Getting Started with Microsoft Azure Sentinel: Part 2

Written by Aman Sharma on Tuesday, April 9th 2019 — Categories: Azure, Datacenter Automation, Microsoft, Security

This is Part Two and the final entry in our introductory blog series on Azure Sentinel, Microsoft's new Security Information and Event Management (SIEM) tool for Azure environments. Read Part One here for information on what Sentinel is, how to set it up, and how to begin importing data from your Azure PaaS and IaaS.

In Part Two, we'll examine deeper functionalities within Sentinel including Machine Learning, queries, and automation.

Continue Reading...


Getting Started with Microsoft Azure Sentinel: Part 1

Written by Aman Sharma on Tuesday, April 2nd 2019 — Categories: Azure, Cloud Hosting, Microsoft, Security

Azure Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management) service with built-in AI analytics. It reduces the cost and complexity to provide a single pane of glass to get central and near real-time view of your whole environment.

Threats related to infrastructure, networking, users, and applications can be monitored via Azure Sentinel. As a cloud-native service, it scales as per your needs. It collates the data from your environment on-premises, in Azure, and any third party cloud providers. It uses Microsoft Threat Intelligence to analyze all the signals and filters out the noise from actual relevant alerts.

This two part blog series will introduce you to Azure Sentinel and show you how to get set up with the service and start exploring its many features.

Continue Reading...


2018 Blog Wrap Up: Our Most Popular Posts

Written by Joe Kozlowicz on Thursday, December 27th 2018 — Categories: Cloud Hosting, Data Center Design, Enterprise Applications, IT Modernization, IT Operations, Security

Another year successful year has gone by on the Green House Data blog. We're thrilled to surpass 150,000 views in 2018! Thanks for reading our humble blog. In case you missed anything, here are the five top posts from 2018, covering VM performance monitoring, GDPR, and a subject no modern blog should be without…millennials. And more!

Don't forget to tune in after the New Years for more great data center, cloud, and managed IT services content!

Continue Reading...


Technology Compliance Audits: Application and Server Patch Automation

Written by Rory McCaw on Thursday, December 6th 2018 — Categories: Patching, SCOM, SCCM, Datacenter Automation, Security

Meet Bruce.

Bruce is a 45-year-old IT manager, with twenty years experience working for ACME Power. Bruce has three photos on his desk – one of his wife, Linda; one of his kids - Davy and Wendy; and one of Microsoft CEO Satya Nadella. Apart from his laptop, Bruce’s desk is pristine. He walked into the office this morning with a big smile on his face and passed out donuts to his colleagues.

Today has been highlighted in Bruce’s Outlook calendar for weeks. It’s day one of a thorough compliance audit of ACME Power’s application and server infrastructure. 

Continue Reading...


Are You in SaaS Denial? Here’s How to Get Ahead of Adoption Hurdles

Written by Joe Kozlowicz on Wednesday, December 5th 2018 — Categories: Cloud Hosting, Enterprise Applications, IT Operations, Security

Will we ever get past talking about IaaS vs. PaaS vs. SaaS? Perhaps not. Gartner recently published a list of the Top 10 Trends Impacting IT Infrastructure and Operations for 2019. Sitting at Number 8? Software as a Service (SaaS) denial.

Basically, most organizations have been hyper focused on Infrastructure and Platforms as a Service — migrating to cloud VMs, hiring admins for Azure and AWS ecosystems, learning Kubernetes and Docker.

Meanwhile, shadow IT and the overall enterprise trend is to initially prefer SaaS. Of course, SaaS has made inroads with IT departments even at the enterprise level, especially Office 365. But without Infrastructure and Operations teams taking SaaS seriously, your overall IT environment could be opened up to security risks on top of integration problems, fragmentation, and service delivery concerns.

Are you in SaaS denial? Do you have blinders on as you focus entirely on IaaS adoption or other more pressing matters? Now is the time to get ahead of the SaaS adoption hurdles by being proactive within your IT and operations departments.

Continue Reading...


Solving the InfoSec Risk Equation

Written by Daniel Deter on Thursday, November 15th 2018 — Categories: IT Operations, Security

With all the talk about cloud security threats, it’s important to remember that no matter where your data and applications reside, you should consider your data insecure.

Fundamentally, security isn’t a hyper-complex enterprise; It’s not, as they say, rocket science. It often feels that way, because the discipline is so broad in scope; encompassing both disparate technologies and governance frameworks. But, the vast majority of risk can be mitigated through adhering to basic foundational security.

More to know: A review of breaches outlined within the Verizon 2017 Data Breach Investigations Report (DBIR) against the Center for Internet Security (CIS) top 20 critical security controls found that:

• Adopting the first 5 controls could mitigate 85% of attacks, and
• Adopting all 20 controls could mitigate 97% of attacks.

That basic foundational security can be expressed in one essential formula, which boils down what is under your control as an IT security professional and what is outside your purview. That equation is as follows.

Continue Reading...


The Growing Importance of Digital Ethics, Transparency, and Privacy

Written by Shawn Mills on Wednesday, October 24th 2018 — Categories: Managed Services, Green Data Center, Security

Technology continues to envelop our daily lives, in business, at home, in leisure and athletics, across the globe and into space. Despite wide ranging benefits, corporate entities and individual consumers alike have begun to recognize the risks inherent in digital services.

I recently spoke at a Daniels Fund conference panel about ethics in business. A student remarked, “I have access to so much data in the workplace. How can you protect from a bad apple stealing your information?”

Ethics is the key to protecting from these types of internal threats — and it helps your company handle external threats as well.

Gartner has even named Digital Ethics and Privacy as their Number 9 trend on the Top 10 Strategic Technology Trends for 2019. They recognize this growing awareness of the value of personal information and concern among various entities and individuals over how personal and sensitive data is being consumed, processed, and shared among public and private organizations.

Gartner’s advice? Move from asking “Are we secure?” or “Are we compliant with regulations?” to asking “Are we doing the right thing?”

Continue Reading...


Understanding and Preventing SQL Injection (SQLi), One of the Most Common Attack Vectors

Written by Daniel Deter on Wednesday, October 17th 2018 — Categories: Cloud Storage, Security

Your data is your business. Your databases, and the data-driven applications that leverage them, should be regularly audited for vulnerabilities. One of the top risks facing your data today is SQL injection (SQLi). According to the 2018 Verizon Data Breach Incident Report (DBIR), SQLi was the second most common form of hacking varieties within information breaches, exceeded only by stolen credentials.

This attack vector involves the exploit of programmatic weaknesses in applications to run unintended code to manipulate your backend SQL databases, and thus access information or even gain administrative access and credentials.

Any application that uses SQL could be subject to this type of attack, from simple websites to SaaS apps like your CRM and ERP — even VoIP systems. This attack is also not limited to applications exposed to the internet. Internal applications are prime targets for attackers who have breached your external boundary (e.g., through phishing).

Continue Reading...


Shifting Ground for Data Privacy: The Latest on CCPA and Privacy Shield Laws

Written by Joe Kozlowicz on Wednesday, September 26th 2018 — Categories: Security

GDPR? Old news. (We’ll just pass over the fact that many organizations have yet to reach compliance…that’s another story.) While hosting providers that advertise to European companies and individuals must comply with the EU law, there are other legal requirements that US-focused organizations have to consider, namely Data Shield and an upcoming compliance mandate in the state of California that is similar to GDPR itself.

Privacy Shield is an international law in flux, with EU lawmakers threatening to withdraw entirely if the USA does not enforce compliance. The California Consumer Privacy Act (CCPA) will go into effect in 2020.

What do these laws entail? And should your organization be concerned with these data privacy measures?

Continue Reading...


Microsoft Azure Active Directory: Getting Started with Identity Management in the Cloud, Part 2

Written by Muditha Chathuranga on Wednesday, September 19th 2018 — Categories: Azure, Active Directory, Cloud Hosting, Microsoft, Security

Microsoft Azure Active Directory, or AAD, is an IDaaS (Identity as a Service) offering that helps you manage corporate identities in the cloud. In this blog series, we're taking a look at the primary AAD features that you'll use to get your ID management up and running for Azure cloud services.

In Part 1 we discussed Connect, Single-Sign On, and Multifactor Authentication. You can also find a table of AAD pricing on that post. Remember, this series is not a deep dive into AAD configuration, but rather an overview of key features. Depending on your SKU you may or may not have access to all of these features.

Part 2 includes Self Service Password Resets, Identity Protection, Conditional Access, and Privileged Identity Management. These features help you control access and maintain security and compliance protocol across your enterprise cloud.

Continue Reading...

Chat Now