Share This Post

Azure / Cloud Security / Main Slider / Monitoring / Security

Security of Cloud Tools

Security of Cloud Tools

So I have been heavily involved with the security of our Managed Service Cloud infrastructure and have been using Microsoft OMS (Log Analytics) very proactively to scan our networks for potential vulnerabilities. One vulnerability that was picked up in the Security and Audit section was on a third-party box we have in our network which hosts some Office365 integration. In OMS Threat intelligence this server was shown to be hosting a suspicious outbound connection which is visualised as a red up turned arrow, which is you know you OMS is not good and requires immediate attention (see example below)…

Image result for oms threat intelligence

On investigation of the box and outbound IP address we discovered that it was actually an instance of remote control tool teamviewer which when accessed remotely by the third-party actually made an outbound connection to its parent company in France. Now this is actually how I absolutely expect OMS to work, any unknown outbound connections to be flagged, as if this was a hacker or an exploit this is the kind of behaviour I would expect to see straight away so for me this was a big tick in the box for me for its stand out capabilities. It also led me to do some investigation on Teamviewer itself to see what its suitability was to be actually used in my very secure environment, and my research was interesting, so while I know this can be used in a secure fashion (I believe Microsoft support actually use it securely), it does have some big questions over its suitability for a secure cloud environment like mine. I have posted a link below that came out of some of my research which is an interesting read:

https://arstechnica.co.uk/security/2016/06/teamviewer-confirms-hack-analysis-interview/

My general advice however is make sure you are monitoring everything in your network from your servers to your firewalls to your public IP addresses using a good analytics tool, OMS is my weapon of choice, it has been very effective in both helping us get to grips with the gaps and for spotting potential vulnerabilities and allows me to run a very tight ship, details below:

https://www.microsoft.com/en-us/cloud-platform/operations-management-suite

 

 

 

Share This Post

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

Lost Password

Register