SlideShare una empresa de Scribd logo

BlueHat v18 || Scaling security scanning

BlueHat Security Conference
BlueHat Security Conference

The document discusses Microsoft 365 Product Assurance and Validation Checks (PAVC) scanning, which scans Microsoft service machines to ensure security patches are up to date. It describes how the PAVC scanning infrastructure has scaled to support the rapid growth of M365, including transitioning from unreliable internal tools to scalable cloud services. Recommendations are provided for using data to support further engineering scalability and intelligent monitoring across large numbers of machines and services.

Tecnología
1 de 22
Descargar para leer sin conexión
Scaling Security Scanning M365 Core Infra PAVC
Agenda • Introduction to PAVCscanning • Comparison for PAVC in old days VS now • How to use data to support engineering scalability • Provide recommendations and best practices • Q&A
Whatdoes a securitypatching holemean 千里之堤,毁于蚁穴
What is PAVC and what it has achieved • PAVC is one of the M365 compliance requirements which scans all service machines residing in different environments to ensure security patches up to date. • With M365 rapid growth, the current scanning coverage of 1 million machines might grow to 10 million machines soon • PAVC Scanning infrastructure is capable to seamlessly scale to more Azure resources (recent SharePoint 200,000 hosts adding in)
M365 PAVC in OldDaysI With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • Network scanner set up (need domain privilege) • Azure is not ready instead of using internal tools • ODL • Cosmos and Sangam scheduler • SLAM Scheduler • Batching process • Scanning happens once a day • ODL not reliable • Cosmos job started every few hours • Power BI on top for reporting
M365 PAVC in OldDaysII With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • A machine got a security patch and will take days to get the result • Too many delays • ODL (not stable and unreliable) • Cosmos and Sangam scheduler • SLAM Scheduler (nobody maintains) • When things go wrong, lots of trouble shooting • Scanning happens once a day • ODL not reliable • Cosmos job started every few hours • Power BI on top for reporting
M365 PAVC Now With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • Move away internal solutions to public Azure solution • Good reliabilityand support • Move away from batch processing to continuous (Event) driven processing • A machine get a security patch • The agent will start security scan • Whenever an output is ready,it will be sent to PAVC Cloud service • Saved to blob and consumed by reporting team • When things go wrong, easy to investigate
If themachines double,can 4 peopletake all the new work?
DataDrivenArchitecturalOverview ServerServer Server Agent Agent Agent Datacenter Azure SQL Azure blob storage PAVC Scanning Cloud services Scanning results Azure Geneva MDM Geneva storage ICM alerting Dashboard Health Monitor Analysis
Call to Action • Small team can do big things with a scalable solution • Fine-granularity based monitors make scalability grounded • Multi-dimensional data speed up incident recovery • Leverage the work to third-parties • Take fully advantage of cloud infrastructure and alerting system
References • https://aka.ms/jarvis • https://substrate.microsoft.net/documentation/Get-started/Welcome • https://substrate.microsoft.net/documentation/Office-365-compliance/PAVC/PAVC • Team info: pavcse@Microsoft.com
Questions? 11/10/2017 Azure Security Assurance 12
Introduction to PAVC Scanning An ant may well destroy a whole dam. • Why do we need PAVC? 千里之堤,毁于蚁穴 An ant may well destroy a while dam.
Introducing the PAVC Agent ❖ Network scanner dedicated box with IP range to be scanned ❖ PAVC agent component installed on each target machine • What made us reconsider? 1 Security aspect • NW needs admin forest rights 2 Reliability • NW environment • firewall 3 Management– NW scanners require management • load balancing • redistribution in case of failure • IP ranges management
PAVC Agent 11/10/2017 M365 PAVC 15 Adopted model – client agent + backend architecture Many other agent examples, LAM, ODL, Geneva etc... What makes us stand out? Q: Is your service running on a compliant platform? Q: Agent health? Ans: PAVC provides and ensures end-to-end compliance including client agent health – no gray areas! Example: ODL agent. Who is responsible for compliance and issue investigation? ODL team? Workload team?
Need for data support Main focus: ❖ PROD readiness of the new pipeline ❖ Quick turnaround in case of failures ❖ PAVC infra enhancement and future features Data support planning: 1 Top level infra health • Agent install health • Scan success vs failure, SCAP and Vuln scan health 2 Regression • Host count • NW scanner health (legacy) 3 Scan Quality • OS detection, Outdated Audits, AV, Scan Alerts
A RealCaseIcM Incidenton 08/26/2018
Snapshotof Jarvis HealthPage(Tobe updated)
Snapshotfor Dashboard(To beupdated)
Snapshotfor Runner RetinaStatus (Tobe updated)
Monitoring Agent Geneva Runners Geneva Monitoring Metrics and Logs Jarvis Alerts(IcM, TFS, …) HOT PATH MDM Monitors HealthSystem Diagnostics Apps Geneva Ingestion Gateway Top Errors Kusto WARM PATH Logs->Metrics Data Pipeline and transforms DGrep 10/4/2018

Recomendados

BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat Security Conference
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat Security Conference
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
Ulf Mattsson
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Priyanka Aash
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
ICS
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Manoj Kumar
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat Security Conference
 

Recomendados

BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat v18 || Improving security posture through increased agility with meas...
BlueHat Security Conference
 
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat v18 || Crafting synthetic attack examples from past cyber-attacks for...
BlueHat Security Conference
 
Integrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOpsIntegrate Security into DevOps - SecDevOps
Integrate Security into DevOps - SecDevOps
Ulf Mattsson
 
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case StudiesIoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
Priyanka Aash
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
ICS
 
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Cloud Computing – Opportunities, Definitions, Options, and Risks (Part-1)
Manoj Kumar
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow upBlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat v18 || Dep for the app layer - time for app sec to grow up
BlueHat Security Conference
 
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
MongoDB
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
Carlos Andrés García
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
Jason Chan
 
Incident Response in Cyber-Relevant Time - OpenC2
Incident Response in Cyber-Relevant Time - OpenC2Incident Response in Cyber-Relevant Time - OpenC2
Incident Response in Cyber-Relevant Time - OpenC2
Vasileios Mavroeidis
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
VMworld
 
A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
James Wickett
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools
Mickey Boxell
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
Modern Web-site Development Pipeline
Modern Web-site Development PipelineModern Web-site Development Pipeline
Modern Web-site Development Pipeline
GlobalLogic Ukraine
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team story
Mona Arkhipova
 
Chaos monitoring
Chaos monitoringChaos monitoring
Chaos monitoring
Mona Arkhipova
 
Architecting Azure IoT Solutions
Architecting Azure IoT SolutionsArchitecting Azure IoT Solutions
Architecting Azure IoT Solutions
GlobalLogic Ukraine
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
DevOps.com
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
jstnkndy
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
Jason Chan
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
Priyanka Aash
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Ukraine
 
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
Trivadis
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
DevOps.com
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
jstnkndy
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Ukraine
 

La actualidad más candente (20)

MongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the CloudMongoDB World 2018: Enterprise Security in the Cloud
MongoDB World 2018: Enterprise Security in the Cloud
 
Cloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New RealityCloud Native Security: New Approach for a New Reality
Cloud Native Security: New Approach for a New Reality
 
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
VMworld 2013: NSX Security Solutions In Action - Deploying, Troubleshooting, ...
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster ManagementAddressing the 8 Key Pain Points of Kubernetes Cluster Management
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security Automation
 
Incident Response in Cyber-Relevant Time - OpenC2
Incident Response in Cyber-Relevant Time - OpenC2Incident Response in Cyber-Relevant Time - OpenC2
Incident Response in Cyber-Relevant Time - OpenC2
 
VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX VMworld 2013: Security Automation Workflows with NSX
VMworld 2013: Security Automation Workflows with NSX
 
A Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SREA Pragmatic Union: Security and SRE
A Pragmatic Union: Security and SRE
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
ADDO Open Source Observability Tools
ADDO Open Source Observability Tools ADDO Open Source Observability Tools
ADDO Open Source Observability Tools
 
20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure20 common security vulnerabilities and misconfiguration in Azure
20 common security vulnerabilities and misconfiguration in Azure
 
Modern Web-site Development Pipeline
Modern Web-site Development PipelineModern Web-site Development Pipeline
Modern Web-site Development Pipeline
 
QIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team storyQIWI SOC benchmarking: Blue Team story
QIWI SOC benchmarking: Blue Team story
 
Chaos monitoring
Chaos monitoringChaos monitoring
Chaos monitoring
 
Architecting Azure IoT Solutions
Architecting Azure IoT SolutionsArchitecting Azure IoT Solutions
Architecting Azure IoT Solutions
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons Learned
 
Cloud security : Automate or die
Cloud security : Automate or dieCloud security : Automate or die
Cloud security : Automate or die
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
 

Similar a BlueHat v18 || Scaling security scanning

Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
Codefresh
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssist
Bryan Ferrario
 
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
Amazon Web Services
 
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
ssuser01a66e
 

Similar a BlueHat v18 || Scaling security scanning (20)

TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
TechEvent 2019: More Agile, More AI, More Cloud! Less Work?!; Oliver Dörr - T...
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
2023-09-21_Seminar_Hamar_-_Starte_med_AWS
2023-09-21_Seminar_Hamar_-_Starte_med_AWS2023-09-21_Seminar_Hamar_-_Starte_med_AWS
2023-09-21_Seminar_Hamar_-_Starte_med_AWS
 
AWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWSAWS live hack: Atlassian + Snyk OSS on AWS
AWS live hack: Atlassian + Snyk OSS on AWS
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
 
Introduction to Chaos Engineering
Introduction to Chaos EngineeringIntroduction to Chaos Engineering
Introduction to Chaos Engineering
 
Combining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and CybersecurityCombining ERP, Public Cloud and Cybersecurity
Combining ERP, Public Cloud and Cybersecurity
 
Application Darwinism - Why Most Enterprise Apps Will Evolve to the Cloud
Application Darwinism - Why Most Enterprise Apps Will Evolve to the CloudApplication Darwinism - Why Most Enterprise Apps Will Evolve to the Cloud
Application Darwinism - Why Most Enterprise Apps Will Evolve to the Cloud
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
Embracing Failure - AzureDay Rome
Embracing Failure - AzureDay RomeEmbracing Failure - AzureDay Rome
Embracing Failure - AzureDay Rome
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssist
 
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
Success With Preconfigured Business Software from AWS Marketplace (SVC102) | ...
 
Barracuda, AWS & Securosis: Application Security for the Cloud
Barracuda, AWS & Securosis: Application Security for the CloudBarracuda, AWS & Securosis: Application Security for the Cloud
Barracuda, AWS & Securosis: Application Security for the Cloud
 
Partnership to Capture Indonesia ERP Cloud Trend Opportunities
Partnership to Capture Indonesia ERP Cloud Trend OpportunitiesPartnership to Capture Indonesia ERP Cloud Trend Opportunities
Partnership to Capture Indonesia ERP Cloud Trend Opportunities
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
MSFT MAIW Data Mod - Session 1 Deck_Why Migrate your databases to Azure_Sept ...
 
Cloud Service Provider in India | Cloud Solution and Consulting
Cloud Service Provider in India | Cloud Solution and ConsultingCloud Service Provider in India | Cloud Solution and Consulting
Cloud Service Provider in India | Cloud Solution and Consulting
 
Technology insights: Decision Science Platform
Technology insights: Decision Science PlatformTechnology insights: Decision Science Platform
Technology insights: Decision Science Platform
 

Más de BlueHat Security Conference

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Security Conference
 
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Security Conference
 
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Security Conference
 
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Security Conference
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Security Conference
 
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Security Conference
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Security Conference
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Security Conference
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat Security Conference
 
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat Security Conference
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat Security Conference
 
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat Security Conference
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat Security Conference
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat Security Conference
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat Security Conference
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat Security Conference
 

Más de BlueHat Security Conference (20)

BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
BlueHat Seattle 2019 || The cake is a lie! Uncovering the secret world of mal...
 
BlueHat Seattle 2019 || Keynote
BlueHat Seattle 2019 || KeynoteBlueHat Seattle 2019 || Keynote
BlueHat Seattle 2019 || Keynote
 
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One StoryBlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
BlueHat Seattle 2019 || Guarding Against Physical Attacks: The Xbox One Story
 
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and DefenseBlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
BlueHat Seattle 2019 || Kubernetes Practical Attack and Defense
 
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come aloneBlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
BlueHat Seattle 2019 || Open Source Security, vulnerabilities never come alone
 
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILsBlueHat Seattle 2019 || Modern Binary Analysis with ILs
BlueHat Seattle 2019 || Modern Binary Analysis with ILs
 
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
BlueHat Seattle 2019 || Don't forget to SUBSCRIBE.
 
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure ADBlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
BlueHat Seattle 2019 || I'm in your cloud: A year of hacking Azure AD
 
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR InvestigationsBlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
BlueHat Seattle 2019 || Autopsies of Recent DFIR Investigations
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
 
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
BlueHat Seattle 2019 || Are We There Yet: Why Does Application Security Take ...
 
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
BlueHat Seattle 2019 || Building Secure Machine Learning Pipelines: Security ...
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiled
 
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzingBlueHat v18 || WSL reloaded - Let's try to do better fuzzing
BlueHat v18 || WSL reloaded - Let's try to do better fuzzing
 
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxyBlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
BlueHat v18 || The hitchhiker's guide to north korea's malware galaxy
 
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windowsBlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
BlueHat v18 || Retpoline - the anti-spectre (type 2) mitigation in windows
 
BlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and wellBlueHat v18 || Memory resident implants - code injection is alive and well
BlueHat v18 || Memory resident implants - code injection is alive and well
 
BlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without deviceBlueHat v18 || Massive scale usb device driver fuzz without device
BlueHat v18 || Massive scale usb device driver fuzz without device
 
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
BlueHat v18 || Modern day entomology - examining the inner workings of the bu...
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

BlueHat v18 || Scaling security scanning

  • 2. Agenda • Introduction to PAVCscanning • Comparison for PAVC in old days VS now • How to use data to support engineering scalability • Provide recommendations and best practices • Q&A
  • 3. Whatdoes a securitypatching holemean 千里之堤,毁于蚁穴
  • 4. What is PAVC and what it has achieved • PAVC is one of the M365 compliance requirements which scans all service machines residing in different environments to ensure security patches up to date. • With M365 rapid growth, the current scanning coverage of 1 million machines might grow to 10 million machines soon • PAVC Scanning infrastructure is capable to seamlessly scale to more Azure resources (recent SharePoint 200,000 hosts adding in)
  • 5. M365 PAVC in OldDaysI With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • Network scanner set up (need domain privilege) • Azure is not ready instead of using internal tools • ODL • Cosmos and Sangam scheduler • SLAM Scheduler • Batching process • Scanning happens once a day • ODL not reliable • Cosmos job started every few hours • Power BI on top for reporting
  • 6. M365 PAVC in OldDaysII With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • A machine got a security patch and will take days to get the result • Too many delays • ODL (not stable and unreliable) • Cosmos and Sangam scheduler • SLAM Scheduler (nobody maintains) • When things go wrong, lots of trouble shooting • Scanning happens once a day • ODL not reliable • Cosmos job started every few hours • Power BI on top for reporting
  • 7. M365 PAVC Now With a rapid growing of M365 Office customers, the security scanning coverage has been tripled in years and it keeps scaling. Making all Office service machines compliantand security patchingup to date within different product environmentsis challengingand require a growing mindset and scalable engineering solution. In this session, we introduce approaches and security scanning infrastructures we buildto support large scale of service machines. We will discuss how to detect unhealthyscanners and hosts across M365 services and how to make monitoring and alerts intelligentand action based. • Move away internal solutions to public Azure solution • Good reliabilityand support • Move away from batch processing to continuous (Event) driven processing • A machine get a security patch • The agent will start security scan • Whenever an output is ready,it will be sent to PAVC Cloud service • Saved to blob and consumed by reporting team • When things go wrong, easy to investigate
  • 8. If themachines double,can 4 peopletake all the new work?
  • 9. DataDrivenArchitecturalOverview ServerServer Server Agent Agent Agent Datacenter Azure SQL Azure blob storage PAVC Scanning Cloud services Scanning results Azure Geneva MDM Geneva storage ICM alerting Dashboard Health Monitor Analysis
  • 10. Call to Action • Small team can do big things with a scalable solution • Fine-granularity based monitors make scalability grounded • Multi-dimensional data speed up incident recovery • Leverage the work to third-parties • Take fully advantage of cloud infrastructure and alerting system
  • 11. References • https://aka.ms/jarvis • https://substrate.microsoft.net/documentation/Get-started/Welcome • https://substrate.microsoft.net/documentation/Office-365-compliance/PAVC/PAVC • Team info: pavcse@Microsoft.com
  • 13. Introduction to PAVC Scanning An ant may well destroy a whole dam. • Why do we need PAVC? 千里之堤,毁于蚁穴 An ant may well destroy a while dam.
  • 14. Introducing the PAVC Agent ❖ Network scanner dedicated box with IP range to be scanned ❖ PAVC agent component installed on each target machine • What made us reconsider? 1 Security aspect • NW needs admin forest rights 2 Reliability • NW environment • firewall 3 Management– NW scanners require management • load balancing • redistribution in case of failure • IP ranges management
  • 15. PAVC Agent 11/10/2017 M365 PAVC 15 Adopted model – client agent + backend architecture Many other agent examples, LAM, ODL, Geneva etc... What makes us stand out? Q: Is your service running on a compliant platform? Q: Agent health? Ans: PAVC provides and ensures end-to-end compliance including client agent health – no gray areas! Example: ODL agent. Who is responsible for compliance and issue investigation? ODL team? Workload team?
  • 16. Need for data support Main focus: ❖ PROD readiness of the new pipeline ❖ Quick turnaround in case of failures ❖ PAVC infra enhancement and future features Data support planning: 1 Top level infra health • Agent install health • Scan success vs failure, SCAP and Vuln scan health 2 Regression • Host count • NW scanner health (legacy) 3 Scan Quality • OS detection, Outdated Audits, AV, Scan Alerts
  • 17.
  • 22. Monitoring Agent Geneva Runners Geneva Monitoring Metrics and Logs Jarvis Alerts(IcM, TFS, …) HOT PATH MDM Monitors HealthSystem Diagnostics Apps Geneva Ingestion Gateway Top Errors Kusto WARM PATH Logs->Metrics Data Pipeline and transforms DGrep 10/4/2018