
close
close
With a little help from Power Bi and Azure Log Analytics, Microsoft’s new Project VAST promises to make it easier to identify important security events. At the end of March, Microsoft unveiled Project VAST or the Visual Auditing Security Tool (VAST). VAST takes different SIEM products that aggregate security logs by providing rich interactive data visualization so that organizations can get a better idea of security vulnerabilities. VAST also works alongside existing security solutions, including Advanced Threat Analytics.
advertisment
In a recent blog post, Microsoft states that many of its customers struggle withsecurity-relatedd activities, such as:
Project VAST visualizes big data, like aggregated log sets that contain a lot of useful information but that are difficult to effectively make use of. VAST works be capturing domain controller events and aggregating the results using Azure Log Analytics. A new query language (Kusto Query) is then used to find relevant event data in Azure and transfer the information to Power BI. Once in Power BI, the data is displayed visually to help security administrators make intelligence-driven decisions in near real-time.
advertisment
With the help of Kusto, VAST pinpoints exactly the data which is needed for VAST’s detections and key performance indicators (KPIs). Kusto is borrowed from the Azure AppInsights team and promises to significantly improve Azure Log Analytics, allowing large datasets to be queried faster and making it easier for engineers to construct queries.
The data in Power BI is separated into tabs, each one representing a vulnerability. The GUI is designed to help organizations discover vulnerabilities and then take specific actions to resolve them. The screenshot below shows how the NTLM authentication protocol is being used in the organization. NTML is a deprecated protocol. The dashboard shows how NTLM traffic flows between clients and servers, and filters can be used to further understand how NTLM is being used. With this information, Microsoft hopes that customers will be able to move towards disabling deprecated protocols like NTLM. Until now, the worry has been that disabling deprecated features could break something. But with VAST, it should be easier for organizations to take concrete steps to improve the security posture.
Microsoft Project VAST Security Visualization Tool (Image Credit: Microsoft)
At the moment, VAST is only available in preview form for Microsoft Premier Customers. But hopefully, VAST will be made more widely available in the coming months as Microsoft shares more information. I think it’s likely that Microsoft will turn VAST into a subscription-based Azure service once the technology has been proven.
advertisment
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Security
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
Microsoft's New Security Experts Service Protects Businesses Against Ransomware Attacks
May 9, 2022 | Rabia Noureen
Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms
May 5, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group