new release, uniquely protect organizations’ cloud applications in multi-cloud environments. Cloud Secure now also offers a new UI design that improves the end-to-end CNAPP workflow for organizations with new dashboard, inventory, security testing, and cloud-native protection sections. For example, the Cloud-Native Protection visualization graph with Cloud Abuse highlights priority events, actors, and attack path analysis that uniquely helps organizations diagnose near real-time data breaches and attempts at exfiltration attacks. In addition, Cloud Secure’s Enhanced Compliance Summary section with status and on-demand reporting downloads automates the audit processes to help organizations prove compliance. Cloud Secure, powered by Data Theorem’s award-winning Analyzer Engine, helps organizations secure their cloud-native applications and address regulatory compliance for cloud monitoring and reporting. It is the industry’s first solution delivering full-stack attack path analysis for cloud-native applications that starts at the client layer (mobile and web), protects the network layer (APIs), and extends down through the underlying infrastructure (cloud services). Its combination of attack path analysis and run-time active protections enables both offensive and defensive security capabilities to best prevent data breaches of cloud-native applications, embedded APIs, and serverless cloud functions. Data Theorem’s broad AppSec portfolio protects organizations from data breaches with application security testing and protection for modern web frameworks, API-driven microservices and cloud resources. Its solutions are powered by its award-winning Analyzer Engine which leverages a new type of dynamic and runtime analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation. Data Theorem is one of the first vendors to provide a full stack application security analyzer that connects attack surfaces of applications starting at the client layers found in mobile and web, the network layers found in APIs, and the infrastructure layers found in cloud services. About Data Theorem Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif., with offices in New York and Paris. For more information visit www.datatheorem.com.

Read More

Data Security

Canadian Federal Government Choose Netskope as Preferred Vendor

Netskope | September 11, 2023

Netskope, an industry-leading secure access service edge (SASE) provider, has announced that it has been chosen as the preferred cloud access security broker vendor for the Canadian Federal Government under the cybersecurity procurement vehicle (CSPV) of Shared Services Canada (SSC). The objective of the SSC cloud access security broker CSPV is to provide government users with secure access to cloud-based applications, including all software-as-a-service (SaaS) applications, regardless of their location. The Government of Canada (GC) selected Netskope after a competitive bidding process for a commercially available cloud access security broker service to fulfill its business requirements across various government organizations and agencies. The cloud access security broker service aims to facilitate the continued adoption, utilization, and delivery of SaaS cloud services by GC departments. The cloud access security broker service will improve the security posture of GC applications, services, and data as they are migrated to public cloud environments, permitting complete visibility and monitoring of GC cloud environments to detect, prevent, and respond rapidly to cyber threats; and ensuring the privacy, confidentiality, and protection of GC data in accordance with GC policies. As an integral part of Netskope Intelligent Security Service Edge (SSE), Netskope's market-leading cloud access security broker enables agencies to detect and manage the usage of cloud applications rapidly, irrespective of whether they are managed or unmanaged, and safeguard sensitive data from being stolen by malicious cybercriminals or risky insiders who have compromised the technology environment. A cloud access security broker is a cloud-based or on-premises security policy enforcement point situated between cloud service providers and consumers to combine and insert enterprise security policies when cloud-based resources are accessed. With a cloud access security broker solution, agencies can manage the unintentional or unauthorized transfer of sensitive data between cloud application instances while expediting security workflows with simple policy controls and incident response management. Paul Tanasi, Federal Regional Manager, Netskope, said, With the hybrid workforce becoming the new normal, Canadian government departments and agencies are relying more and more on giving their users direct-to-cloud access to SaaS applications and to web applications in general. [Source – Cision PR Newswire] Paul Tanasi further mentioned that there is a requirement to ensure these users' security and regain some of the visibility and control they were accustomed to when everyone worked from the office. A solution is required to tackle risks associated with cloud services, enforce security policies, and adhere to regulations, mainly when dealing with cloud services that are located outside their network perimeter and beyond their direct control. Netskope's CASB solution would offer the capability to adopt cloud applications and services confidently without compromising security or performance. About Netskope Netskope, an industry leader in SASE, assists organizations in implementing zero trust principles and AI/ML innovations to safeguard data and defend against cyber threats. The company's platform offers optimized access and real-time security for devices, people, and data, regardless of their location. Netskope assists customers in mitigating risk, accelerating application performance, and gaining unparalleled visibility into cloud, web, and private application activity. Thousands of clients rely on Netskope and its robust NewEdge network to combat evolving threats, technology shifts, new risks, organizational and network changes, and others.

Read More

Spotlight

Cyber attacks are increasing in volume, sophistication, and severity, and the federal government has taken notice. Now, they’re taking action — most recently in the form of new cybersecurity rules from the Securities and Exchange Commission. In “11 Ways to Streamline SEC Cybersecurity Compliance with Risk Cloud,” we explore a va

Resources