New tools to fight gift card scams

New tools to fight gift card scams

This article was originally posted by the FTC. See the original article here.

This holiday season (and year-round), gift cards are on scammers’ wish lists. Scammers always have a reason for you to pay them immediately with a gift card. And they often tell you which card to buy and which store to visit. That’s why the FTC is launching a new Stop Gift Card Scams campaign to work with stores and law enforcement to fight these scams. And it’s also why the FTC has taken another look at reporting data to see what’s happening lately.

At ftc.gov/StopGiftCardScams, you can find materials to help people avoid gift card scams. If you’re a retailer (or even if you visit one), you can download, print, and share these materials in your store and community. You’ll find a display rack sign, cashier infographic card, bookmark, and a sticker. Stop Gift Card Scams is also available in Spanish. In fact, the FTC is working with our friends at the U.S. Department of Justice and in local law enforcement to help get the word out nationwide.

This is pressing because the FTC’s data show that, nationwide, gift cards are a top way that people report paying most scammers. People tell the FTC that, since 2018, they’ve paid almost $245 million to scammers, with a median loss of $840. Just today, the FTC released an updated Data Spotlight with some interesting new developments:

  • Reports suggest eBay is scammers’ current gift card brand of choice. It was Google Play and iTunes, but eBay has claimed the uncoveted top spot.
  • People most often report using gift cards to pay scammers pretending to be the government, a business, tech support, or a friend or family member in trouble.
  • People report that scammers tell them to buy gift cards at Walmart, Target, CVS, and Walgreens. And once they have you there, they’ll keep you on the phone as you pay for the gift cards.

Which brings us full circle back to the Stop Gift Card Scams campaign. Read lots more in the Spotlight itself, and find out more about avoiding gift card scams at ftc.gov/giftcards. And if anyone, no matter who it is, tells you to pay with a gift card, that’s a scam. Stop, don’t pay, and then tell the FTC at ReportFraud.ftc.gov.

 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Have Your Company’s Systems Passed All the Security Tests?

Have Your Company’s Systems Passed All the Security Tests?

This article is contributed. See the original author and article here.

PassTests.gif

Dear IT Pros,

I would like to make this article more fluid and less dry, with the hope that not all my blog articles’ contents are too serious and too long to read. Let me start with a story.

Once upon a beautiful day, the Security Boss came to your desk and asked if the systems had passed all the security tests. Oh um…, you then wonder what tests are they? The Boss continue asking:

  • Really, do we have “an security examination” for system recently, how is the test for them look like?

Then, comes another story, on a certain Friday, a Company VIP brought his/her laptops to your desk and ask if it is safe from all threats. He or She then, request you to be sure that the Bitcoin Miners has not taken advantage and been using the compromised computer for their illegal money producing with “Java script Web Miner”. The VIP complained:

  • I traveled around the World, I surf the net from hotel rooms and browse many public web sites, so I do not want to be a victim of Web Miners attack. Here is the advertisement about the coin mining activities, what could we do to block this kind of script? Then the VIP show you the following image:

TanTran_1-1608566781768.png

After viewing the image, with a little bit shocking, you think:

  • Surely, I want to check if my anti-malware be able to catch them all. But how and where to start with a test site?

Well, to answer the question, we will continue discussing the testing and test sites you could use to conduct the examinations towards those systems.

  • Pass the SmartScreen test

First we will use the tests from Microsoft SmartScreen demo site, https://demo.smartscreen.msft.net  we could do the tests against the Edge browser to be sure it was protected against phishing page, malware page, malvertising, … All the tests will be conducted with fake virus and cause no harm to systems.

Malvertising (a portmanteau of “malicious advertising”) is the one popped up on a legitimate website, it  asked you to click on a link to repair or to clean up your PC, the truly malicious link which cause damage when the innocent victim click on it. Once the PC become damage to the point of pausing all its activities, the attacker then asks for a payment to repair the problem PC. You may recognize and familiar with the following advertising attack:

t1.png

Or this one:

TanTran_4-1608566781819.png

The advertisements in the internet are largely automated, with only limited human involvement. Attacker take the advantage and try to inject malicious code into the normal, benign ad page.  If successful, their infected ad will sneak through the security systems of an internet advertisement network. Even highly trusted ad networks have distributed malicious ads because of attacker’s malvertising technique.

Please make sure to enable SmartScreen or other Web protection policy for your Company Systems ASAP and test malvertising by using Microsoft SmartScreen demo site.

Edge, IE’ SmartScreen tests

TanTran_5-1608566781830.png

  • Pass the Defender tests

For the comprehensive tests, we could use Microsoft Defender Demo site,

https://demo.wd.microsoft.com. I include all tests which your systems must pass in the following table:

Cloud-delivered protection

 

Test if your Microsoft Defender Antivirus is able to report to ATP cloud service, Microsoft Advanced Protection Service (MAPS)

Detailed test steps:

https://demo.wd.microsoft.com/Page/CloudBlock

Block At First Sight (BAFS)   Sign in required

 

Test if your next generation of Anti-Virus software with Cloud based service, can block new malware just coming to the Wild for the first time and its signature is not even in Virus Definition list yet.

During the test, a fake virus file will be downloaded.

Potentially Unwanted Applications (PUA)

 

Potentially Unwanted Applications (PUA) like adware, cryptocurrency miner, coin miner, … They might perform actions on endpoints that adversely affect system performance.

To test:

  1. Go to http://www.amtso.org/feature-settings-check-potentially-unwanted-applications/
  2. Click “Download the Potentially Unwanted Application ‘test’ file” link.

 

Attack Surface Reduction (ASR) 

 

Proactive threat prevention by Attack Surface Reduction
Controlled Folder Access (CFA)

 

Proactive threat prevention by Attack Surface Reduction

To test: Use the CFA test tool to simulate an untrusted process by writing to a protected folder.

Launch CFA test tool.

Select the desired folder and create a file.

You can find more information here

Network Protection (NP)

 

Proactive threat prevention by Attack Surface Reduction
Exploit Protection (EP)

 

Proactive threat prevention by Attack Surface Reduction
VDI testing guide

 

Download this guide to test new virtual desktop infrastructure security intelligence update features. This requires VMs and a host running Windows 10 Insider Preview build 18323 or later.

 

  • Pass the Security Industry AMTSO tests

After successfully testing your environment with Microsoft demo, you could continue testing with Anti-Malware Industry Testing Site named AMTSO, www.amtso.org, it is partner with all the big vendors such as Checkpoint, Sophos, McAffee, Symantec, totalAV, Trend Micro, AV Test, F-Secure, Kapersky… for standardized testing purposes.

Let us have a look at its introduction page:

     t11.png

 

  • What test you could proceed with AMTSO website, here are the ones:

t12.png

  • Your system must pass all the applicable tests.
  • The test name, “Is connected to a cloud-based lookup system” is used for AV software who is capable of filtering Web URL based on Web reputation list, black list provided by Cloud based service like Microsoft Endpoint Protection (WD ATP), Crowdstrike and FireEye,…

Test Result:

Besides blocking and warning events provided by your Antivirus software during test time, if you have setup security alert on endpoint protection service or Azure security center, you will receive alert Email Messages similar to the following one:

t10.png

Alert shown in Microsoft Defender Endpoint Protection portal (securitycenter.windows.com):

  t6.png

  • An Aggressive Test

Lastly if you still want an aggressive way to vigorously test the system if it is blocking the java script cryptocurrency miner?

You could consider using another testing site and browse the site,  www.wicar.org for testing on “cryptocurrency miner”. But first, let us read the Wicar.org introduction page:

t7.png

  • the list of tests is shown in the following image, it includes test for Java script running Cryptocurrency,
  • if you test and fail, Wicar.org will be able to run the script during your visiting time and collect a fraction of a dollar or few cents to fund its testing web site operation.

Test result

You AV should be able to block “Java Script Cryto Miners” as shown in this image:

Well, up to this point of time, it seems that my blog article has become too long!

Should I stop it right here?

I hope the blog is not boring but useful.

Until next time.

_____________________________________________

Reference:

Disclaimer

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks

New Threat analytics report shares the latest intelligence on recent nation-state cyber attacks

This article is contributed. See the original author and article here.

Microsoft security researchers have been investigating and responding to the recent nation-state cyber-attack involving a supply-chain compromise followed by cloud assets compromise.

Microsoft 365 Defender can help you track and respond to emerging threats with threat analytics. Our Threat Intelligence team has published a new Threat analytics report, shortly following the discovery of this new cyber attack. This report is being constantly updated as the investigations and analysis unfold.

The threat analytics report includes deep-dive analysis, MITRE techniques, detection details, recommended mitigations, updated list of indicators of compromise (IOCs), and advanced hunting queries that expand detection coverage.

Given the high profile of this threat, we have made sure that all our customers, E5 and E3 alike, can access and use this important information.

If you’re an E5 customer, you can use threat analytics to view your organization’s state relevant to this attack and help with the following security operation tasks:

  • Monitor related incidents and alerts
  • Handle impacted assets
  • Track mitigations and their status, with options to investigate further and remediate weaknesses using threat and vulnerability management.

For guidance on how to read the report, see Understand the analyst report section in threat analytics.

TA blog.png

Read the Solorigate supply chain attack threat analytics report:

For our E3 customers, you can read similar relevant Microsoft threat intelligence data, including the updated list of IOCs, through the MSRC blog. Monitor the blog, Customer Guidance on Recent Nation-State Cyber Attacks, where we share the latest details as the situation unfolds.

Fake calls from Apple and Amazon support: What you need to know

Fake calls from Apple and Amazon support: What you need to know

This article was originally posted by the FTC. See the original article here.

Scammers are calling people and using the names of two companies everyone knows, Apple and Amazon, to rip people off. Here’s what you need to know about these calls.

In one version of the scam, you get a call and a recorded message that says it’s Amazon. The message says there’s something wrong with your account. It could be a suspicious purchase, a lost package, or an order they can’t fulfill.

In another twist on the scam, you get a recorded message that says there’s been suspicious activity in your Apple iCloud account. In fact, they say your account may have been breached.

In both scenarios, the scammers say you can conveniently press 1 to speak with someone (how nice of them!). Or they give you a phone number to call. Don’t do either. It’s a scam. They’re trying to steal your personal information, like your account password or your credit card number.

If you get an unexpected call or message about a problem with any of your accounts, hang up.

  • Do not press 1 to speak with customer support
  • Do not call a phone number they gave you
  • Do not give out your personal information

If you think there may actually be a problem with one of your accounts, contact the company using a phone number or website you know is real.

Read our article to learn how to block unwanted calls on a mobile phone or on your home phone. And if you do get a call you think is a scam, report it at ReportFraud.ftc.gov.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Azure Marketplace new offers – Volume 82

Azure Marketplace new offers – Volume 82

This article is contributed. See the original author and article here.

We continue to expand the Azure Marketplace ecosystem. For this volume, 90 new offers successfully met the onboarding criteria and went live. See details of the new offers below:

Applications

Akenza Core- IoT made simple.png

Akenza Core- IoT made simple: Akenza Core on Microsoft Azure is an easy-to-use enterprise IoT system designed to help companies and cities build real-time connected solutions and add any type of device or technology to it.

Aparavi, The Platform.png

Aparavi, The Platform: Aparavi is a cloud-based data intelligence and automation platform that empowers organizations to find, control, and unlock the value of their data. Built on Microsoft Azure, Aparavi ensures secure access for analytics, machine learning, and collaboration.

Astronomer.png

Astronomer: Astronomer enables users to easily spin up, deploy code to, and configure isolated Apache Airflow environments on Microsoft Azure Kubernetes Service clusters. It includes a full Prometheus and Grafana monitoring stack, user permission control, and a flexible logging system for full-text log search.

Atgenomix SeqsLab.png

Atgenomix SeqsLab: Atgenomix SeqsLab creates and manages elastic Spark clusters and a parallel file system, installs container-based pipelines, and schedules tasks to execute on CPU/GPU cores. Researchers can use it as a bio-IT platform service to build DNA/RNA workflows where large-scale execution is required.

Barracuda CloudGen WAN Service.png

Barracuda CloudGen WAN Service: Barracuda CloudGen WAN is a cloud-delivered service combining the benefits of next-generation firewalls, secure SD-WAN, cloud integration, and automation to deliver a practical Secure Access Service Edge (SASE) solution on Microsoft Azure.

Better Platform.png

Better Platform: Better is an open electronic health record (EHR) data platform designed to store, manage, query, retrieve, and exchange structured EHR data. Retrieve relevant patient information in the right place at the right time to promote safe and efficient care.

Bitdefender GravityZone Elite - BYOL.png

Bitdefender GravityZone Elite – BYOL: Bitdefender’s GravityZone Elite detects and prevents sophisticated cyber threats with a proven layered approach and next-gen, non-signature technologies that stop techniques such as ransomware, zero-day malware, fileless attacks, script-based attacks, targeted attacks, and grayware.

braincure.png

braincure: Available only in Japanese, the braincure smartphone application on Microsoft Azure is designed to promote improved health and wellness among the elderly.

CLEVAS.png

CLEVAS: CLEVAS is a video sharing platform that allows users to add comments to, rate, share, and analyze educational videos. It supports learning activities such as university lectures, medical practices, corporate education, and training seminars. This app is available only in Japanese.

Dataguise for Azure Marketplace.png

Dataguise for Azure Marketplace: Dataguise monitors access to elements containing raw, sensitive data; provides thorough identity inventory and classification of sensitive data; and delivers back-end automation of data subject requests for privacy standards such as PII, PCI, HIPAA, CCPA, and GDPR.

DxEnterprise for Availability Groups (AGs).png

DxEnterprise for Availability Groups (AGs): DxEnterprise for Availability Groups (AGs) enables SQL Server AGs to be made highly available within and between Windows and Linux nodes and across any type of infrastructure – all without relying on other cumbersome, restrictive cluster orchestration technologies.

Expert Integrator for Power Platform.png

Expert Integrator for Power Platform: Expert Integrator for Power Platform integrates and rationalizes Salesforce data and presents it in an industry-specific format in Microsoft Power Platform, enabling rapid low-code/no-code development, app coexistence, and integration with Dynamics 365 and other Microsoft services.

FileCloud on Redhat Linux.png

FileCloud on Red Hat Linux: CodeLathe’s FileCloud on Red Hat Linux allows businesses to host their own branded file-sharing, sync, and backup solution on Microsoft Azure for employees, partners, and customers. It provides secure, high-performance backup across all platforms and devices with unlimited file versioning.

FlexProtect for Apps.png

FlexProtect for Apps: Imperva’s FlexProtect application security is a SaaS solution that provides multi-layered defenses to protect Microsoft Azure-hosted workloads and applications from attacks while ensuring an optimal user experience.

Fortinet FortiGate Next-Generation Firewall.png

Fortinet FortiGate Next-Generation Firewall: Fortinet FortiGate firewall technology delivers complete content and network protection by combining stateful inspection with a comprehensive suite of powerful security features. Identify and mitigate the latest complex security threats with FortiGate on Microsoft Azure.

Fortinet FortiWeb Web Application Firewall WAF VM.png

Fortinet FortiWeb Web Application Firewall WAF VM: Fortinet FortiWeb web application firewalls provide advanced features and AI-based machine learning detection engines that defend web applications from vulnerability exploits, bots, malware uploads, denial-of-service attacks, advanced persistent threats, and zero-day attacks.

Harbor Adapter Trivy Container Image.png

Harbor Adapter Trivy Container Image: Harbor Adapter for Trivy translates the Harbor API into Trivy API calls and allows Harbor to provide vulnerability reports on images through Trivy. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities.

Hexplora Healthcare Analytics.png

Hexplora Healthcare Analytics: Hexplora’s cloud-based Healthcare Analytics solution on Microsoft Azure is made for small-to-midsize risk-bearing healthcare entities entering value-based contracts. It provides insights that can help healthcare organizations reduce costs and improve quality.

Horizon.png

Horizon: SecuriThings’ Horizon is an IoTOps software-only solution that brings IT standards to the realm of IoT by providing risk detection, predictive maintenance, and automated operations. Protect IoT devices while maximizing operational efficiency in one unified view.

Identity and Data Governance for Multi-cloud.png

Identity and Data Governance for Multi-cloud: The Dig platform from Sonrai Security delivers a complete risk model of all identity and data relationships in public clouds, including activity and movement across cloud accounts, cloud providers, and third-party data stores.

IIS on Windows Server 2016.png

IIS on Windows Server 2016: This image from Skylark Cloud includes Internet Information Services (IIS) and Windows Server 2016. IIS is a flexible and secure web server for hosting anything on the web, from streaming media to web applications. IIS features scalable and open architecture that is ready to handle the most demanding tasks.

IIS on Windows Server 2019.png

IIS on Windows Server 2019: This image from Skylark Cloud includes Internet Information Services (IIS) and Windows Server 2019. IIS is a flexible and secure web server for hosting anything on the web, from streaming media to web applications. IIS features scalable and open architecture that is ready to handle the most demanding tasks.

Innovaccer’s COVID-19 Management system.png

Innovaccer’s COVID-19 Management system: Innovaccer’s COVID-19 Management System enables practices to more easily and efficiently manage and screen high volumes of patients. Innovaccer features a robust set of security policies, procedures, and controls to ensure full compliance with HIPAA requirements.

JRuby Container Image.png

JRuby Container Image: JRuby is a Java implementation of the Ruby programming language that provides core built-in classes and syntax for Ruby. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities and application updates.

Kong Helm Chart.png

Kong Helm Chart: Kong is an open-source microservice API gateway and platform designed for managing microservice requests to high-availability, fault-tolerant, and distributed systems. Bitnami ensures its Helm charts are secure, up to date, and packaged using industry best practices.

LTI Security in a Box.png

LTI Security in a Box: LTI’s Security in a Box solution provides a comprehensive security stack to support simple to complex operating environments and requirements, simplified security choices with easy cloud adoption, a zero-trust security framework based on NIST standards, and more.

Maintenance Management Solution for Solar Plants.png

Maintenance Management Solution for Solar Plants: Designed for solar operators and maintenance providers, this SharePoint maintenance management solution from WIZSP offers a flexible work environment that allows workers to collaborate seamlessly from anywhere on any device.

MATLAB Production Server (PAYG).png

MATLAB Production Server (PAYG): MATLAB Production Server is an application server for integrating MATLAB analytics into web, database, and production enterprise applications running on dedicated servers or on Microsoft Azure.

Matomo with Windows Server 2016.png

Matomo with Windows Server 2016: This image from Skylark Cloud includes Matomo, formerly Piwik, and Windows Server 2016. Matomo is a free and easy-to-use open-source web analytics application offering complete data ownership, user privacy protection, GDPR compliance, and more.

Matomo with Windows Server 2019.png

Matomo with Windows Server 2019: This image from Skylark Cloud includes Matomo, formerly Piwik, and Windows Server 2019. Matomo is a free and easy-to-use open-source web analytics application offering complete data ownership, user privacy protection, GDPR compliance, and more.

ModernFlow.png

ModernFlow: ModernFlow is an integrated process automation solution that uses Microsoft Azure and Office 365 to automate, streamline, and optimize business processes to help reduce costs, add control, and improve productivity.

Nuventive COVID-19 Response Hub.png

Nuventive COVID-19 Response Hub: Nuventive’s COVID-19 Response Hub is a quick-start cloud solution with a framework to bring your institution’s COVID-19 plan to life. Survey faculty and staff on their welfare with results linked to your plan in Nuventive.

OneCore Smart Calculation Engine.png

OneCore Smart Calculation Engine: OneCore Smart Calculation Engine allows organizations to replace different calculation engines with one central solution. This change supports a “one truth” vision where all calculations in ERP, CRM, and purpose-built systems use the same calculation mechanisms to calculate financial products.

Personalization Platform.png

Personalization Platform: CloudEngage helps you give your customers personalized, relevant, and intuitive experiences when they visit your website. CloudEngage works seamlessly with any CMS or commerce system to help increase your web and mobile conversion rates.

Photron-Mobile Video Creator.png

Photron-Mobile Video Creator: Photron-Mobile Video Creator is an iPhone/iPad video production and editing application that organizations use to document and share technology transfer, video manuals, work procedures, safety education, internal communications, and more. This app is available only in Japanese.

phpPgAdmin Container Image.png

phpPgAdmin Container Image: phpPgAdmin is a free software tool written in PHP for handling PostgreSQL database administration over the web. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities and application updates.

Platform Security (CA).png

Platform Security (CA): New Signature’s Platform Security managed service complements and integrates with your IT services, enabling your team to focus on providing great user support and working on initiatives that deliver significant business value.

Prometheus RSocket Proxy Container Image.png

Prometheus RSocket Proxy Container Image: Prometheus RSocket Proxy is a collection of resources used to get application metrics into Prometheus using a bidirectional, persistent remote procedure call (RPC) without ingress.

QuickStart.png

QuickStart: QuickStart is a cloud readiness platform that uses AI, adaptive learning, and multimodality delivery to personalize employee learning and engagement. QuickStart also accelerates Microsoft Azure or multi-cloud enablement and certification.

ResFrac Hydraulic Fracturing Reservoir Simulator.png

ResFrac Hydraulic Fracturing Reservoir Simulator: ResFrac is an integrated hydraulic fracturing and reservoir simulator that can model the well lifecycle from treatment through production. The three-dimensional compositional simulator seamlessly couples hydraulic fracturing, wellbore, geomechanical, and reservoir simulation.

Riversand PIM-MDM for Manufacturing & CPG.png

Riversand PIM-MDM for Manufacturing & CPG: Riversand’s Master Data Experience Platform for manufacturing and consumer packaged goods addresses the master data-related challenges typically encountered when organizations digitize the information value chain and enhance their omnichannel product experience for customers.

School Day Wellbeing for Individual Schools.png

School Day Wellbeing for Individual Schools: School Day supports students’ well-being in real time by delivering anonymous well-being data that supports decision-making in schools and empowers the school community to focus on learning.

ScrumGenius - Automate daily standups.png

ScrumGenius – Automate daily standups: ScrumGenius automates team status meetings to help managers track the progress, goals, and performance of their employees. It integrates with third-party tools such as Jira, GitHub, and Microsoft Azure DevOps Services to display team activity along with each member’s status updates.

SharpCloud Subscriptions.png

SharpCloud Subscriptions: SharpCloud connects people, data, and processes to create dynamic threads across a business, revealing valuable insights that can be analyzed in real time. Collaborate around data-driven stories that offer a clear view of key metrics, time, relationships, and costs across projects and portfolios.

Spring Cloud Data Flow Container Image.png

Spring Cloud Data Flow Container Image: Spring Cloud Data Flow is a microservices-based toolkit for building streaming and batch data processing pipelines in Cloud Foundry and Kubernetes. Bitnami packages applications following industry standards and monitors components and libraries for vulnerabilities and application updates.

Spring Cloud Data Flow Shell Container Image.png

Spring Cloud Data Flow Shell Container Image: Spring Cloud Data Flow Shell is a tool for interacting with the Spring Cloud Data Flow server. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities and application updates.

Spring Cloud Skipper Container Image.png

Spring Cloud Skipper Container Image: This package manager installs, upgrades, and rolls back Spring Boot applications on multiple cloud platforms. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities and application updates.

Spring Cloud Skipper Shell Container Image.png

Spring Cloud Skipper Shell Container Image: Spring Cloud Skipper Shell is a tool for interacting with the Spring Cloud Data Skipper server. Bitnami packages applications following industry standards and continuously monitors all components and libraries for vulnerabilities and application updates.

Sukra Industrial Platform.png

Sukra Industrial Platform: Based on flexible microservices, sukra.io is a fully customizable, enterprise-grade IoT platform that scales with the needs of any business and supports advanced deployment models for multi-cloud IoT solutions.

TwinWorX - Centralized Monitoring and Control of Facilities.png

TwinWorX – Centralized Monitoring and Control of Facilities: TwinWorX is a scalable and secure platform that integrates and normalizes all telemetry data into a single platform, resulting in increased operational visibility while providing real-time and historical data for visualization, reporting, analytics, optimization, and more.

Visual Diagnostics.png

Visual Diagnostics: Vastmindz uses AI, computer vision, and signal processing technology to turn any device with an embedded camera into a non-invasive diagnostic tool that displays information about an individual’s heart rate, respiration rate, oxygen saturation levels, stress levels, and more.

Wault.png

WAULT: The WAULT platform provides secure and verifiable data exchange between users and companies involved in business transactions without compromising privacy or data control. It’s ideal for storing and sharing verified documents that you don’t want changed.

WAULT Portal for Businesses and Individuals.png

WAULT Portal for Businesses and Individuals: This is the trial version of the WAULT platform from Wymsical Inc. WAULT provides secure and verifiable data exchange between users and companies involved in business transactions without compromising privacy or data control.

Wordpress with Windows Server 2016.png

WordPress with Windows Server 2016: This image from Skylark Cloud includes WordPress and Windows Server 2016. WordPress is a free and open-source content management system used for websites, blogs, and applications.

Wordpress with Windows Server 2019.png

WordPress with Windows Server 2019: This image from Skylark Cloud includes WordPress and Windows Server 2019. WordPress is a free and open-source content management system used for websites, blogs, and applications.

Consulting services

Application Modernization Using Containers-4wk Imp.png

Application Modernization Using Containers- 4wk Imp: Hexaware will use its Amaze cloud modernization service to replatform your monolithic application to containerized macroservices or microservices with reduced total cost of ownership. Hexaware’s offering supports Java and .Net applications.

AZ-900 Microsoft Azure Fundamentals- 2-Day Workshop.png

AZ-900 Microsoft Azure Fundamentals: 2-Day Workshop: This workshop from Qualitia Energy is suitable for IT personnel who are just beginning to work with Microsoft Azure. Attendees will get hands-on experience to prepare for Exam AZ-900: Microsoft Azure Fundamentals.

Azure Episerver Rapid Deploy- 2-Wk Implementation.png

Azure Episerver Rapid Deploy: 2-Wk Implementation: Kin + Carta’s consultants will work alongside your internal team to rapidly launch and configure your Microsoft Azure environment and deploy Episerver so you can benefit from enhanced agility, elastic scale, and ease of management.

Azure Infrastructure Migration- 2-week Assessment.png

Azure Infrastructure Migration: 2-week Assessment: Let Wintellect work with you to migrate your on-premises applications, servers, and databases to Microsoft Azure. In this engagement, Wintellect will review your environment and estimate migration costs.

Azure Innovation Design Think- 2-day workshop.png

Azure Innovation Design Think: 2-day workshop: In this workshop, Dimension Data’s team will identify key opportunities to drive revenue, improve customer retention, and gain competitive business insight through analytics on Microsoft Azure.

Azure Migration Consultant - 4 Week Implementation.png

Azure Migration Consultant – 4 Week Implementation: Inde will use a practical approach based on the Microsoft Cloud Adoption Framework for Azure to discover your requirements, create a safe landing zone, and move your workload to Azure.

Azure Transition Framework- 1 day workshop.png

Azure Transition Framework: 1 day workshop: Moving to Microsoft Azure requires a clear strategic route. In this workshop, Solvinity B.V. will map out that route with its cloud transition framework. This offer is available only in Dutch.

Citrix on Azure- 3-Day Readiness Assessment.png

Citrix on Azure: 3-Day Readiness Assessment: Are you ready to take advantage of Microsoft Azure for Citrix workloads? Third Octet’s assessment will evaluate your Citrix digital workspace strategy and present you with a high-level summary of findings, cost estimations, and guidelines for the transformation ahead.

Cloud Data Warehouse- Free 1 Day Workshop.png

Cloud Data Warehouse: Free 1 Day Workshop: A key element of any data strategy on Microsoft Azure is a modern data warehouse. This workshop from Agile Solutions will consider your business requirements and infrastructure, charting a clear path to migrate or rebuild your data warehouse on Azure.

Cloud Security Assessment- Two Week Assessment.png

Cloud Security Assessment: Two Week Assessment: In this assessment, Logicalis will examine your company’s Microsoft Azure environment, comparing it against best practices for security, performance, agility, scale, and cost. Logicalis will then offer prioritized remediation steps.

CloudServicesLogo512x512.png

Cloud-native 5-Wk App Modernization Implementation: In this implementation, Cloud Services LLC will help chief information officers and chief technology officers modernize their business’s legacy applications by migrating them to Microsoft Azure.

Code First in Azure- 3-Week Proof of Concept.png

Code First in Azure: 3-Week Proof of Concept: Tallan’s offer is designed to help organizations accelerate a technology decision for new application development projects built on Microsoft Azure, and it caters to organizations that need to deliver apps and services in a short time frame.

Data & AI- 4 Week Proof-of-Concept.png

Data & AI: 4 Week Proof-of-Concept: Optimus Information will use the Microsoft Cloud Adoption Framework for Azure to jump-start your data and AI journey. Optimus Information will build data pipelines and analytics pipelines for use with Azure, along with reports or dashboards using Microsoft Power BI.

Data Strategy on Azure- 4 week Implementation.png

Data Strategy on Azure: 4 week Implementation: In this engagement, Agile Solutions will review your strategic vision, underlying data availability, architecture, and data management maturity to help you align your data strategy to your business needs.

Data Strategy- 2 Week Assessment.png

Data Strategy: 2 Week Assessment: Tallan will assess your organization’s data strategy to modernize your data management landscape. Tallan’s experts will provide recommendations for Microsoft Azure and will discuss Azure readiness.

SAP Cloud Readiness 10-Day Assessment.png E2E Managed Network Solutions: Tech Mahindra’s E2E managed services provide a transformation model and approach with key Azure technologies, including IaaS and networking, to help users easily enable services in a hybrid, multi-vendor environment.
Endpoint Manager Workshop.png Endpoint Manager Workshop: This workshop from Move AS will teach you how to deploy and implement Microsoft Endpoint Manager in your environment. Endpoint Manager combines several Microsoft services, including Intune, Desktop Analytics, and Windows Autopilot, to keep data secure.
Free 1 Day Supplier 360 Workshop- Contact Us Offer.png

Free 1 Day Supplier 360 Workshop- Contact Us Offer: In this workshop, Agile Solutions will identify business use cases, infrastructure requirements, Microsoft Azure architecture, and delivery structure for a fully customized Supplier 360 data management solution.

Free 8 hours Cloud One Day Workshop.png

Free 8 hours Cloud One Day Workshop: On behalf of Zenith & Company, CLOUDZEN will deliver a free workshop for organizations interested in migrating to Microsoft Azure and needing to make a formal case to senior management. The workshop will present a roadmap to Azure through an understanding of its architecture.

GDPR Compliant Cloud Solutions.png GDPR Compliant Cloud Solutions: Learn about GDPR compliance and how to attain it in this workshop from Move AS. The workshop is a good foundation for implementing Microsoft Azure Information Protection and data loss prevention.
Knowledge Mining- 2-Month Proof of Concept.png

Knowledge Mining: 2-Month Proof of Concept: Companies hold large amounts of data, yet much of it isn’t easily searchable or stored in a structured way. Predica’s proof of concept will use Microsoft Azure AI speech, vision, and language services to transform your company’s raw, unstructured information into searchable content.

Manufacturing IoT- 3-Week Proof of Concept (PoC).png

Manufacturing IoT: 3-Week Proof of Concept (PoC): CloudPro APS’ Microsoft Azure IoT Hub experts will help you plan for an implementation of Azure IoT to gain production insights. The solution will span calibrated telemetry sensors, endpoint devices like mobile phones, and web-based dashboards.

Master Data Management- Free 1 Day Workshop.png

Master Data Management: Free 1 Day Workshop: This workshop from Agile Solutions will identify business use cases, infrastructure requirements, Microsoft Azure architecture, and delivery structure for a master data management solution that utilizes Azure Storage and Azure SQL Database.

Migrate Dynamics GP to Azure - 2 Hour Briefing.png

Migrate Dynamics GP to Azure – 2 Hour Briefing: In this briefing, Incremental Group will discuss the process of migrating your on-premises Microsoft Dynamics GP system to Microsoft Azure. Incremental Group’s cloud experts will address any questions you have.

Migration Service- 4-Wk Implementation.png

Migration Service: 4-Wk Implementation: With information from Microsoft Azure Service Map, which groups applications by risk and complexity, Logicalis will migrate your environment to Azure. Environments will be migrated on an application, database, server, or workload basis, depending on the requirements gathered.

Network Transformation Strategy- 4-Wk Assessment.png

Network Transformation Strategy: 4-Wk Assessment: In this assessment, Tech Mahindra will evaluate the customer’s virtual or physical infrastructure, determine the customer’s challenges and desired future state, and identify potential solution strategies to meet the customer’s growth objectives.

Oakwood Cloud Ascent Suite- 4-Week Assessment.png

Oakwood Cloud Ascent Suite: 4-Week Assessment: Oakwood will use its Cloud Ascent Suite to evaluate your use of Microsoft Azure services with the goal of discovering optimization and cost-saving opportunities. Cloud Ascent Suite accelerates Azure migrations by providing in-depth planning and robust price comparison tools.

SAP Cloud Readiness 10-Day Assessment.png

SAP Cloud Readiness 10-Day Assessment: Tech Mahindra will analyze the customer’s SAP environment and assess its cloud readiness. Tech Mahindra aims to eliminate any surprises about product compatibility or migration strategy that may surface when a customer embarks on a cloud transformation journey.

SAP on Azure - 2 weeks Assessment.png

SAP on Azure – 2 weeks Assessment: In this engagement, Span d.o.o. will conduct a comprehensive assessment of your SAP landscape and provide recommendations for system architecture that will result in a modernized and cost-optimized environment on Microsoft Azure.

SAP on Azure Landscape Review Workshop- 1 Day.png

SAP on Azure Landscape Review Workshop: 1 Day: This workshop from Dimension Data will guide technology managers and executives through approaches for migrating their SAP estate to Microsoft Azure. The workshop will consider potential pitfalls and conduct a landscape review to establish a business case for migration.

Velocity Discovery Workshop Standard - 4 Hours.png

Velocity Discovery Workshop Standard – 4 Hours: Sol-Tec’s workshop will help you understand the different offerings of Microsoft Azure and how Azure can support and transform your business. You’ll leave prepared for your cloud journey, with clear steps to follow.

Velocity Landing Zone - 2 Hour Evaluation Workshop.png

Velocity Landing Zone – 2 Hour Evaluation Workshop: In this free consultation, Sol-Tec’s Microsoft Azure architects and delivery consultants will help you understand how Sol-Tec can design and deploy your Azure landing zone.

Virtual Workplace- 2-Days Implementation.png

Virtual Workplace: 2-Days Implementation: Experts from Matrix3D will move your IT infrastructure to Microsoft Azure with a practical approach designed for small businesses. Enable your employees to collaborate regardless of their work location.

Windows Autopilot.png Windows Autopilot: In this engagement, Move AS will deliver a proof of concept of Windows Autopilot, a Microsoft product used to set up and pre-configure new devices. Move AS will map the technical components within Windows AutoPilot, configure a Windows AutoPilot profile, and give a brief demo.
Your Clean Code MVP- 10-week implementation.png

Your Clean Code MVP: 10-week implementation: Through an architecture workshop and the principles of clean code development, generic.de will use your product vision to create a sustainable prototype on Microsoft Azure. This offer is available only in German.

Built-in vulnerability assessment for VMs in Azure Security Center

Built-in vulnerability assessment for VMs in Azure Security Center

This article is contributed. See the original author and article here.

What is the built-in vulnerability assessment tool in Azure Security Center?

If you’re using Security Center’s standard tier for VMs, you can quickly deploy a vulnerability assessment solution powered by Qualys with no additional configuration or extra costs.

 

asc-va-options.png

 

Qualys’s scanner is the leading tool for identifying vulnerabilities in your Azure virtual machines. Once this integration is enabled, Qualys continually assesses all the installed applications on a virtual machine to find vulnerabilities and presents its findings in the Security Center console. This offering is available to all commercial Azure customers that have enabled Azure Security Center standard pricing tier for VMs. In this post, I will focus on vulnerability scanning of virtual machines, although standard tier also offers scanning for both containers and container registries – learn more here.

 

How does the integration work?

Our integrated vulnerability scanner is based on 5 different stages: from discovery to findings.

 

asc-va-integration.png

 

[1] Discovery – To make this integration work, a policy named “vulnerability assessment should be enabled on virtual machines” which is part of the “ASC default” initiative must be enabled. Upon Azure Policy evaluation, we get the compliance data to identify potential and supported virtual machines which don’t have a vulnerability assessment solution deployed. Based on the result, we propagate the data into the recommendation so you can see all relevant virtual machines. Based on compliance data, we categorize the virtual machines as one of the following:

  • “healthy” – VMs that have the extension installed and report data.
  • “unhealthy” – VMs which could support the extension, but which currently don’t have it.
  • “not applicable” – Where the OS type/image is not supported (for example, a virtual machine running Network Virtual Appliance (NVA), Databricks/AKS instances or Classic VMs).

 

[2] Deployment – This is the step where you can enable the integrated ASC vulnerability scanner by deploying the extension on your selected virtual machine/s either by using ASC console and quick fix button, or by using an automated method (see a reference below for deployment at scale).

Prerequisites for deploying the extension:

  1. Running VM with a supported operating system version as mentioned here.
  2. Azure VM agent installed and in healthy state.
  3. Log Analytics agent installed (formerly known as the Microsoft Monitoring Agent).
  4. To install using the quick fix option, you’ll need write permissions for any VM on which you want to deploy the extension. Like any other extension, this one runs on top of the Azure Virtual Machine agent.

Once all prerequisites are met, you should use our newly and consolidated recommendation “A vulnerability assessment solution should be enabled on your virtual machines”. In this recommendation, you can choose to deploy ASC integrated vulnerability scanner or 3rd party scanner (BYOL).

 

asc-va-recommendation.png

 

This recommendation installs the extension on unhealthy machines. Review the heathy and not applicable lists too.

 

asc-va-recommendation-list.png

 

Once the extension is deployed, you can see if it exists, by navigating to the VM page of the Azure portal, and selecting “extensions”:

  • On Windows, the extension is called “WindowsAgent.AzureSecurityCenter” and the provider name is “Qualys”
  • On Linux, the extension is called LinuxAgent.AzureSecurityCenter and the provider name is “Qualys”

asc-va-extension.png

 

Like the Log Analytics agent itself and all other Azure extensions, minor updates of the vulnerability scanner may automatically happen in the background; the VA agent is self-healing and self-updating to counter common issues. All agents and extensions are tested extensively before being automatically deployed. On a virtual machine (on Windows for example), you will see a process QualysAgent.exe and service “Qualys Cloud Agent” running:

 

asc-va-agent.png

 

When deploying a vulnerability assessment solution, Security Center previously performed a validation check before deploying. The check was to confirm a marketplace SKU of the destination virtual machine.
Recently, the check was removed and you can now deploy vulnerability assessment tools to ‘custom’ Windows and Linux machines. Custom images are ones that you’ve modified from the marketplace defaults.

 

[3] Scan – The gathered data collected by the agent includes many things for the baseline snapshot like network posture, operating system version, open ports, installed software, registry info, what patches are installed, environment variables, and metadata associated with files. The agent stores a snapshot on the agent host to quickly determine differences to the host metadata it collects. Such scans occur every 4 hours and are performed per VM, where artifacts are collected and sent for analysis to the Qualys Cloud service in the defined region. For virtual machines created within European regions, the gathered information is sent securely to Qualys Cloud Service in the Netherlands. For all non-EU resources, data is sent for processing in the Qualys Cloud Service in the US.

The sent artifacts are considered as metadata and the same as the ones collected by Qualys’ standalone cloud agent – Microsoft doesn’t share customer details or any sensitive data with Qualys.

 

[4] Analysis – Qualys analyzes the metadata, registry keys, and other information and builds the findings per VM. Findings are sent to Azure Security Center matching customer’s ID and are removed from the Qualys Cloud.

 

[5] Findings – You can monitor vulnerabilities on your virtual machines as discovered by the ASC vulnerability scanner using a recommendation named “Vulnerabilities in virtual machines should be remediated” found under the recommendations list. This recommendation is divided to the affected resources and security checks (also known as nested recommendations or sub-assessments).

 

asc-va-findings.png

 

On the affected resources section, you will find virtual machines categorized as unhealthy, healthy, and not applicable. The section named “Security Checks” shows the vulnerabilities found on the unhealthy resource. Findings are categorized by severity (high, medium, and low). Below, you can see the matching between ASC severity on the left and Qualys’ severities on the right:

 

asc-va-severities.png

 

If you are looking for a specific vulnerability, you can use the search field to filter the items based on ID or security check title. Selecting a security check, will open a window containing the vulnerability name, description, the impact on your resources, severity, if this could be resolved by applying patch, the CVSS base score (when the highest is the most severe one), relevant CVEs. Then, you will also find the threat, remediation steps, additional references (if applicable) and the affected resource. Once you remediate the vulnerability on the affected resource, it will be removed from the recommendation page.

 

Deployment at scale

If you have large number of virtual machines and would like to automate deployment at scale of the ASC integrated scanner, we’ve got you covered! There are several ways to accomplish such deployment based on your business requirements. Some customers prefer to automate deployment by executing an ARM template, others prefer automation using Azure Automation or Azure Logic Apps and others by using Azure Policy for both automation and compliance. For all these scenarios and even beyond, we encourage you to visit our ASC GitHub community repository. There, you can find scripts, automations and other useful resources you can leverage throughout your ASC deployment. Some of the methods will deploy the extension on new machines, others cover existing ones as well. There are other scenarios where customers prefer to make API calls to trigger an installation. This is also possible by executing a PUT call to one of our REST APIs, passing the resource ID to the URL. You can also decide to combine multiple approaches.

  • ARM Deployment – This method is available on the “view recommendation logic” if you decide to remediate unhealthy resources using Azure portal. The automatic recommendation script content includes the relevant ARM template you can leverage for your automation.
  • DeployIfNotExists policy definition – We recently added a custom Azure Policy definition which can easily be deployed into your Azure environment and assigned at the relevant scope (resource group/subscription/management group).
  • PowerShell Script – This script can be used to deploy the extension for all unhealthy virtual machines and can be automated using Azure Automation for installation on new resources. The script finds all unhealthy machines discovered by the recommendation and executes an ARM call as mentioned in the first bullet.
  • Azure Logic Apps – This sample leverages another functionality available as part of Security Center’s standard tier: workflow automation. Once a new security recommendation is generated for a resource, a trigger calls a Logic App to install the agent.
  • REST API – Calling an API for agent deployment is available as well. Perform a PUT request for the following URL by adding the relevant resource ID: 
    https://management.azure.com/resourceId/providers/Microsoft.Security/serverVulnerabilityAssessments/default?api-Version=2015-06-01-preview​

Troubleshooting

Below you will find a checklist for your initial troubleshooting if you experience issues related to the ASC vulnerability scanner:

  • Are you running a supported OS version? Use the following list to quickly identify if your VMs are running a supported operating system version.
  • Is the extension successfully deployed? Monitor VA extension health across subscriptions using Azure Resource Graph (ARG). ARG becomes handy if you want to validate the extension status across subscriptions is heathy for both Linux and Windows machines. Use the following query:

 

where type == "microsoft.compute/virtualmachines/extensions"
| where name matches regex "AzureSecurityCenter"
| extend ExtensionStatus = tostring(properties.provisioningState), 
        ExtensionVersion = properties.typeHandlerVersion,
        ResourceId = id, 
        ExtensionName = name, 
        Region = location, 
        ResourceGroup = resourceGroup
| project ResourceId, ExtensionName, Region, ResourceGroup, ExtensionStatus, ExtensionVersion

 

asc-va-extension-status.png

 

              Results can be exported into CSV or used to build an Azure Monitor workbook.

  • Is the service running? On Windows VMs, make sure “Qualys Cloud Agent” is running. On Linux, run the command sudo service qualys-cloud-agent
  • Unable to communicate with Qualys? To communicate with the Qualys Cloud, the agent host should reach the service platform over HTTPS port 443 for the following IP addresses:
    • 64.39.104.113
    • 154.59.121.74

Check network access and ensure to accept the platform URL listed.

  • Looking for logs? Both agent and extension logs can be used during troubleshooting. However, Windows and Linux logs can be found in different places. Here are the paths:

Windows:

  • Qualys extension:
    • C:Qualys.WindowsAgent.AzureSecurityCenter
    • C:WindowsAzureLogsPluginsQualys.WindowsAgent.AzureSecurityCenter
  • Qualys agent:
    • %ProgramData%QualysQualysAgent

Linux:

  • Qualys extension:
    • /var/log/azure/Qualys.LinuxAgent.AzureSecurityCenter
  • Qualys agent:
    • /var/log/qualys/qualys-cloud-agent.log

 

Advanced scenarios

Qualys assessment and sub-assessments (security checks) are stored and available for query in Azure Resource Graph (ARG) as well as through the API. A great example for that is available in this blog post. Moreover, you can also build and customize your own dashboards using Azure Monitor workbooks and create such dashboard for more insights. You can easily deploy a Qualys dashboard leveraging ARG queries and workbooks which is available . Soon, you will be able to use Continuous Export feature to send nested recommendations for Qualys into Event Hub or Log Analytics workspaces.

 

On the roadmap

  • Availability for non-Azure virtual machines
  • Support for proxy configuration
  • Filtering vulnerability assessment findings by different criteria (e.g. exclude all low severity findings / exclude non-patchable findings / excluded by CVE / and more)
  • More items are work in progress.

 

Frequently asked questions

Question: Does the built-in integration support both Azure VMs and non-Azure VMs?
Answer: Our current integration only supports Azure VMs. As mentioned in the roadmap section, we do have plans to support non-Azure virtual machines in the future.

 

Question: Does the built-in vulnerability assessment as part of standard pricing tier also integrate into the Qualys Dashboard offering?
Answer: Vulnerability assessments performed by our built-in integration is only available through Azure portal and Azure Resource Graph.

 

Question: Is it possible to initiate a manual/on-demand scan?
Answer: Scan on Demand is a single use execution that is initiated manually on the VM itself, using locally or remotely executed scripts or GPO, or from software distribution tools at the end of a patch deployment job. To do so, the following command will trigger an on-demand metadata sync:

 

REG ADD HKLMSOFTWAREQualysQualysAgentScanOnDemandVulnerability /v "ScanOnDemand" /t REG_DWORD /d "1" /f

 

 

Question: I purchased a separate Qualys/Rapid 7 license, which recommendation should I use?

Answer: We provide additional method for customers who have purchased VA scanner separately and do not use the integrated solution. To enable 3rd-party integration, use “A vulnerability assessment solution should be enabled on your virtual machines” – this recommendation appears for both standard and free tiers. Then, select “Configure a new third-party vulnerability scanner (BYOL – requires a separate license)”. For this kind of integration, you’ll need to purchase a license for your chosen solution separately. Supported solutions report vulnerability data to the partner’s management platform. In turn, that platform provides vulnerability and health monitoring data back to Security Center.

 

Question: Can I combine two Qualys installation approaches so that the same VM has both the integrated scanner and the BYOL agent installed?

Answer: No, this is not supported. You can’t combine additional deployment approaches of VA while using the built-in VA capabilities provided by ASC.

 

In the next blog posts, we will discuss on how you can leverage integration for container and container registry images. Stay tuned!

 

 

Reviewers:

  • Melvyn Mildiner – Senior Content Developer
  • Ben Kliger – Senior PM Manager
  • Aviv Mor – Senior Program Manager
  • Nomi Gorovoy – Software Engineer