AnnouncementDetectInformation ProtectionModern WorkplaceProtectRespondSecurityThreat Detection

Release Announcement: Onboarding Accelerator – Implementing Visual Auditing Security Tool, August 2018

We are happy to announce the release of Onboarding Accelerator – Implementing Visual Auditing Security Tool.

Description

Visual Auditing Security Tool (VAST) is a cloud-based PowerBI dashboard solution that provides security professionals visibility about the many of the most common types of security weaknesses in an IT environment. It also provides specific, actionable KPI-based metrics to measure your organization’s effectiveness in mitigating well-established, known attack playbooks.

Many organizations aggregate log data into query-able aggregation stores such as SIEMs. Even so, experience shows combing through log files in an effort to correlate security events is a time-consuming activity from which you can draw limited conclusions and take limited action. VAST leverages powerful, relatively-new Microsoft technologies – chiefly, Azure Log Analytics and Power BI – to present your organization with a rich, visual representation of its security data in a single-pane-of-glass interface. VAST can work alongside your existing solutions – and it adds a dimension to your data that many enterprise SIEMs presently don’t: interactive data visualization. This gives decision-makers the data they need to make actionable, data-centric decisions.

Onboarding Accelerator – Implementing Visual Auditing Security Tool is a 5-Day Engagement and delivered by a Microsoft Premier Field Engineer (PFE).



The list of security data that VAST can visually represent is expanding. At present, VAST visualizations include:

  • Insecure LDAP (unsigned, unencrypted) calls going against the domain controllers. Quickly identify the source and destination of the traffic.
  • Deprecated protocol and cipher usage (NTLM, wDigest, DES, RC4, SMB1, etc.) in the environment. Rich visual display represents verbose logging information.
  • All logons and authentications going against domain controllers in the environment. At a glance, understand which accounts authenticate to which computers and whether the logons are safe or insecure. Measure compliance with security best practices to lower the risk of credential theft. Understand the use of the service accounts.
  • Measure the deployment and effectiveness of tools like the Local Administrator Password Solution (LAPS) and audit its usage in the environment.
  • Monitor the organization’s compliance with security best practices, such as the Microsoft Security Privilege Access (SPA) roadmap (https://aka.ms/privsec)

We are always listening to Uservoice. Please continue to submit feedback.