Archive

Archive for the ‘cybersecuirty’ Category

Stay ahead of multi-cloud attacks with Azure Security Center

June 15th, 2020 No comments

The COVID-19 crisis has challenged just about every business on the planet to quickly adapt and transform. With massive workforces now remote, IT administrators and security professionals are under increased pressure to keep these workers connected and productive while combating evolving threats, many of which are taking advantage of the situation.

For example, in the process of monitoring 8 trillion daily signals from a range of Microsoft products, services, and feeds, the Microsoft security team has identified multiple COVID-19-themed email campaigns that deliver the powerful credential-stealing program Agent Tesla.

To learn how to defend against these threats and others, join me and Eric Doerr, General Manager of Microsoft Security Response Center, in our next Azure Security Experts Virtual Events Series, Stay Ahead of Attacks with Azure Security Center, on June 30, 2020, from 10:00 AM to 11:00 AM Pacific Time.

There, we’ll step through three strategies to help you lock down your environment:

  • Protect all cloud resources across cloud-native workloads, virtual machines, data services, containers, and IoT edge devices.
  • Strengthen your overall security posture with enhanced Azure Secure Score.
  • Connect Azure Security Center with Azure Sentinel for proactive hunting and threat mitigation with advanced querying and the power of AI.

You’ll see demos of Secure Score and other Security Center features, while Stuart Gregg, Security Operations Manager at global online fashion retailer ASOS shares how his organization has gained stronger threat protection by pairing these technologies with smarter security management practices.

You’ll have the opportunity to take deep dives into how to use Security Center to achieve hybrid and multi-cloud threat protection for:

  • Servers and virtual machines. Learn how to protect your Linux and Windows virtual machines (VMs) using new Security Center features Just-In-Time VM Access, adaptive network hardening, and adaptive application controls. You’ll learn, too, how Security Center works with Microsoft Defender Advanced Threat Protection for Servers to provide threat detection for endpoint servers.
  • Cloud-native workloads. You’ll learn how Security Center supports containers and provides vulnerability assessment.
  • Data services. Breakthroughs in big data and machine learning make it possible for Security Center to detect anomalous database access and query patterns, SQL injection attacks, and other threats targeting your SQL databases in Azure. Learn, too, about malware reputation screening for Azure Storage and threat protection for Azure Key Vault.

In just one hour, you’ll learn how to implement broad threat protection across all your cloud resources, improve your cloud security posture management, keep up with compliance requirements, and stay ahead of a constantly evolving threat landscape.

Register now >

How do I learn more about Azure security and connect with peers and security experts?

In staying ahead of evolving security threats, it’s helpful to stay connected to other security professionals. Here are several ways to do that:

Bookmark the Security blog to keep up with our expert coverage on security matters. Follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Stay ahead of multi-cloud attacks with Azure Security Center appeared first on Microsoft Security.

NERC CIP Compliance in Azure vs. Azure Government cloud

April 20th, 2020 No comments

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection (NERC CIP) Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data replicas across fault domains, active failover, quick deployment and pay for use benefits are now available for these NERC CIP workloads.

Good candidates include a range of predictive maintenance, asset management, planning, modelling and historian systems as well as evidence collection systems for NERC CIP compliance itself.

It’s often asked whether a utility must use Azure Government Cloud (“Azure Gov”) as opposed to Azure public cloud (“Azure”) to host their NERC CIP compliant workloads. The short answer is that both are an option.  There are several factors that bear on the choice.

U.S. utilities can use Azure and Azure Gov for NERC CIP workloads. Canadian utilities can use Azure.

There are some important differences that should be understood when choosing an Azure cloud for deployment.

Azure and Azure Gov are separate clouds, physically isolated from each other. They both offer U.S. regions. All data replication for both can be kept within the U.S.

Azure also offers two Canadian regions, one in Ontario and one in Quebec, with data stored exclusively in Canada.

Azure Gov is only available to verified U.S. federal, state, and local government entities, some partners and contractors. It has four regions: Virginia, Iowa, Arizona and Texas. Azure Gov is available to U.S.-based NERC Registered Entities.

We are working toward feature parity between Azure and Azure Gov. A comparison is provided here.

The security controls are the same for Azure and Azure Gov clouds. All U.S. Azure regions are now approved for FedRAMP High impact level.

Azure Gov provides additional assurances regarding U.S. government-specific background screening requirements. One of these is verification that Azure Gov operations personnel with potential access to Customer Data are U.S. persons. Azure Gov can also support customers subject to certain export controls laws and regulations. While not a NERC CIP requirement, this can impact U.S. utility customers.

Azure Table 1

Under NERC CIP-004, utilities are required to conduct background checks.

Microsoft U.S. Employee Background Screening

Microsoft US Employee Background Screening

Microsoft’s background checks for both Azure and Azure Gov exceed the requirements of CIP 004.

NERC is not prescriptive on the background check that a utility must conduct as part of its compliance policies.

A utility may have a U.S. citizenship requirement as part of its CIP-004 compliance policy which covers both its own staff and the operators of its cloud infrastructure. Thus, if a utility needs U.S. citizens operating its Microsoft cloud in order to meet its own CIP-004 compliance standards, it can use Azure Gov for this purpose.

A utility may have nuclear assets that subject it to U.S. Department of Energy export control requirements (DOE 10 CFR Part 810) on Unclassified Controlled Nuclear Information. This rule covers more than the export of nuclear technology outside the United States, it also covers the transmission of protected information or technology to foreign persons inside the U.S. (e.g., employees of the utility and employees of the utility’s cloud provider).

Since access to protected information could be necessary to facilitate a support request, this should be considered if the customer has DOE export control obligations. Though the NERC assets themselves may be non-nuclear, the utility’s policy set may extend to its entire fleet and workforce regardless of generation technology. Azure Gov, which requires that all its operators be U.S. citizens, would facilitate this requirement.

Azure makes the operational advantages, increased security and cost savings of the cloud available for many NERC CIP workloads. Microsoft provides Azure and Azure Gov clouds for our customers’ specific needs.  Microsoft continues its work with regulators to make our cloud available for more workloads, including those requiring compliance with NERC CIP standards. The utility (Registered Entity) is ultimately responsible for NERC CIP compliance and Microsoft continues to work with customers and partners to simplify the efforts to prepare for audits.

Thanks to Larry Cochrane and Stevan Vidich for their leadership on Microsoft’s NERC CIP compliance viewpoint and architecture. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity. To learn more about our Security solutions visit our website.

 

(c) 2020 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it. This document is not intended to communicate legal advice or a legal or regulatory compliance opinion. Each customer’s situation is unique, and legal and regulatory compliance should be assessed in consultation with their legal counsel.

The post NERC CIP Compliance in Azure vs. Azure Government cloud appeared first on Microsoft Security.