This study guide for Microsoft's 74-409 Server Virtualization with Windows Server Hyper-V and System Center exam will take you through each of the exam objectives, helping you to prepare for and pass the examination. By practicing these 8 chapters of the study guide you will learn about:
Login or sign-up below to download this informative-free resource!
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access.
Cloud misconfiguration — incorrect control settings applied to both hardware and software elements in the cloud — are threat vectors that amplify the risk of data breaches. A new report from cloud security vendor Qualys, authored by Travis Smith, vice president of the company’s Threat Research Unit lifts the lid on risk factors for three major cloud service providers.
Smith wrote that Qualys researchers, analyzing misconfiguration issues at Amazon Web Services, Microsoft Azure and Google Cloud Platform, found that within Azure, 99% of the disks are either not encrypted or aren’t using customer-managed keys that give users control of encryption keys that protect data in software as a service applications.
The study, which reviewed encryption, identity and access management and failures to monitor external-facing assets examined risks to unauthorized access due to:
Smith wrote that the company’s reachers found that 85% of the keys aren’t rotated, meaning automatic key rotation isn’t enabled. Amazon offers automatic key rotation — generating new cryptographic material — on a 365 day cycle for keys.
Qualys also reported that in GCP environments, 97.5% of virtual machine disks for critical virtual machines lack encryption using customer-supplied encryption keys.
Jump to:
Qualys found poor implementation levels of IAM in all three major providers:
Qualys noted that a common mistake by users across the three platforms is public exposure of data:
Recommendations by the firm included reviewing research by the Center for Internet Security including work Qualys participated in: mapping of individual controls to the MITRE ATT&CK tactics and techniques.
Qualys contributed to developing these CIS benchmarks for AWS, Azure and GCP. The benchmarks will help offer some valuable insight and context for defenders to better prioritize the hundreds of hardening controls available in cloud environments.
Qualys also looked at how firms are deploying controls to harden their cloud postures across the three major platforms, noting that privilege escalation (96.03%), initial access (84.97%) and discovery (84.97%) are passing at the highest rates.
Efforts to control attacks early are helping to ameliorate more harmful consequences further along the the kill chain:
Smith wrote that since crypto mining malware is a threat to cloud environments, organizations should consider mitigating such controls to reduce their organizational risk in the cloud.
“The lesson from these data points is that almost every organization needs to better monitor cloud configurations,” said Smith, adding that scans for CIS controls failed 34% of the time for AWS, 57% for Microsoft Azure and 60% for GCP (Figure A).
Figure A
“Even if you believe your cloud configurations are in order, the data tells us that not regularly confirming status is a risky bet. Scan the configurations often and make sure the settings are correct. It takes just one slip-up to accidentally open your organization’s cloud to attackers,” wrote Smith.
Head over to our on-demand library to view sessions from VB Transform 2023. Register Here
Exploiting gaps in cloud infrastructure that are leaving endpoints, identities and microservices exposed is a quick way for an attacker to steal credentials and infect an enterprise’s DevOps process. Attacks to exploit such gaps are skyrocketing.
The recent 2023 Thales Cloud Security Study provides hard numbers: 39% of enterprises have been hit with a data breach starting in their cloud infrastructure this year alone. A total of 75% of enterprises say that more than 40% of the data they store in the cloud is sensitive. Less than half of that data is encrypted.
CrowdStrike’s 2023 Global Threat Report explains why cloud-first attacks are growing: Attackers are moving away from deactivating antivirus, firewall technologies and log-tampering efforts and toward modifying core authentication processes, along with quickly gaining credentials and identity-based privileges.
The attackers’ goal is to steal as many identities and privileged access credentials as possible so they can become access brokers — selling stolen identity information in bulk at high prices on the dark web. Access brokers and the brokerages they’re creating often turn into lucrative, fast-growing illegal businesses. CrowdStrike’s report found more than 2,500 advertisements for access brokers offering stolen credentials and identities for sale.
VB Transform 2023 On-Demand
Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.
Consolidating tech stacks continues to dominate CISOs’ plans, driven by the need to Excellerate efficacy, manage a more diverse multicloud security posture, close gaps between cloud apps and shift security left in DevOps pipelines. All these factors are contributing to the growing adoption of cloud-native application protection platforms (CNAPP).
“CNAPPs are formed from the convergence of cloud security posture management (CSPM) and cloud workload protection platform (CWPP) capabilities as well as other security tooling like entitlement management, API controls and Kubernetes posture control,” reads Gartner’s 2023 Planning Guide for Security.
Leading CNAPP vendors are competing in various areas, the most important of which include the efficacy of their cloud infrastructure entitlement management (CIEM), Kubernetes security, API controls and cloud detection and response (CDR), according to CISOs VentureBeat spoke with. Demand for CNAPP is greatest in larger enterprises from highly regulated industries that rely on extensive multicloud configurations. Finance, government and healthcare providers are among the most dominant industries.
CISOs tell VentureBeat that one of the most practical benefits of CNAPPs is the opportunity to consolidate legacy tools with limited visibility across all threat surfaces and endpoints. The takeaway? Reducing tool sprawl is a quick win.
Full-platform CNAPP vendors provide integrated cloud-native security platforms ranging from DevOps to production environments. Here are the top 20 platforms of 2023:
Aqua Security: Highly regarded for its approach of scanning container registries and images, CSPM and runtime protection for container and cloud-native security. Also has full life cycle protection and advanced runtime techniques, including support for the extended Berkeley Packet Filter (eBPF).
Check Point: Provides a broad set of capabilities through its CloudGuard platform, including CSPM, CIEM and advanced runtime protection. Known for securing cloud workloads across environments with identity-centric access controls, as well as threat intelligence integration to provide real-time contextual prioritization of risks.
Cisco: Recently acquired Lightspin for its Kubernetes security capabilities and CSPM. Its Tetration platform focuses on runtime protection, leveraging eBPF and third-party insights for advanced container monitoring and granular controls. Cisco emphasizes behavioral analytics to detect anomalies and threats in container environments and provides strong controls to limit lateral movement between workloads.
CrowdStrike: Offers a leading CNAPP suite emphasizing identity-centric visibility, least-privilege enforcement and continuous monitoring. Its runtime protection leverages agents and eBPF for workload security. CrowdStrike’s key design goals included enforcing least-privileged access to clouds and providing continuous detection and remediation of identity threats.
Cybereason: Platform focuses heavily on malicious behavior detection. A core strength is its ability to detect threats using behavior-based techniques. The company is also known for API integrations, AI and machine learning (ML) expertise. Cybereason specializes in detecting compromised accounts and insider threats via detailed user activity monitoring.
Juniper Networks: Collects extensive data on device posture and traffic patterns to provide networking context for security insights. Also enables segmentation controls between Juniper devices.
Lacework: Focused on workload behavior analysis for containers and runtime techniques such as eBPF to gain a comprehensive insight into container activity and performance. Its emphasis on detecting anomalies using advanced ML algorithms that are custom-tuned for containerized environments is a key differentiator.
Microsoft: Integrates security across Azure services with zero-trust controls, enforces least-privileged access and provides workload protections such as antivirus and firewalls. Uses Microsoft Graph to correlate security analytics and events across Azure.
Orca Security: Performs continuous authorization checks on identities and entitlements across cloud environments. A key differentiator is the ability to generate detailed interactive maps that visualize relationships between cloud assets, users, roles and permissions.
Palo Alto Networks Prisma Cloud: Provides a broad suite of capabilities, including identity-based microsegmentation and robust runtime protection with eBPF. Prisma Cloud is an industry leader known for advanced protections such as deception technique and includes extensive compliance automation and DevSecOps integrations.
Qualys: Focuses on compliance and vulnerability management through continuous scanning and least-privilege controls. Identifies vulnerabilities throughout the life cycle and enables automated patching and remediation workflows. Another key differentiator is compliance mapping and reporting.
Rapid7: Enforces least privilege access and enables automated response and remediation triggered by events. Offers pre configured policies and streamlined workflows designed for small security teams. An intuitive user interface and rapid implementation aim to simplify deployment and usability for organizations with limited security resources.
Sonrai Security: Focuses on entitlement management and identity-based security using graph database technology to discover and map user identities across cloud environments. User identity, geolocation and other contextual factors can define custom access controls.
Sophos: Focuses on data security, compliance and threat monitoring capabilities and offers advanced data loss prevention such as file fingerprinting and optical character recognition. Cloud environments also have anti-ransomware protections.
Sysdig: Centered on runtime security and advanced behavioral monitoring. For container-level visibility and anomaly detection, the platform uses embedded agents. Sysdig Secure Advisor includes an integrated security assistant to help SecOps and IT teams create policies faster.
Tenable: Focused on compliance, entitlement management and identity governance. Offers comprehensive compliance automation mapped to PCI, HIPAA and ISO regulations. Also provides differentiated identity and compliance management through advanced capabilities to enforce least privilege and certify access.
Trend Micro: Includes runtime security, compliance and threat monitoring, enforces policies and protects cloud environments from file- and email-based threats. Custom sandboxing for suspicious file analysis is also included.
Uptycs: Differentiates itself by combining CNAPP capabilities with extended detection and response (EDR) capabilities. Employs data lake techniques to store and correlate security telemetry across cloud and container workloads. Threats are identified using behavioral analytics, and automated response workflows allow for rapid remediation.
Wiz: Centered on continuous access controls, micro segmentation and identity-based adaptive security. Automatically discovers and visualizes relationships between cloud assets, users and permissions. Wiz also conducts risk analysis to identify potential attack paths and stands out with its specialized visualization, identity management and micro-segmentation.
Zscaler: Posture Control prioritizes risks caused by misconfigurations, threats and vulnerabilities. Completely agentless and correlates data from multiple security engines.
CNAPPs are gaining popularity as CISOs look to consolidate and strengthen their security technology stacks. Platforms can provide integrated security across the development lifecycle and cloud environments by combining capabilities including cloud workload protection, container security and CIEM.
CNAPP adoption will continue accelerating in highly regulated industries including finance, government and healthcare. CISOs in these industries are under pressure to consolidate tech stacks, Excellerate compliance and secure complex cloud infrastructure simultaneously. Because they provide a unified platform that meets multiple security and compliance requirements, CNAPPs are proving to be an effective consolidation catalyst.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.
Journal Reports: Leadership
The Best-Managed Companies Have the Most AI Jobs Postings. What Explains That?
By Rick Wartzman , and Kelly Tang
July 29, 2023 at 3:00 PM ET
It may be a virtuous circle: The most-effective companies are good at looking ahead, and investing in AI makes them the most-effective companies.
This page provides resources for Microsoft HoloLens - augmented reality glasses that can be used to conduct behavioural science experiments.
The page includes introductory videos that provide basic information on what Microsoft HoloLens is and how to use it. The page also contains links to tutorials that will show you how to use HoloLens and produce different "holograms" to manipulate people's visual experience.
The website is still under construction and will in the future include more tutorials for using HoloLens for experimental research as well as examples of previous student dissertations that employed this technology.
Follow the below links to get familiar with what Micosoft HoloLens is, which functionalities it has, and how it can change your visual environment.
For a tutorial on how to use Microsoft HoloLens follow the below link;
For further resources on Microsoft HoloLens follow the links below;
During those six months, the most widely encountered high-risk incidents — threats that require immediate defensive action — involved some kind of identity abuse. These kinds of attacks have become increasingly sophisticated over time, but they were spotted and blocked by the Managed XDR platform with the aid of AI-based account profiling.
In a work context, everyone has a distinctive digital profile in terms of how, where, and when they work. If an IT event falls outside these pattern perimeters, a red flag goes up — and even when the attacks are so subtle and devious that it takes an expert SOC analyst to confirm the malicious intent, the AI-based detection ensures this happens.
From everyday event to urgent action
Between January and July 2023, Barracuda’s Managed XDR platform collected 950 billion IT events from customers’ integrated network, cloud, email, endpoint, and server security tools.
These nearly one trillion events include everything from logins (both successful and unsuccessful), network connections, and traffic flows, to email messages and attachments, files created and saved, application and device processes, changes to configuration and registry, and any specific security warnings.
0.1% of these events (985,000) were classed as ‘alarms,’ activity that could be malicious and required further investigation.
Out of these, one in 10 (9.7%) was flagged to the customer for checking, while a further 2.7% were classed as high risk and passed to a SOC analyst for deeper analysis. 6,000 required immediate defensive action to contain and neutralise the threat.
The most frequently detected high-risk attacks
The three most common high-risk detections by Managed XDR and investigated by SOC analysts during the first six months of 2023 were:
1. “Impossible travel” login events
These occur when a detection shows a user is trying to log into a cloud account from two geographically different locations in rapid succession — with the distance between them impossible to cover in the time between logins. While this can mean they are using a VPN for one of the sessions, it is often a sign that an attacker has gained access to a user's account. Impossible travel logins should always be investigated.
Barracuda XDR’s impossible travel detection for Microsoft 365 accounts detected and blocked hundreds of attempted business email compromise (BEC) attacks between January and July.
In one incident investigated by the SOC team, a user logged into their Microsoft 365 account from California, and then just 13 minutes later from Virginia. To physically achieve this, they would have to travel at a speed exceeding 10,000 miles per hour. The IP used to log in from Virginia was not associated with a known VPN address, and the user did not normally log in from this location. The team notified the customer who confirmed that this was an unauthorised login, immediately reset their passwords, and logged the rogue user out of all active accounts.
2. “Anomaly” detections
These detections identify unusual or unexpected activity in a user's account. This could include things like rare or one-off login times, unusual file access patterns, or excessive account creation for an individual user or organisation. Such detections can be a sign of a variety of problems, including malware infections, phishing attacks, and insider threats. If you see an anomaly style detection, you should investigate the account to see what caused the anomaly.
Barracuda Managed XDR has a Windows “rare hour for user” detection baseline that recognises the sign-in patterns for a particular user and flags when that user logs in at an unusual time. The SOC team has issued over 400 alerts for this kind of activity since January 2023.
3. Communication with known malicious artifacts
These detections identify communication with red flagged or known malicious IP addresses, domains, or files. This can be a sign of a malware infection or a phishing attack. If you see a communication with a known malicious or suspicious artifact, you should immediately quarantine the computer and investigate the infection.
AI in attackers’ hands
While the above shows how AI can significantly enhance security, it can also be used for malicious purposes by attackers.
For example, generative AI language tools can create highly convincing emails that closely mimic a legitimate company's style, making it much more difficult for individuals to discern whether an email is legitimate or a phishing, account takeover, or BEC attempt.
AI tools are also likely to be used by attackers to automate and dynamically emulate adversarial behaviors, making their attacks more effective and harder to detect.
For example, command line utilities powered by AI can rapidly adapt to changes in a target's defenses, identify vulnerabilities, or even learn from previous failed attempts to Excellerate subsequent attacks. An early example of such a tool is "WormGPT," which is already being advertised on an underground forum and can be used by threat actors to automate the generation of malicious scripts and commands and adapt them dynamically to each specific target.
Security for a rapidly evolving threat landscape
As AI continues to advance, organisations need to be aware of the potential risks and take steps to mitigate them.
This should involve robust authentication measures, such as multifactor authentication at a minimum but ideally moving to Zero Trust approaches, and continuous employee training, particularly with regard to phishing attacks.
IT security teams and their external security providers should try to stay informed about the latest AI-powered threats and adapt their security posture. But it’s equally important to remember the basics — ensure that systems and software are kept up to date and that you have full visibility of the IT environment.
If this sounds complex and resource-intensive, don’t worry. There is a growing industry-wide approach toward integrated security services and platforms. There are now excellent options available for managed support, XDR, and round-the-clock (24×7) SOC-as-a-service to monitor, detect, and respond to cyberthreats at any time of day or night, always keeping you and your assets safe.
The findings are based on detection data from Barracuda Managed XDR, an extended visibility, detection, and response (XDR) platform, backed by a 24×7 security operations center (SOC) that provides customers with round-the-clock human and AI-led threat detection, analysis, incident response, and mitigation services.
This report provides an overview of Microsoft Azure. It includes the company's financials as well as information on its competitors. A special focus chapter highlights the products and services available on the Microsoft Azure marketplace, as well as DDoS attacks on the Azure infrastructure. Finally, a chapter on virtualization is included.
