This new Azure Sentinel offering from Microsoft looks fantastic. It looks to improve the usual “SEIM” offerings out there. SEIM is an acronym for security information and event manager platform. This product or service can be set up and viewed right with Azure, of course.
The usual [overpriced] “SEIM” tools do not quite have the full Cloud ready set of tools available with Sentinel. Sentinel is, in a nutshell:
“Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources, including users, applications, servers, and devices running on-premises or in any cloud, letting you reason over millions of records in a few seconds. “
Azure Sentinel in full
The services and products available in Azure Marketplace is always growing. It is a very impressive market, with offerings in categories ranging from “Compute” [of course!], to Analytics, Databases and to Security and Identity. In fact, Identity services look very intriguing: “Alert Logic” and “ZScaler” target a relatively new acronym: “BYOL” (Bring your own license). The “ZScaler” service in particular is interesting in that its service can “create fast, secure connections between users and applications, regardless of device, location, or network”. Their connector can be installed within the Azure Cloud instance. “ZScaler” looks to be very useful for both private and hybrid clouds.
This is a very interesting real world read about a large company moving to Microsoft Virtual Desktop Infastructure.
Rakuten Group Secures Sensitive Data with Virtual Desktop Infrastructure
“… Rakuten has turned to Microsoft Windows Server 2016 Remote Desktop Services (RDS). Not only does RDS provide an easy path to integrating heterogeneous systems, but it also provides an additional layer of security so new systems do not compromise Rakuten’s existing corporate infrastructure.”
Read about it here
This is fantastic – onsite data can be VERY, VERY large, or ‘heavy’, depending on how you define it in non technical terms. Moving or migrating from an office [or even a traditional datacenter] to a Cloud service can be daunting, given the amount of data needing to be uploaded to a provider. Uploads through the Internet can conceivably take days or weeks! Enter the “Data Box” or smaller “Data Box Disk” from Microsoft Azure. These secure devices can be ordered from Azure. Once they arrive, simply plug them into your network [or server], then rapidly transfer crazy amounts of data to them before shipping the device back to Azure for upload to your Cloud account.
“Azure Data Box Family
Data migration to Azure made fast, simple, and secure
- Now offering Azure Data Box with 100TB capacity, and Data Box Disk with up to 40TB capacity
- From terabytes to petabytes, choose the device that works for your migration needs
- Both devices keep your data safe and secure with AES encryption
- Order, fill, and return for upload to Azure – all tracked in the familiar Portal”
Full MS Azure “Data Box” details here.
Interesting map of all Azure worldwide regions or locations. They are represented well in most regions of the world.
I really like this way of thinking outside the box! Some of the old, and current, concepts on password complexity, length, history etc. are being revised. There is some new thinking on the matter, based mainly on trends and analytics Microsoft has done via millions of hack attempts on Azure based resources.
New Microsoft recommendations:
- “Maintain an 8-character minimum length requirement (and longer is not necessarily better).
- Eliminate character-composition requirements.
- Eliminate mandatory periodic password resets for user accounts.
- Ban common passwords, to keep the most vulnerable passwords out of your system.
- Educate your users not to re-use their password for non-work-related purposes.
- Enforce registration for multi-factor authentication.
- Enable risk based multi-factor authentication challenges.”
Read it here
We had a few break ins in the neighborhood recently so I decided to set up an outdoor surveillance camera. But I needed to upload motion detected videos to an FTP type of site. So I had to provide for video file storage for an outdoor WiFi based security IP camera. I will use a D-Link video camera and a cloud based location to store the videos. As this is for home use, there is no server. I used to have servers at home, but nowadays, I work off Azure or other Cloud based companies and it is no longer needed or feasible: the server is cloud-based. Besides, home servers are too loud, although I when I had them at home, they were pretty nifty ;>
Anyway – here are the home Surveillance Video Project specifics!
This will be really, really efficient and … fast:
6.59 Terabytes disk space, on a Solid State Drive?? WOW. [not o mention 448 GB of RAM!)
“We have just recently announced the new series of VM sizes for Microsoft Azure Virtual Machines called the G-series, providing the most memory, the highest processing power and the largest amount of local SSD of any Virtual Machine size currently available in the public cloud. It easily handles deployments of mission critical applications such as large relational database servers (SQL Server, MySQL, etc.) and large NoSQL databases as well as the most demanding, very large scale-up enterprise systems.
G-series offers up to 32 vCPUs using the latest Intel® Xeon® processor E5 v3 family, 448GB of memory, and 6.59 TB of local Solid State Drive (SSD) space.”
Read about these FAST SSD VMs Here
There are limits to the free Azure hosting. It is free, after all, so it makes sense. But resources will be on the low end. Also, you cannot edit your DNS and web settings to make it a ‘custom domain’. If you are merely using Azure to test or experiment then this is fine. But to ‘go live’ or change your site from ‘MyTestSiteDummyName.Azurewebsites.Net’ to RealSiteName.Com’, you need to scale or really, upgrade Azure hosting. It is necessary to go to at least Shared mode.
So I want to once and for all get ‘Riguy.Azurewebsites.Net’ to open as simply, ‘Riguy.Com’. As of this moment, I have set a redirect HTML page at my old hosting (Go Daddy) to point to the Azure site. This is cool, for sure. It is by design. But moving forward, I want to actually have my domain open … as my domain. Note that once I edit my DNS and site settings, the Azure instance will still be active.