Threat Intelligence

Setting up Sentinel for Kubernetes Monitoring

A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration platforms. Part 3 of 3 part series about security monitoring of your Kubernetes Clusters and CI/CD pipelines by @singhabhi  and @Umesh_Nagdev , Security GBB Link to Part 1 Link to Part 2 Introduction  In part 1 and part 2 of this series, we discussed the […]

Setting up Sentinel for Kubernetes Monitoring Continue Reading

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata

Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters Continue Reading

eBPF-Powered Threat Protection using Inspektor Gadget

On February 20th, Microsoft Defender for Containers released its new sensor component, powered by Inspektor Gadget. Inspektor Gadget is a Cloud Native Computing Foundation (CNCF) project that aims to change the way we consume and execute eBPF programs by managing its packing, deployment and execution. If you aren’t familiar with eBPF, you can read more

eBPF-Powered Threat Protection using Inspektor Gadget Continue Reading

New Microsoft guidance for the DoD Zero Trust Strategy

The Department of Defense (DoD) Zero Trust Strategy1 and accompanying execution roadmap2 sets a path for achieving enterprise-wide target-level Zero Trust by 2027. The roadmap lays out vendor-agnostic Zero Trust activities that DoD Components and Defense Industrial Base (DIB) partners should complete to achieve Zero Trust capabilities and outcomes. Microsoft commends the DoD for approaching

New Microsoft guidance for the DoD Zero Trust Strategy Continue Reading

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers

Clouds and FEDRAMP Before we dive into how to ingest data from AWS into Microsoft Sentinel, we need to understand what levels each cloud is FedRamp authorized to operate.  This is not a deep discussion on compliance, just a quick overview of what levels each cloud is authorized to operate at.  For specific compliance or

Ingesting Non-Microsoft Cloud Security Data into Microsoft Sentinel for Government & DIB Customers Continue Reading

An Enterprise Design for Azure Machine Learning – An Architect’s Viewpoint

1. Problem Statement Many Organisations want to create enterprise data science capability. The goals can include unlocking value from their data assets, reducing cost, and driving customer engagement. While many organisations have an initial capability, challenges can arise while “scaling and industrialization” into an enterprise service. This Point-of-view provides an opinionated design for a “fit

An Enterprise Design for Azure Machine Learning – An Architect’s Viewpoint Continue Reading

How Microsoft discovers and mitigates evolving attacks against AI guardrails

As we continue to integrate generative AI into our daily lives, it’s important to understand the potential harms that can arise from its use. Our ongoing commitment to advance safe, secure, and trustworthy AI includes transparency about the capabilities and limitations of large language models (LLMs). We prioritize research on societal risks and building secure,

How Microsoft discovers and mitigates evolving attacks against AI guardrails Continue Reading

Azure Firewall: Comprehensive Comparison & Best Practices

Azure Firewall, a managed, cloud-based network security service, is an essential component of Azure’s security offerings. It comes in three different versions – Basic, Standard, and Premium – each designed to cater to a wide range of customer use cases and preferences. This blog post will provide a comprehensive comparison of these versions, discuss best

Azure Firewall: Comprehensive Comparison & Best Practices Continue Reading

Microsoft Defender for Cloud Full Coverage for Azure Open-Source Relational Databases

Microsoft Defender for Cloud now provides full threat protection coverage for all instances of Azure open-source relational databases: PostgreSQL, MySQL and MariaDB – helping customers safeguard their business-critical database against cyberattacks. Azure Database for MySQL Flexible Server (GA as of today) and Azure Database for PostgreSQL Flexible Server (extended post-GA features), providing customers with a

Microsoft Defender for Cloud Full Coverage for Azure Open-Source Relational Databases Continue Reading

Microsoft Defender for Cloud Adds Full Coverage for Azure Open-Source Relational Databases

Microsoft Defender for Cloud now provides full threat protection coverage for all instances of Azure open-source relational databases: PostgreSQL, MySQL and MariaDB – helping customers safeguard their business-critical database against cyberattacks. Azure Database for MySQL Flexible Server (GA as of today) and Azure Database for PostgreSQL Flexible Server (extended post-GA features), providing customers with a

Microsoft Defender for Cloud Adds Full Coverage for Azure Open-Source Relational Databases Continue Reading