European Commission reveals the initiation of three market investigations concerning cloud computing services under the landmark Digital Markets Act.
The post Europe Unleashes Cloud Market Investigations on AWS and Microsoft appeared first on TechRepublic.
Microsoft confirmed that Azure blocked a denial-of-service attack that involved more than 500,000 IP addresses spread across multiple regions.
The post Microsoft Azure Fends Off ‘Largest DDoS Attack Ever Observed in the Cloud’ appeared first on TechRepublic.
European Commission reveals the initiation of three market investigations concerning cloud computing services under the landmark Digital Markets Act.
The post Europe Unleashes Cloud Market Investigations on AWS and Microsoft appeared first on TechRepublic.
Microsoft confirmed that Azure blocked a denial-of-service attack that involved more than 500,000 IP addresses spread across multiple regions.
The post Microsoft Azure Fends Off ‘Largest DDoS Attack Ever Observed in the Cloud’ appeared first on TechRepublic.
Synack has recently joined the Microsoft Intelligent Security Association (MISA) and integrated with Microsoft Sentinel. This means that Microsoft Sentinel users can now easily access Synack’s global team of security experts for on demand testing of cloud assets. MISA is an ecosystem of independent software vendors and managed security providers who integrate their security solutions with Microsoft platforms and technology to increase visibility and minimize threats.
This announcement is only one component of this growing partnership and is a testament to the commitment both Synack and Microsoft have to providing flexible and scalable security solutions. Extending Microsoft’s security capabilities through partnerships and integrations like that with Synack, reduce cost and complexity for enterprises looking for end-to-end cloud security solutions.
Keeping your hybrid cloud safe and secure from cyber criminals is a daunting task. Hackers are constantly searching for vulnerabilities in your cloud that they can exploit to gain access. You need to be constantly vigilant and discover and resolve all the vulnerabilities in your system while they only need to find one to be successful in penetrating it to perpetrate their cybercrime activities.
To help you more effectively protect your network from cybercriminals, Synack is now providing integrations to two key Microsoft cloud security solutions: Microsoft Defender for Cloud and Microsoft Sentinel. Additionally, new cloud-oriented services are available through Synack Campaigns, which provide on-demand access to members of the Synack Red Team for completing targeted security objectives.
Microsoft Sentinel and Microsoft Defender for Cloud play a significant role in improving security operations. Microsoft Defender for Cloud provides recommendations, alerts and diagnostics to Microsoft Sentinel to provide better analytics and incident response. Microsoft Sentinel provides an overall picture of what is happening in your network taking in data from multiple sources to give security analysts a powerful tool to detect and respond to cyberattacks. Together these two solutions help provide seamless and effective security operations.
But there is a critical piece missing in this security view. You need to be able to validate misconfigurations and create attack vectors to search for and report exploitable vulnerabilities at the network layer as well as internally in your cloud. Synack, the premier security testing platform powered by the most skilled and trusted community of global security researchers provide continuous penetration testing and vulnerability discovery with actionable data and report the results to Microsoft Defender for Cloud and Microsoft Sentinel where the vulnerabilities can be investigated, analyzed, and resolved. You can run a one-time assessment, or sign up for continuous testing of your system.
When it comes to exploitable vulnerabilities in your cloud, time-to–resolution is critical. Synack’s new integrations to Microsoft Defender for Cloud and Microsoft Sentinel automatically sync the results of Synack vulnerability assessments to those security solutions to help decrease time-to-resolution. There is no need for human intervention or cumbersome transfer of information. You have all your vulnerability information in one place in screens that your security teams are used to working with.
With Synack’s new integration to Microsoft Defender for Cloud, customers can create a Synack Vulnerabilities custom workbook in Defender for Cloud. The Microsoft Defender for Cloud workbook displays the exploitable vulnerabilities discovered in the Synack vulnerability assessment along with a severity status and scoring. The data syncs automatically from the Synack Client Portal directly to Microsoft Defender for Cloud.
Similarly, Synack’s new integration to Microsoft Sentinel synchronizes vulnerability data from your Synack account to Microsoft Sentinel for further management and remediation. It automatically creates an incident in Microsoft Sentinel for each vulnerability and keeps the incident up-to-date with the latest changes in the vulnerability.
Syncing vulnerability results from Synack to Microsoft Defender for Cloud and Microsoft Sentinel puts all of your vulnerability information in one place in a format that Microsoft Azure users are accustomed to seeing. There’s no need to log into another tool or become familiar with another report format in order for security engineers and managers to determine the health and security of their networks. Security teams can take appropriate action and update vulnerability status right in the Microsoft tool.
This capability becomes even more critical as Synack continues to expand its Microsoft Azure-specific testing portfolio, including continuous testing for Microsoft Azure and the Microsoft Azure Security Benchmark Campaign.
You can choose the sync cadence, and you can visualize your vulnerability data using Microsoft Defender for Cloud’s graphs and charts. You’ll get a high-level overview of vulnerability information, such as status, and can track these changes over time. For any assessment, you can see the associated vulnerabilities, and for more detailed information, you can link directly to the full vulnerability info provided in the Synack Client Portal. Any new vulnerabilities will automatically sync and populate into Defender for Cloud and newly discovered vulnerabilities will automatically sync and populate incidents into Microsoft Sentinel where they become part of a holistic security view. Executives or anyone else who wants to see this vulnerability or incident information can do so in Microsoft Azure display screens.
Synack provides the custom Microsoft Azure Workbook with Synack Vulnerabilities data within your Microsoft Defender for Cloud. A backend application hosted on Synack premises provides a Custom Endpoint for the Workbook. Synack provides the default template for the Synack Vulnerabilities workbook. You can further modify the looks of your workbook, or use the endpoint to create new workbooks. It’s up to you how you want to view and manage the exploitable vulnerabilities.
Synack makes the integration easy. All you need to do is create a Synack API token and then deploy the Synack Workbook ARM template to Microsoft Defender of Cloud. After that you can access your workbook in Microsoft Defender for Cloud. Each time Synack performs a vulnerability assessment, the results will be displayed in the Microsoft Defender for Cloud workbook.
For Microsoft Sentinel, Synack provides a data connector to synchronize the vulnerability data from your Synack account. The data synchronization is performed by a Microsoft Azure Function that uses both Synack and Microsoft Sentinel APIs to pull the Synack data over to Microsoft Sentinel. Once you deploy the data connector you will start seeing new incidents in Microsoft Sentinel created from the Synack vulnerabilities. If the status of a Synack vulnerability changes, the status of the corresponding Microsoft Sentinel incident will be updated accordingly.
To help reduce time-to-resolution, Synack’s integrations to Microsoft Defender for Cloud and Microsoft Sentinel give you a holistic view of your network’s health and security posture encompassing all your exploitable vulnerability information, including the results of Synack penetration testing, in one place in familiar Azure screens.
Synack Campaigns provide on-demand access to the Synack Red Team for completion of targeted security tasks, augmenting internal teams while solving for the cybersecurity talent gap. The Azure Security Benchmark Infrastructure Campaign provides Synack researcher testing against Azure security controls. This Campaign will utilize a researcher with the right skills to provide a true adversarial perspective against your Azure services, and will validate your ASB status seen in Microsoft Defender for cloud.
For information on Synack’s partnership with Microsoft, learn more here.
The post Synack Strengthens Integration to Microsoft Azure to Help Protect Hybrid Clouds appeared first on Synack.
Microsoft Azure comes equipped with all the right security controls, but effective deployment and management of these controls is an ongoing process, driven by evolution and risk tolerance . Proper implementation of cloud rollouts and ongoing maintenance can be a challenge, even for large organizations, leading to a lack of protections such as least privilege for access controls. And attacks on the cloud appear to be growing. Verizon’s 2021 Data Breach Investigations Report found that “external cloud assets were more common than on-premises assets in both incidents and breaches.”
Security teams are left responsible for not only securing cloud assets, but also for ongoing cyber hygiene training and developing common sense policies to protect an organization’s assets. It can be an overwhelming task. Based on an increase in cloud misconfiguration vulnerabilities reported by the Synack Red Team in 2020, it is clear the existing solutions and frameworks are fragmented—leaving ample room for malicious exploits.
But now, finally, there is a better way!
By combining the power of Synack, the premier crowdsourced platform for on-demand security expertise, with Microsoft’s Azure Security Modernization (ASM) solution, enterprise and government organizations now have a scalable solution for cloud security planning, management, and improvement.
Per a Microsoft Blog Post from earlier this year, Microsoft Azure applications and infrastructure deployments have grown at leaps and bounds for nearly 20 years. In parallel, Microsoft has emerged as a cybersecurity leader—recently announcing a whopping $10 billion in revenue for its security business over the past 12 months. This represents more than 40 percent year-over-year growth (Vasu Jakkal, 2021). Microsoft security experts have deployed Microsoft services and solutions to secure 400,000 customers across 120 countries, including 90 of the Fortune 100. Integrations such as the one with Synack amplify Microsoft’s ability to continue to grow and innovate across all types of organizations.
Microsoft ASM solution helps its clients stay ahead of adversaries. It deploys a Microsoft Azure-centric, continuous approach to security (see chart below), led by Microsoft security experts, and powered by the Synack Platform. ASM includes a four-phase continuous security model: Plan, Develop, Deliver, and Measure which programs, implements, and tests Microsoft Azure security requirements and controls.
Synack’s unique combination of a continuous, crowdsourced platform and smart vulnerability detection technology makes the discovery of security vulnerabilities easy, fast, and actionable! Synack-found vulnerabilities are reported and fed into ASM’s “Measure” phase to enable future “Planning” phases with real-world security testing data. Synack’s controlled and 24/7 testing, alongside its Azure integrations, ensures the changing boundaries and assets of today’s dynamic environments are tested safely and comprehensively.
“Thanks to our integration with Synack, we can now go beyond reviewing security configurations against recommended practices to include real time scanning of an environment against known security vulnerabilities. This allows us to help our customers further reduce risk by having a more comprehensive and tailored remediation plan fit to their needs.” says Heath Aubin, Director of Business Program Management, Security Strategy and Solutions at Microsoft Corp.
Synack’s cloud integrations allow for quick deployment of a variety of pentesting methodologies within a Microsoft Azure environment based on an organization’s goals and requirements. The first is open vulnerability discovery to uncover and report exploitable issues within a Microsoft Azure environment. The second includes targeted, offensive assessments aligned to the Microsoft Azure Security Benchmark.
Synack designed these targeted tests alongside the ASM Solution Owners for an on-demand mechanism to quickly highlight areas of weakness within a Microsoft Azure environment.
Leveraging the integration between Synack and ASM customers can experience a comprehensive testing and mitigation sequence to support compliance, asset management and planning, and expert level insight into the security of their Azure assets.
To find out more, download our datasheet here.
The post Synack Partners with Microsoft to Help Customers Improve Their Microsoft Azure Security Posture appeared first on Synack.
Login