Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Security

Microsoft Announces New Project VAST Security Visualization Tool

With a little help from Power Bi and Azure Log Analytics, Microsoft’s new Project VAST promises to make it easier to identify important security events. At the end of March, Microsoft unveiled Project VAST or the Visual Auditing Security Tool (VAST). VAST takes different SIEM products that aggregate security logs by providing rich interactive data visualization so that organizations can get a better idea of security vulnerabilities. VAST also works alongside existing security solutions, including Advanced Threat Analytics.

 

 

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

In a recent blog post, Microsoft states that many of its customers struggle withsecurity-relatedd activities, such as:

  • removing deprecated protocols
  • securing LDAP traffic
  • controlling service accounts
  • enforcing compliant use of Privileged Access Workstations (PAWs)
  • safeguarding privileged accounts
  • understanding authentication patterns

Project VAST visualizes big data, like aggregated log sets that contain a lot of useful information but that are difficult to effectively make use of. VAST works be capturing domain controller events and aggregating the results using Azure Log Analytics. A new query language (Kusto Query) is then used to find relevant event data in Azure and transfer the information to Power BI. Once in Power BI, the data is displayed visually to help security administrators make intelligence-driven decisions in near real-time.

With the help of Kusto, VAST pinpoints exactly the data which is needed for VAST’s detections and key performance indicators (KPIs). Kusto is borrowed from the Azure AppInsights team and promises to significantly improve Azure Log Analytics, allowing large datasets to be queried faster and making it easier for engineers to construct queries.

The data in Power BI is separated into tabs, each one representing a vulnerability. The GUI is designed to help organizations discover vulnerabilities and then take specific actions to resolve them. The screenshot below shows how the NTLM authentication protocol is being used in the organization. NTML is a deprecated protocol. The dashboard shows how NTLM traffic flows between clients and servers, and filters can be used to further understand how NTLM is being used. With this information, Microsoft hopes that customers will be able to move towards disabling deprecated protocols like NTLM. Until now, the worry has been that disabling deprecated features could break something. But with VAST, it should be easier for organizations to take concrete steps to improve the security posture.

 

Microsoft Project VAST security visualization tool (Image Credit: Microsoft)
Microsoft Project VAST Security Visualization Tool (Image Credit: Microsoft)

At the moment, VAST is only available in preview form for Microsoft Premier Customers. But hopefully, VAST will be made more widely available in the coming months as Microsoft shares more information. I think it’s likely that Microsoft will turn VAST into a subscription-based Azure service once the technology has been proven.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By