da Agency

Announcing Azure SQL Database Threat Detection general availability coming in April 2017

Today we are happy to announce that Azure SQL Database Threat Detection will be generally available in April 2017. Through the course of the preview we optimized our offering and it has received 90% positive feedback from customers regarding the usefulness of SQL threat alerts. At general availability, SQL Database Threat Detection will cost of $15 / server / month. We invite you to try it out for 60 days for free.

What is Azure SQL Database Threat Detection?

Azure SQL Database Threat Detection provides an additional layer of security intelligence built into the Azure SQL Database service. It helps customers using Azure SQL Database to secure their databases within minutes without needing to be an expert in database security. It works around the clock to learn, profile and detect anomalous database activities indicating unusual and potentially harmful attempts to access or exploit databases.

How to use SQL Database Threat Detection

Just turn it ON – SQL Database Threat Detection is incredibly easy to enable. You simply switch on Threat Detection from the Auditing & Threat Detection configuration blade in the Azure portal, select the Azure storage account (where the SQL audit log will be saved) and configure at least one email address for receiving alerts.

Real-time actionable alerts – SQL Database Threat Detection runs multiple sets of algorithms which detect potential vulnerabilities and SQL injection attacks, as well as anomalous database access patterns (such as access from an unusual location or by an unfamiliar principal). Security officers or other designated administrators get email notification once a threat is detected on the database. Each notification provides details of the suspicious activity and recommends how to further investigate and mitigate the threat.

Live SQL security tile – SQL Database Threat Detection integrates its alerts with Azure Security Center. A live SQL security tile within the database blade in Azure portal tracks the status of active threats. Clicking on the SQL security tile launches the Azure Security Center alerts blade and provides an overview of active SQL threats detected on the database. Clicking on a specific alert provides additional details and actions for investigating and preventing similar threats in the future.

Investigate SQL threat – Each SQL Database Threat Detection email notification and Azure Security Center alert includes a direct link to the SQL audit log. Clicking on this link launches the Azure portal and opens the SQL audit records around the time of the event, making it easy to find the SQL statements that were executed (who accessed, what he did and when) and determine if the event was legitimate or malicious (e.g. application vulnerability to SQL injection was exploited, someone breached sensitive data, etc.).

Recent customer experiences using SQL Database Threat Detection

During our preview, many customers benefited from the enhanced security SQL Database Threat detection provides.

Case #1: Anomalous access from a new network to production database

Justin Windhorst, Head of IT North America at Archroma

“Archroma runs a custom built ERP/e-Commerce solution, consisting of more than 20 Web servers and 20 Databases using a multi-tier architecture, with Azure SQL Database at its core.  I love the built-in features that bring added value such as the enterprise level features: SQL Database Threat Detection (for security) and Geo Replication (for availability).  Case in point: With just a few clicks, we successfully enabled SQL Auditing and Threat Detection to ensure continuous monitoring occurred for all activities within our databases.  A few weeks later, we received an email alert that "Someone has logged on to our SQL server from an unusual location”. The alert was triggered as a result of unusual access from a new network to our production database for testing purposes.  Knowing that we have the power of Microsoft behind us that automatically brings to light anomalous such as these gives Archroma incredible peace of mind, and thus allows us to focus on delivering a better service.”

Case #2: Preventing SQL Injection attacks

Fernando Sola, Cloud Technology Consultant at HSI

“Thanks to Azure SQL Database Threat Detection, we were able to detect and fix vulnerabilities to SQL injection attacks and prevent potential threats to our database. I was very impressed with how simple it was to enable threat detection using the Azure portal. A while after enabling Azure SQL Database Threat Detection, we received an email notification about ‘An application generated a faulty SQL statement on our database, which may indicate a vulnerability of the application to SQL injection.’  The notification provided details of the suspicious activity and recommended actions how to observe and fix the faulty SQL statement in our application code using SQL Audit Log. The alert also pointed me to the Microsoft documentation that explained us how to fix an application code that is vulnerable to SQL injection attacks. SQL Database Threat Detection and Auditing help my team to secure our data in Azure SQL Database within minutes and with no need to be an expert in databases or security.”

Summary

We would like to thank all of you that provided feedback and shared experiences during the public preview. Your active participation validated that SQL Database Threat Detection provides an important layer of security built into the Azure SQL Database service to help secure databases without the need to be an expert in database security.

Click the following links for more information to:

Learn more about Azure SQL Database Threat Detection

Learn more about Azure SQL Database Auditing
Learn more about Azure SQL Database
Learn more about Azure Security Center

Quelle: Azure

da Agency

Preview the new enhancements to Azure Security Center

While the cloud may have initially raised some security concerns among enterprises, Microsoft is changing those dynamics. By tapping into the collective power of millions of cloud customers, Microsoft can help each customer more effectively defend against the increasing volume and sophistication of attacks. Azure Security Center has released a number of new capabilities that leverage this collective intelligence to not only detect threats, but also do a better job of preventing them.

Advanced cloud defenses  

Some traditional security controls deliver important protection from threats, but have proved to be too costly to configure and maintain. By applying prescriptive analytics to application and network data, learning the behavior of a machine or a group of machines, and combining these insights with broad cloud reputation, Azure Security Center empowers customers to realize the benefits of these controls without introducing any management overhead.

Application Whitelisting – Once compromised, an attacker will likely execute malicious code on a VM as they take action toward their objectives. Whitelisting legitimate applications helps block unknown and potentially malicious applications from running, but historically managing and maintaining these whitelists has been problematic. Azure Security Center can now automatically discover, recommend whitelisting policy for a group of machines and apply these settings to your Windows VMs using the built-in AppLocker feature. After applying the policy, Azure Security Center continues to monitor the configuration and suggests changes making it easier than ever before to leverage the powerful security benefits of application whitelisting.
Just-In-Time (JIT) Network Access to VMs – Attackers commonly target open network ports (RDP, SSH, etc.) with Brute Force attacks as a means to gain access to VMs running in the cloud. By only opening these ports for a limited time when needed to connect remotely to the VM, Azure Security Center can significantly reduce the attack surface and subsequently the risk that the VM will be compromised.

For an early preview, join the Azure Advisors community and then Azure Security Center Advisors group.

Advanced threat detection

Our security research and data science teams are constantly monitoring the threat landscape and adding new or enhancing current detection algorithms. Azure Security Center customers benefit from these innovations as algorithms are continuously released, validated, and tuned without the need to worry about keeping signatures up to date. Here are some of the most recent updates:

Harnessing the Power of Machine Learning – Azure Security Center has access to a vast amount of data about cloud network activity, which can be used to detect threats targeting your Azure deployments. For example:

Brute Force Detections – Machine learning is used to create a historical pattern of remote access attempts, which allows it to detect brute force attacks against SSH, RDP, and SQL ports. In the coming weeks, these capabilities will be expanded to also monitor for network brute force attempts targeting many applications and protocols, such as FTP, Telnet, SMTP, POP3, SQUID Proxy, MongoDB, Elastic Search, and VNC.
Outbound DDoS and Botnet Detection – A common objective of attacks targeting cloud resources is to use the compute power of these resources to execute other attacks. New detection algorithms are generally available in Azure Security Center, which clusters virtual machines together according to network traffic patterns and uses supervised classification techniques to determine if they are taking part in a DDoS attack. Also, in private preview are new analytics that detect if a virtual machine is part of a botnet. It works by joining network data (IPFIX) with passive DNS information to obtain a list of domains accessed by the VM and using them to detect malicious access patterns.

New Behavioral Analytics Servers and VMs – Once a server or virtual machine is compromised, attackers employ a wide variety of techniques to execute malicious code on that system while avoiding detection, ensuring persistence, and obviating security controls. Additional behavioral analytics are now generally available in Azure Security Center to help identify suspicious activity, such as process persistency in the registry, processes masquerading as system processes, and attempts to evade application whitelisting. In addition, new analytics have been released to public preview that are designed specifically for Windows Server 2016, for example activity related to SAM and admin account enumeration. Over the next few weeks, many of the behavioral analytics available for Windows VMs will be available for Linux VMs as well. Operations Management Suite Security users will also benefit from these new detections for non-Azure servers and VMs.
Azure SQL Database Threat Detection – Threat Detection for Azure SQL Database, which identifies anomalous database activities indicating unusual and potentially harmful attempts to access or exploit databases, announced upcoming general availability in April 2017. You can view alerts from SQL Database Threat Detection in Azure Security Center, along with additional details and actions for investigating and preventing similar threats in the future.

To take advantage of these and other advanced detection capabilities, select the Standard tier or free 90 Day Trial from the Pricing Tier blade in the Security Center Policy. Learn more about pricing.

Integrated partners   

Azure Security Center makes it easy for you to bring your trusted cloud security vendors with you to the cloud. Recent additions include:

Fortinet NGFW and Cisco ASA – In addition to solutions from Checkpoint and Barracuda, ASC now features integration with Fortinet and Cisco ASA next generation firewalls. ASC automatically discovers deployments where these solutions are recommended (based on the policy you set), streamlines deployment and monitoring, and integrates security alerts from these partner solutions – making it easier than ever to bring your trusted security solutions with you to the cloud.

Azure Security Center requires zero setup – simply open Security Center in the Azure Portal. Use the free version or upgrade to the 90 Day Trial to enable advanced prevention and threat detection.
Quelle: Azure

da Agency

Amazon Redshift now supports encrypting unloaded data using Amazon S3 server-side encryption with AWS KMS keys

The Amazon Redshift UNLOAD command now supports Amazon S3 server-side encryption using an AWS KMS key. The UNLOAD command unloads the results of a query to one or more files on Amazon S3. You can let Amazon Redshift automatically encrypt your data files using Amazon S3 server-side encryption, or you can specify a symmetric encryption key that you manage. With this release, you can use Amazon S3 server-side encryption with a key managed by AWS KMS. In addition, the COPY command loads Amazon S3 server-side encrypted data files without requiring you to provide the key. For more information, see COPY and UNLOAD in the Amazon Redshift Database Developer Guide.
Quelle: aws.amazon.com

da Agency

See the latest in multi-cloud management at InterConnect

I can’t wait for IBM InterConnect 2017, where we will preview the new hybrid cloud management platform we are building for our clients. Why? Read on.
More companies are investing in hybrid cloud strategies. Many businesses have a multi-cloud strategy. And that strategy must include a cloud management platform that agnostically manages any cloud so developers are empowered to innovate. And they need it soon. IDC predicts that by 2018, 65 percent of companies will have a management platform for self-service automation that powers developers.
It’s my belief that today, most cloud services are managed in workload and platform silos. That needs to change. It is imperative that companies embrace a holistic approach to cloud management for service reliability, cost, and accessibility. IT leaders need to treat all cloud services as if they are one unified environment, and eliminate the multiple and redundant tools used to manage the cloud.
That’s why at IBM InterConnect 2017, we will preview the new cloud management platform we are building for our clients. We’re planning to show a comprehensive, multi-cloud management solution for IT operations and developers. And with the cognitive capabilities of IBM Watson, we’ll show how to use operational analytics across multiple cloud providers to optimize and govern public and private clouds.

InterConnect will feature IT leaders who will share their automation and hybrid cloud successes and lessons learned. Here are just a few of the sessions and client stories at InterConnect:
Session #4610: How Royal KPN leveraged IBM cloud technologies for automation and insourcing of operations work

With cloud automation, Royal KPN cut significant amount of cost and improved service level agreements by delivering a standardized process to IT operations. Learn how they achieved quality and speed of service, with policy-based governance and controls in the process flows such as management approvals.
Session #7187: Hybrid cloud management: Trends, opportunities and IBM’s strategy

In this session, we will have analysts, IBM experts, and clients discuss multicloud management trends and directions along with real use cases and IBM’s role in shaping the future of cloud management.
Session #4593: IT as business in SwissRe: ITSM processes using BPM in IBM Cloud Orchestrator

Swiss Re automated and standardized internal IT processes to reduce delivery time and increase flexibility. Join Swizz Re to discover the growing importance of BPM as a business driver for IT to better harvest the benefits resulting from digital transformation.
There’s much more to explore. Join us at InterConnect and learn how you can manage complex, multicloud environments with ease using cloud agnostic managements tools, to reduce costs and improve your time-to-value. Our subject matter experts and executives will meet with business leaders. We’re also running a hands-on demo lab where attendees can see first-hand what the new cloud management platform looks like and how it applies to their job role.
Learn more about InterConnect and register today.
The post See the latest in multi-cloud management at InterConnect appeared first on #Cloud computing news.
Quelle: Thoughts on Cloud