This article is contributed. See the original author and article here.
CISA has released three (3) Industrial Control Systems (ICS) advisories on 08 December 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations:
This article is contributed. See the original author and article here.
In the modern era, organizations need to comply with several international, federal, or local regulatory obligations. Microsoft Purview Compliance Manager contains a library of 350+ regulations designed to help you reduce the time it takes to get compliant, stay compliant, and scale your company’s compliance. Today, we are excited to announce the following changes to your premium templates:
What you need to know:
Reduced pricing
Research suggests that organizations need to comply with 5-10 regulations on average. At Microsoft, we strive to empower every organization to achieve more, and that means giving you access to the greatest number of templates at the most affordable price. Starting today, customers across all segments can purchase our premium templates at an all-time low price of $6,000 per year or just $500 per month!
Figure 1: New price for Compliance Manager Add-On
Grouped regulations
Some regulations have different maturity levels. Starting today, regulations under this category are considered part of the same “family” and will count as a single premium template. The examples below showcase what is and what is not grouped together as part of this change.
Grouped: Payment Card Industry Data Security Standard (PCI-DSS) version 3 and version 4 are all versions of the same standard and will count as a single template.
Not Grouped: NIST 800-53 and NIST 800-171 are different standards, and therefore count as different templates
Figure 2: Example of grouped templates (ie: Australia – ASD Essential 8)
Benefits for E5 customers
Prior to today, you were entitled to the following regulations: ISO27001, NIST 800-53, and GDPR as part of your E5 services. Starting today, we are no longer prescribing these regulations. You can now choose up to any 3 premium templates from the library of supported regulations and select the ones that fit your specific needs.
Figure 3: E5 customers can choose their first 3 premium templates for free
*Note: Customers on E1, E3, and other license types will have to purchase these at $6,000 per unit.
Get started today!
We are committed to helping organizations do more with less by delivering capabilities that make the end-to-end compliance experience more efficient and affordable. Get started with Compliance Manager through the Microsoft Purview portal today!
Have any questions? Visit our Technical Documentation for the latest information.
This article is contributed. See the original author and article here.
Greetings to our lovely NTA non-profits. This article will help you uncover some pretty cool features within Microsoft Teams that can help take your meetings to the next level.
This first awesome feature was created for accessibility purposes as well as making your designated note taker’s job 100% easier. The automatic transcribing feature is perfect for someone who may have missed the meeting and wants to later go back to the meeting recap in the chat to read everything that was discussed or for someone who needs to read captions in real time due to, for example, a hearing impairment or language barrier.
This visual aid appears along the right-side of the meeting screen and is labeled by the speaker’s name as well as the time spoken. Check out the link in the photo caption below to learn how to enable live transcription.
Photo Cred and more info: View live transcription in a Teams meeting – Microsoft Support
As someone who experiences presenter’s anxiety, this next feature is something I personally find very helpful. Speaker Coach provides live feedback on your presentation that is only visible to you. You will be able to gain insight on things such as the pace you are speaking, potentially insensitive wording and phrases, too many filler words, or if you are simply reading only the text from your presentation slide.
At the end of your meeting, Speaker Coach will generate a report to conclude all of these insights and present suggestions that can help improve future presentations. Check out the link in the photo caption below to learn how to enable Speaker Coach.
Photo Cred and more info: Preview: Speaker Coach in a Teams meeting – Microsoft Support
Last but not least of our highlights is a fun feature called Together Mode. Together mode allows you and your organization to virtually appear as if you are together in one room instead of individual call cells. This feature will encourage members of your organization to turn on their cameras in order to engage with one another and have a more interactive discussion. Together mode is best suited for verbal meetings that don’t require visuals, presentations or screen sharing. To access Together Mode, start a meeting and select View in the top menu bar. Select together mode from the menu.
Photo Cred and more info : Custom Together Mode Scenes – Teams | Microsoft Learn
These are just 3 of the cool features in Microsoft Teams that you can use to maximize your organization’s meeting experience. Be sure to look for more in future articles, Non-profits, and thank you for allowing us to serve you and in turn help better serve our communities!
This article is contributed. See the original author and article here.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.
This article is contributed. See the original author and article here.
Scientific computing has long relied on HPC systems to accelerate scientific discovery. What constitutes an HPC system has continued to evolve. Access to computing keeps getting democratized and HPC is no longer limited to multi-billion dollar government laboratories and industries who can afford the infrastructure. Anyone with access to the Internet can now easily leverage the ubiquitous cloud for their computing task du jour! Azure natively supports HPC by providing hardware suitable for high performance computing needs together with software infrastructure to make it easy to harness these resources. In this post, we focus on one such Azure infrastructure component, Azure Batch, and see how we can be used to support a common use-case: data browser with interactive 3D visualization support.
Recently, a customer came to us with an interesting use-case. They wanted to provide their users with an interactive data browser. The datasets are HPC simulation and analysis results which can easily be several gigabytes in size. They wanted to present their users with a web app where users can browse the datasets and then select any of the datasets to interactively visualize it with some canned visualizations.
Variations of this use-case are a very common request in the scientific computing world so let’s generalize (and perhaps simplify) the problem. We want to develop the following web application:
A few things to qualify the problem and help guide our design choices.
These requirements help us make the following design choices:
One of the first steps when dealing with cloud computing is deploying the resources necessary on the Cloud. Infrastructure as Code (IaC) refers to the ability of deploying the resources needed and configuring them programmatically. As we go about building our HPC environment in the Azure Cloud, there are many ways to do it. We can use the Azure Portal to setup the system interactively. We can use Azure CLI to script the setup. We can also use domain-specific languages like Terraform or Bicep to define and deploy the infrastructure. For this post, we use Bicep which is a language for declaratively defining the Azure resources. For deploying the Bicep specifications and for other operations like populating datasets, we use Azure CLI.
All the resources needed for this demo can be deployed using the bicep code available in this Github repository. The readme goes over the prerequisites and the detailed steps to deploy all necessary resources. The project includes several different applications. The demo we cover this post is referred to as trame. Ensure you pass enableTrame=true to the `az deployment sub create ….` command to deploy the web application.
Once the deployment is successful, follow the steps described here to upload datasets to the storage account deployed. Finally, you should be able to browse to the URL specific to your deployed web app and start visualizing your datasets! Here’s a short video of the demo in action:
Let’s dive into the details on how this is put together. Of course, there’s no one way to do this. Discussing the details of the resources and their configuration should help anyone trying to adapt a similar solution for their specific requirements.
Here’s a schematic of the main Azure resources deployed in this demo.
App Service: This the Azure resource that hosts our main web application. As described in the initial sections, we want our web app to let the user browse datasets and then visualize them. Thus, the web application has two major roles: list datasets, and start/stop visualization jobs. For first role, the web app needs to talk with the storage account on which all the datasets are stored to get the list of available datasets. For the second, the web app needs to communicate with the Batch service to submit jobs/stop jobs etc. In this demo, we decided to write this web app using node.js. The source code is available here. The app uses Azure JavaScript SDK to communicate with the storage account and batch service. The web app also has another role that is a little less obvious: it acts as communication proxy to communicate with the visualization web servers running on the compute nodes in the batch pool. This will become clear when we discuss the Batch resource.
Batch: This is the Azure Batch resource that orchestrates the compute node pools, job submission, etc. Batch takes care of managing all the compute nodes that are available for handling all the visualization requests. When the user “clicks” on a dataset, the web app uses Azure Batch JavaScript API to communicate with the Batch service and request it to start a job to visualize the corresponding dataset. Batch takes care on mounting the storage account on all compute nodes in the pool when they are initialized thus any process running on the compute nodes can access the datasets. The visualization job, in our case, is a simple Python application that uses ParaView/trame APIs to visualize the data. The application, named vizer, is available in this Github repository. When launched with a dataset filename passed on the command line, vizer starts up a Python web-server that one can connect to access the visualization. vizer is running on one of the compute nodes in the pool. The compute nodes in the pool are not accessible from the outside network. Thus, there’s no direct way for the user to connect to this internal visualization web-server. This is why we need the web app deployed in our outward facing app service to also act as a proxy. When a visualization web-server is ready, the main web app creates a iframe that proxies to this internal visualization web-server thus making the visualization accessible by the user. Since trame uses websockets, we need to ensure that this proxy supports websocket proxying as well. Luckily, node.js makes this very easy for us. Look at the web app source code for details on ho this can be done. For simplicity, the demo doesn’t add any additional authorization for the proxying. For production, one should consider adding authorization logic to avoid any random user from accessing any other users visualization results.
Container Registry: Azure Container Registry is used to store container images. In this demo, we containerize both the main web app and the visualization application, vizer. It’s not necessary to use containers, of course. Both App Service and Batch can work without containers, if needed. Containers just make it easier to setup the runtime environments for our demo.
Key Vault: Key Vault is generally used to store secrets and other private information. In this demo, we need the Key Vault for the Batch resource. Batch uses the Key Vault to store certificates etc. that is needs for setting up the compute nodes in the pools.
As we can see, it’s fairly straight forward to get a interactive visualization portal setup using Azure and ParaView. For this demo, we tried to keep things simple and yet follow best practices when it comes to public access to resources in the cloud. Of course, for a production deployment one would want to add authentication to the web app, along with autoscaling for batch pool and add smarts for resource cleanup and fault tolerance to the web application, etc. One thing we have not covered in this post is how to use Azure’s HPC SKUs and ParaView’s distributed rendering capabilities and GPUs for processing massive datasets. We will explore that and more in subsequent posts.
Recent Comments