For as long as it has been in development inside the science labs of the universities, corporations and government agencies, quantum computing has been considered the next frontier in cybersecurity. Quantum computers are machines that do not work with classical electrical on and off-states but instead rely on quantum states that can be in several states at once, a circumstance known as „superposition(1)“. While they are still in their very infancy, their capabilities have been mystified over and over and it’s probably fair to say that quantum computing is one of the most misunderstood technological advancements of our day and age.
Within the ongoing arms race in the perimeter of information security, artificial intelligence and machine learning are two of the most promising innovations.
While AI in common „personal assistants“, like those developed by Amazon, Alibaba and Google has recently reached levels at which it can convincingly make phone calls on behalf of their users, the capabilities of AI in the hands of defenders, as well as attackers, will likely evolve from buzzword to technology of significant importance over the next years.
On the defensive side, artificial intelligence powered intrusion detection will deliver the ability to pick up on anomalies within an organizations network or perimeters and raise alerts or even countermeasures much quicker than would be possible for any human security team. AI technologies supreme and literally superhumanly quick pattern recognition capabilities enable it to consistently collect intelligence regarding new threats, attempted attacks, acceptable user behaviour and constantly evolve its knowledge. This does allow AI-powered intrusion detection mechanism to find the proverbial needle in the haystack (and react to it) much faster and more concise than classical signature-based intrusion detection systems or a human security analyst.
This does have a flip-side, of course: The same AI capabilities could be used to learn about specific defences and normal user behaviour pattern in an organization and mask the malicious behaviour so it will not be recognized by classical intrusion detection systems or human onlookers.
In today’s interconnected cloud-first, mobile world, securing your online apps and services is vital. However, building secure solutions which deliver value in today’s complex and regulated environment can be a challenge. With information essentially becoming the currency of the digital age, the creation of multiple compliance regulations has forced organizations to implement technical security measures to protect their online systems and customers. Meeting these compliance requirements can be challenging, especially if you are leveraging the benefits of the cloud. Not only do you need to build and configure your apps and services securely, but you also need to ensure your chosen cloud provider meets any necessary compliance requirements.
Compliance in the Cloud Compliance Is a Shared Responsibility
On Azure, Microsoft is responsible for meeting the compliance requirements for its platform while you are responsible for any compliance measures which relate to your cloud service.
With more certifications than any other cloud service provider, Azure meets a broad set of international as well as industry-specific compliance standards. These include the GDPR, ISO 27001, HIPAA, SOC, among others. Microsoft also conducts regular comprehensive audits to ensure it maintains these standards and adheres to the security controls needed.
However, as stated, ensuring your services that are running on Azure meet compliance requirements is your responsibility. Thankfully Microsoft Azure provides a few tools which can help you secure your cloud services and meet the necessary compliance standards.
It leverages a combination of trusted execution environments, advanced cryptography and innovative blockchain-focused consensus mechanisms to enable new ways of utilizing the blockchain. Coco stands for Confidential Consortium.
If you want a deeper dive, I suggest you check out the Coco Framework whitepaper, here.
Additionally, Microsoft offers BaaS (Blockchain-as-a-service) and was chosen by Bankchain which is a platform for banks that want to implement blockchain technology; members include State Bank of India, ICICI Bank, DCB Bank, Kotak Mahindra Bank, Federal Bank, Deutsche Bank and UAE Exchange.
Over the last few years, cloud computing has been the buzz. Cloud computing services offer an infrastructure that is highly scalable and supports high-performance computing. With high adoption by businesses of all sizes. Development and deployment of applications within the cloud platform are easy and time to market is done in a fraction of the time.
Artificial intelligence is not a new technology. It has been here for a long time and has helped develop computers and software that perform tasks that are associated with intelligence. Machine learning and deep learning are subsets of artificial intelligence that involve the development of algorithms that learn from data inputs and give intelligent output based on that data and the learned patterns.
A lot of research has been done and still is being done on implementing artificial intelligence into cloud computing. Cloud service providers such as Amazon, Google and Microsoft have already integrated AI into their clouds to improve service delivery. AI brings about capabilities such as machine learning, recognition of patterns and robotics to the cloud. On the other hand, the cloud is able to provide a wide range and large volumes of data since these capabilities are largely dependent on data as input so as to produce the desired output. The cloud also allows the systems to open-access and open-source data which is very crucial in facilitating collaborative learning.
What does that mean? Just that I now am certified to attest that I have a baseline knowledge when it comes to how to go about penetrating a network or a computer system but with the purpose of finding and fixing security vulnerabilities within an ethical framework.
Now you might ask, why should I use a security baseline? First off – it’s for OS hardening, and it saves you a lot of manual work by having ready made settings setup and gives you the importable GPOs, as well as a multitude of custom ADMX files with them visually laid out for you in a spreadsheet.
This allows you to tweak your settings to what best suits your environment.
It’s an incredibly helpful tool for image building, particularly for those of us in verticals that require constant vigilance.
To some it may have passed under the radar, for others it might be of interest.
Microsoft has released a bug bounty program for hackers, white hats, bug hunters and security researchers alike to discover, find and report vulnerabilities to Microsoft to strengthen the Microsoft portfolio.
Microsoft having dominated the market for home users and business computers have long been a favored target for cyber criminals, hobby hackers and other nefarious operatives. Meaning that just a zero-day vulnerability or any breach can cause a crisis like the recent WannaCry ransomware attack.
Microsoft has previously had bug bounty programs, but mostly they have been limited in time, or for specific suites.
Busy days, we had WannaCry remind us about the importance of patch compliance and mitigation (add political pun about encryption and weapons) and we saw IT and business rally to mitigate, patch and get their heads over water.
NotPetya spread over the same attack vector and utilized PsExec with the SMBv1 vulnerability but had a much more complicated payload, which turned out to not be ransomware, but a wiper prompting for a ransom, allowing no way to decrypt essentially rendering the data lost.
So with that in mind I decided to write a post about the upcoming Windows 10 Fall Creators Update, touching on Windows Defender ATP and security in general, and my thoughts surrounding it..
First off, it integrates Windows Defender Advanced Threat Protection (ATP) into Windows 10 essentially unifying the Windows threat protection stack.
To sum it up, it’s built in and not added on.
Security is complicated, it involves layer upon layer, there is exterior security, interior security, network, information, os hardening, user training and so on.
One of the best things with ATP?
It integrates with cloud intelligence and the rest of your security, giving you a single pane of glass for administration.
Now what is the ATP? It covers a range of features such as:
Windows Defender Exploit Guard
Windows Defender Explot Guard (WDEG) uses information from the Microsoft Intelligent Security Graph (ISG) and provides a heavy set of intrusion rules and policies to assist and prrevent advanced threats, as well as zero day exploits.
Windows Defender Application Guard
A real winner here I believe, we’ll see how it turns out when it goes live for everyone, but I like the idea of Windows Defender Application Guard (WDAG) because even if the OS stack, network stack is secure, does not necessarily mean your third-party applications for example your browser is. Example and point: when Tim in accounting accidentally downloads malicious malware or Rambo in security triggers a zero-day worm whilst researching in the wrong container, WDAG will isolate and contain the threat. Keeping your device, apps and data secure. At least in theory.
Windows Defender Device Guard
Also integrated into ATP, Device Guard allows whitelisting of applications on a per-device basis and if anything it gives the Security Operations Center better insight, and automated application control as well as implementation of DDG into ATP gives organizations an easy implementation. Well improved detection, response capabilities and a growing detection dictionary that includes more indicators of attacks (IoA) with a large suite being gathered into one product in the Windows threat protection stack will allow you to remedy, as well as spot weaknesses far faster then before, and reduces the overhead required and the custom implementations required to make all the systems “talk“.
So what is my take from this? I thoroughly believe that the creator of a product (Microsoft) is most likely the best to create a security solution best suited for their product (Windows and surrounding services).
To sum it up ATP integrated with Windows 10, and Cloud Intelligence (Office 365, Microsoft Azure) will be a huge step in the right direction, and be a valuable asset to any Service Operations Center or IT operation team.
As always if you have any suggestions about topics, articles, how-to’s and what not hit me up here or on twitter at @UlvBjornsson