Sunday, 26 June 2022

Microsoft Sentinel - Introduction

Overview: Microsoft Sentinel is Microsoft's cloud hosted SIEM solution.  It can take data from Azure, on-prem., and other cloud infrastructure such as AWS.  Sentinel gathers data from various sources, and evaluates to generate alerts.  

SIEM allows software products and services to bring security information/events into a management tool to provide real-time analysis of security from all applications and networks across the enterprise.  SIEM stands for security, information, and event management.  Other SIEM products are: SolarWinds security and monitoring (great product), McAfee ESM, Rapid7, Splunk, and Datadog.  There on installable and SaaS solutions but I prefer SaaS solution like Microsoft Sentinel.  AWS and Google also provide SIEM services.

Microsoft Sentinel (previously called Azure Sentinel) is cloud-native and collects SIEM data from systems, applications and networking to provide an overview of the organizations security alerts, and allows identification for remediation.  It accepts several common formats for capturing events and offers a REST - API.  Sentinel also has a ton of native connectors.

"Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution." Microsoft Docs

Monday, 13 June 2022

Simple Password protection got GTM - Starting Page

Overview:  I am use the AuthPro service to check a user has a code to access the website.  This is useful for Go to Market (GTM) where you only want a subset of customers to work on your software.  Think of a beta where a user can sign up, you give people with an NDA a code to be able to go thru the sign-up process.

Simple solution:  

To get to the sign-up/register page, use an external service e.g. AuthPro to manage a passcode.  AuthPro injects JS and allows the admin to configure the behavior.  It was pretty simple to setup so only specified users could go thru our sign up process.

Demo:  This page allows the user to login, if, successful the user can proceed and use the website.

Type in the username "password" and the password "password" for access to the hidden page.  

Another Option: Imperva has a lot of features including "Login protection" that can easily achieve the same outcome.



Sunday, 5 June 2022

NIST/RMF - Cyber risk control

Overview: NIST National Institute of Standards and Technology - Provides Risk Management Framework (RMF) - Is a framework to reduces security risk to systems and data.


Goals of NIST RMF:
  • Consistent and cost effective set of security controls
  • Repeatable assessment approach
  • Technology neutral
  • Implement an efficient risk-based security and privacy program.

Notes:

  • Each of these six steps have Special Publications (SP) that are applicable to the area.
  • The core document to for RMF is NIST SP 800-37 Revision 2. 
  • Used to identify security/pricacy risks at both the operation and system level