by Contributed | May 10, 2021 | Technology
This article is contributed. See the original author and article here.
IoT Hub support for Azure Active Directory (Azure AD) and Role-Based Access Control (RBAC) is now generally available for service APIs. This means you can secure your service connections to IoT Hub with much more flexibility and granularity than before.
Existing shared access policy users, including users with Owner and Contributor roles on an IoT hub, are not affected. For better security and ease of use, we encourage everyone to switch to using Azure AD whenever possible.
Granular access control to service APIs
For example, you have a service the needs read access to device identities and device twins. Before, you must give this service access to your IoT hub by using shared access policy to include both the registryRead and the serviceConnect permissions. This works fine, but your service now also has permission to send direct methods and update twin desired properties (as part of serviceConnect). The unnecessary additional privileges can be used by an attacker to mess with your devices, if the credentials are compromised.
For additional security, the industry best practice is to follow the principle of least privilege. With Azure AD and RBAC support, you can grant granular permissions to achieve this. If you want your service to be able to read twins, and nothing else, assign its service principal or managed identity a role with Microsoft.Devices/IotHubs/twin/read permission. And that’s it! This service cannot update twin or send direct methods. You’ve achieved least privilege.
Getting started
To get started, grant your users, groups, service principals or managed identities roles with the new permission. The built-in roles, permissions, and links to samples are published on our documentation page Control access to IoT Hub with Azure AD.
by Contributed | May 10, 2021 | Technology
This article is contributed. See the original author and article here.
According to industry experts, threat intelligence (TI) is a key differentiator when evaluating threat protection solutions.
But IoT/OT environments have unique asset types, vulnerabilities, and indicators of compromise (IOCs). That’s why incorporating threat intelligence specifically tailored to industrial and critical infrastructure organizations is a more effective approach for proactively mitigating IoT/OT vulnerabilities and threats.
Today we’re announcing that TI updates for Azure Defender for IoT can now be automatically pushed to Azure-connected network sensors as soon as updates are released, reducing manual effort and helping to ensure continuous security[1].
To get started, simply go to the Azure Defender for IoT portal and enable the Automatic Threat Intelligence Updates option for all your cloud-connected sensors. You can also monitor the status of updates from the “Sites and Sensors” page as shown below.
Viewing the status of network sensors and threat intelligence updates from the Azure portal
Threat intelligence curated by IoT/OT security experts
Developed and curated by Microsoft’s Section 52, the security research group for Azure Defender for IoT, our TI update packages include the latest:
- IOCs such as malware signatures, malicious DNS queries, and malicious IPs
- CVEs to update our IoT/OT vulnerability management reporting
- Asset profiles to enhance our IoT/OT asset discovery capabilities
Section 52 is comprised of IoT/OT-focused security researchers and data scientists with deep domain expertise in threat hunting, malware reverse engineering, incident response, and data analysis. For example, the team recently uncovered “BadAlloc,” a series of remote code execution (RCE) vulnerabilities covering more than 25 CVEs that adversaries could exploit to compromise IoT/OT devices.
Leveraging the power of Microsoft’s broad threat monitoring ecosystem
To help customers stay ahead of ever-evolving threats on a global basis, Azure Defender for IoT also incorporates the latest threat intelligence from Microsoft’s broad and deep threat monitoring ecosystem.
This rich source of intelligence is derived from a unique combination of world-class human expertise — from the Microsoft Threat Intelligence Center (MSTC) — plus AI informed by trillions of signals collected daily across all of Microsoft’s platforms and services, including identities, endpoints, cloud, applications, and email, as well as third-party and open sources.
Threat intelligence enriches native behavioral analytics
IOCs aren’t sufficient on their own. Enterprises regularly contend with threats that have never been seen before, including ICS supply-chain attacks such as HAVEX; zero-day ICS malware such as TRITON and INDUSTROYER; fileless malware; and living-off-the-land tactics using standard administrative tools (PowerShell, WMI, PLC programming, etc.) that are harder to spot because they blend in with legitimate day-to-day activities.
To rapidly detect unusual or unauthorized activities missed by traditional signature- and rule-based solutions, Defender for IoT incorporates patented, IoT/OT-aware behavioral analytics in its on-premises network sensor (edge sensor).
Threat intelligence complements and enriches the platform’s native analytics, enabling faster detection of IOCs such as known malware and malicious DNS requests, as shown in the threat alert examples below.
Example of SolarWinds threat alert generated from threat intelligence information
Example of malicious DNS request alert generated from threat intelligence information
Summary — Detecting Known and Unknown Threats
Effective IoT/OT threat mitigation requires detection of both known and unknown threats, using a combination of IoT/OT-aware threat intelligence and behavioral analytics.
With new cloud-connected capabilities provided with v10.3 of Azure Defender for IoT, industrial and critical infrastructure organizations can now ensure their network sensors always have the latest curated threat intelligence to continuously identify and mitigate risk in their IoT/OT environments.
Learn more
Go inside the new Azure Defender for IoT including CyberX
Update threat intelligence data – Azure Defender for IoT | Microsoft Docs
What’s new in Azure Defender for IoT – Azure Defender for IoT | Microsoft Docs
See the latest threat intelligence packages
About Azure Defender for IoT
Azure Defender for IoT offers agentless, IoT/OT-aware network detection and response (NDR) that’s rapidly deployed (typically less than a day per site); works with diverse legacy and proprietary OT equipment, including older versions of Windows that can’t easily be upgraded; and interoperates with Azure Sentinel and other SOC tools such as Splunk, IBM QRadar, and ServiceNow.
Gain full visibility into assets and vulnerabilities across your entire IoT/OT environment. Continuously monitor for threats with IoT/OT-aware behavioral analytics and threat intelligence. Strengthen IoT/OT zero trust by instantly detecting unauthorized or compromised devices. Deploy on-premises, in Azure-connected, or in hybrid environments.
[1] Of course, clients with on-premises deployments can continue to manually download packages and upload them to multiple sensors from the on-premises management console (aka Central Manager).
by Contributed | May 10, 2021 | Technology
This article is contributed. See the original author and article here.
Kahua provides project management and collaboration software focused on real estate, engineering, construction, and operations industries. Kahua’s solution helps manage project and program costs, documents, and processes from inception through implementation to improve efficiency and reduce risk.
Recently Kahua has been selected by US General Services Administration (GSA) Public Building Service for its new management information system to manage 8600+ assets, with 370 million square feet of workspace for 1.1 million federal employees and preserve 500+ historic properties.
The Challenge & Technical Requirements
Kahua needed a future-proof solution which builds on its legacy desktop application, while using C#, XAML and Azure skillsets of its developers. Kahua had a short timeline and a recurring imperative to bring new features to market quickly, on different devices – from desktop to web and mobile. In addition, Kahua’s developers wanted to reduce the time to market by maintaining a single codebase application which prevents re-implementing the same functionality for different platforms.
Due to the nature of managing access for users in high-security environments such as financial institutions and government agencies, security was a major requirement. Additionally, the solution had to enable accessibility and localization.
For users, the UI had to be modern and intuitive, providing simple onboarding and consistent, immersive experience for users on all devices.
The Solution
Kahua selected WinUI 3 – Reunion, Uno Platform and Azure to rapidly develop and deploy a multi-platform solution.
On Windows, Kahua uses WinUI 3 to deliver a delightful and modern user experience on Windows. To achieve a pure web experience, Kahua is utilizing the Uno Platform to provide a solution that is built with and runs on top of the Microsoft technology stack of Azure, .NET 5&6, and WinUI 3. To reach additional platforms such as macOS, iOS and Android, Kahua is also using Uno Platform to provide user experiences specific to mobile devices and smaller form factors.
By utilizing WinUI 3 – Reunion, Uno Platform and Azure, Kahua is meeting its requirements for security and accessibility. The Web application provides for a zero-installation experience, allowing IT departments to breathe easier and approve application updates without extensive investigation and review. Kahua can scale its operations quickly and reach users internationally.
The users can access the solution on any device, be it through any modern browser or native app on the device of their choice. The user interface across devices is modern, familiar, and consistent as it is built with the same UI technology.
Code and Skill Reuse
The Kahua development team experienced 4X productivity compared to alternative solutions evaluated. New functionality is developed once, in a single codebase. The team benefited from a mature Windows developer ecosystem and skillset on hand.
The Kahua development team was able to reuse a significant amount of the code from its legacy application, as well as utilize over 45 controls from WinUI and Windows Community Toolkit as well as 3rd party controls by Syncfusion.
“By combining Microsoft WinUI 3 and Uno Platform we are able to provide our customers with features, functionality and security that is simply unachievable with any other solution” – said Colin Whitlatch, CTO of Kahua.
by Contributed | May 10, 2021 | Technology
This article is contributed. See the original author and article here.
At Microsoft Azure, along with our partners, we obsess over solving our customers’ biggest problems in a wide range of areas such as manufacturing, energy sustainability, weather modeling, autonomous driving, and more.
Microsoft and Altair have collaborated in multiple areas ranging from EDA optimization, AI in the Cloud, and high-end simulation. Microsoft Azure is participating in the Altair HPC summit on 11th and 12th May 2021- we will be showcasing some of our recent collaborative projects as follows:
Event
|
Microsoft participant
|
Why you should tune in
|
Roundtable: AI Takes to the Clouds
|
Nidhi Chappell, GM Azure Compute
|
As companies find more ways to deploy AI for real-time predicting and prescribing, the resource requirement for training data-heavy models will yield increased demand for HPC infrastructure in the cloud. Additionally, organizations are exploring the application of AI to HPC, using AI to augment HPC optimization and even automate cloud migration.
In this panel we speak with chip industry leaders and cloud service providers to get their take on the impact and trends they are seeing from companies who are taking an AI-first approach and how it’s driving the move to the cloud.
|
Microsoft Azure: Using I/O Profiling to Migrate and Right-size EDA Workloads in Microsoft Azure
|
Michael Requa, Sr. Program Manager, Microsoft
|
When one of the largest semiconductor companies asked for help using Azure to run its EDA workloads, Microsoft teamed up with Altair.
The semiconductor company was running a relatively large design of 100 million transistors. We used Altair Breeze™, an I/O profiling tool, to troubleshoot and tune the company’s workload before and after migrating it to Azure. Breeze revealed I/O patterns that had previously gone unnoticed and showed us how to significantly improve application run time.
This presentation will outline how Microsoft used Breeze to diagnose I/O patterns, choose the workflow segments best suited for the cloud, and right-size the Azure infrastructure. The result was better performance and lower costs for our customer.
|
Microsoft, Altair nanoFluidX on Azure’s new NDv4
|
Jon Shelley, Principal PM Manager, Microsoft Azure
|
In this session Microsoft will showcase Azure’s new ND A100 v4 VM series running Altair nanoFluidX™. By leveraging Azure’s most powerful and massively scalable AI VM, available on demand from eight to thousands of interconnected Nvidia GPUs across hundreds of VMs, users can scale nanoFluidX to over 100M particles with ease.
|
About Altair:
Altair is a global technology company that provides software and cloud solutions in the areas of simulation, high-performance computing (HPC), and artificial intelligence (AI). Altair enables organizations across broad industry segments to compete more effectively in a connected world while creating a more sustainable future
References
by Contributed | May 10, 2021 | Technology
This article is contributed. See the original author and article here.
By Christine Alford, Director, Business Program Management
User-generated content has an ever-expanding impact in today’s age of online connectivity. Azure Marketplace partners like Squigl are applying user-generated content to more than just its familiar marketing business cases, bringing it into the corporate learning space. Squigl for Enterprise uses AI assistance to rapidly transform existing content into training videos. These videos are designed to increase viewer attention and boost information retention, facilitating learning.
Andrew Herkert, Vice President of GTM at Squigl, shares five tactics below for user-generated content in corporate learning and human resources environments:
Brand leaders worldwide are crowd-sourcing creative via user-generated content (UGC). This means audio clips, advertorials, social proof, video, textual content, and other forms of media are being amassed by the petabyte. This content has immense value. When used tactically, these troves of content can yield considerable ROI (10x-20x or more, according to Forrester). When making buying decisions, consumers are highly impressed by key opinion leaders and social engagement, byproducts of UGC.
Businesses can translate marketing value drivers from UGC to the disciplines of human resources or learning and development with the help of Microsoft Azure and Microsoft Cognitive Services. With the correct UGC strategies, businesses can tactically execute design and delivery of a valuable solution. More than a year into the COVID-19 pandemic, the idea of engaging with distributed teams needs to become a reality.
“In today’s remote work environments, it is more important than ever to meet employees’ varied learning and communications needs, wherever they are,” said Jake Zborowski, general manager BO&PM management at Microsoft. “Squigl, a highly innovative content creation solution available in Azure Marketplace, enables business professionals to meet those needs quickly and with demonstrable ROI. Sharing relevant, engaging, just-in-time Squigl videos will enable the remote workforce to achieve their objectives and create market value.”
Below are five example tactics taken from the Squigl install base and deployed globally, often across multiple customer instances, with considerable returns generally above 20x:
1. Storytelling: Users respond to prompts to create content on an integrated PaaS environment, combining Squigl with existing front-end content management system elements, while Squigl’s AI processes the content. AI amplifies and elevates the resonance (impact) of the message. Culturally sensitive, AI-driven media containing user stories can now be crowd-sourced from around the world with greater impact than ever.
2. Creative competition: Squigl users are given incentive to create something in the style of, or similar to, a model set forth by the brand leaders. Brand leaders create a 3-to-5-minute content piece, then prompt users to create a story of their own in response to the original content.
3. Analyst’s day: Squigl users produce meta brand content used in conjunction with fiduciary reporting to add a “human element” to index valuation discussions and beyond. Predictable growth ensued in a Fortune 10 company when deployed consistently.
4. Brand fan: Brand leaders create sequences of UGC tactics and begin to attribute and publicly recognize contributions made by power users over time. Reddit’s Karma system originated this in the mainstream. The same principles apply in B2C as in B2B.
5. FAQ and product advertisements: Brands can now rely on end users to create ”tips and tricks” and other ”power user” content oriented at accelerating product evangelism curves.
The above campaign tactics apply near-unilaterally at the global level, and are proven playbooks to drive growth from zero base as well as in established channels.
In combining AI and UGC and bringing this stack in-house, key metrics can grow by 200 percent or more if the right models are trained against the right data sets with the right outcomes in mind. The below chart illustrates how AI can reallocate time for teachers, generally showing potential to reallocate as much as 20 percent to 30 percent of their time to more meaningful interactions.
Neural networks customize delivery of content timing, process language (translate, speak, interpret, etc.), and execute event triggers. This means when applied to UGC, artificial intelligence automation (AutoML) can enhance business impact drastically. McKinsey has shown that 50 percent to 150 percent engagement uplifts driven by AI are the new benchmark.
This is an ongoing and rapidly developing trend, and Squigl is fervently pursuing this outcome for millions of end users at hundreds of multinationals worldwide.
Recent Comments