Tuesday, June 21, 2016

Francisco Partners and Elliott Management to Acquire the Dell Software Group

Source - http://software.dell.com/acquisitions/dsg.aspx?utm_campaign=20107-44402-CP-GL-SIMAnnounce_CustProsp&utm_medium=email&utm_source=Eloqua

SAN FRANCISCO & ROUND ROCK, Texas--(BUSINESS WIRE)--Francisco Partners, a leading technology-focused private equity firm, Elliott Management Corporation, and Dell today announced they have signed a definitive agreement for Francisco Partners and Elliott to acquire the Dell Software Group. The agreement bolsters Francisco Partners and Elliott Management’s technology portfolios with the addition of Dell Software’s diverse combination of security, systems and information management, and data analytics solutions.

"Quest Software and SonicWALL provide mission-critical software to a large and loyal base of over 180,000 customers, and we see significant opportunity to build upon the company’s impressive technology and product portfolio."

“We founded our firm in 1999 to pursue divisional carve outs in the technology sector and today’s agreement continues that vision,” said Dipanjan “DJ” Deb, Francisco Partners’ Chief Executive Officer. “Quest Software and SonicWALL provide mission-critical software to a large and loyal base of over 180,000 customers, and we see significant opportunity to build upon the company’s impressive technology and product portfolio. We are excited to be partnering with Elliott Management and want to thank Silver Lake Partners and Dell for their continued partnership.”

“Elliott has been a long-term investor in the technology space and today’s announcement continues our progress,” said Jesse Cohn, Senior Portfolio Manager at Elliott Management. “This acquisition represents a significant deal by Evergreen Coast Capital, Elliott’s recently established Menlo Park affiliate. We look forward to working with Francisco Partners to create significant value at these companies.”

“Francisco Partners and Elliott Management’s deep passion for technology and proven track records in nurturing and building software businesses will enable Dell Software’s loyal base of employees to continue delivering innovation,” said Tom Sweet, senior vice president and chief financial officer, Dell. “We look forward to continuing to work closely with the Francisco Partners and Elliott Management teams to further enhance the already great relationships Dell Software has with its customers and partners.”

Dell Software’s comprehensive portfolio of solutions span a number of areas critical to the modern business and IT management landscape, including advanced analytics, database management, data protection, endpoint systems management, identity and access management, Microsoft platform management, network security, and performance monitoring. With Dell Software solutions, organizations of all sizes can better secure, manage, monitor, protect, and analyze information and infrastructure in order to help fuel innovation and drive their businesses forward.

"We see tremendous growth opportunity for these businesses," said Brian Decker, head of security investing at Francisco Partners. "Network security and identity and access management are increasingly strategic imperatives for enterprises and we are thrilled to support the continued product innovation of Quest Software and SonicWALL in these areas."

"We are proud to partner with Francisco Partners to acquire Dell Software from Dell Inc.," said Isaac Kim, Managing Director of Evergreen Coast Capital. "Dell Software has world class products and talented employees, and we look forward to working with the management team to grow revenues and increase value. We believe these companies offer unique value and operational potential."

Read more at source - http://software.dell.com/acquisitions/dsg.aspx?utm_campaign=20107-44402-CP-GL-SIMAnnounce_CustProsp&utm_medium=email&utm_source=Eloqua

Friday, June 17, 2016

Magic Quadrant for Identity and Access Management as a Service

Source - https://info.microsoft.com/EMS-IDaaS-MQ-2016.html?ls=Email

Gartner recognized Microsoft as a Leader, positioned furthest to the right for completeness of vision, in the 2016 Magic Quadrant for Identity and Access Management as a Service, Worldwide.

In only its second year on the Gartner Identity and Access Management as a Service, Worldwide Magic Quadrant Microsoft was placed in the "Leader" quadrant, far to the right for our completeness of vision.

See the difference between 2005 and 2006 report. Good job Microsoft!

image

 

image

Download the Gartner report from the source - https://info.microsoft.com/EMS-IDaaS-MQ-2016.html?ls=Email

Friday, June 10, 2016

Latest MVP FridayFive Blog

Source - https://blogs.msdn.microsoft.com/mvpawardprogram/2016/06/10/heres-your-fridayfive/

Latest MVP FridayFive Blog is out today.   My Azure MFA Authentication Types blog is included in it Smile 

At Last, AI Applications that Work Easily with Faces and Feelings, Not Just Files: Microsoft Azure MVP Jason Milgram @jmilgram

Azure MFA Server—Authentication Types: Enterprise Mobility MVP Santhosh Sivarajan @Santhosh_Sivara

The .NET CLI Decoded: Visual Studio and Development Technologies and Windows Technologies MVP Sam Basu @samidip

Wiki Life: MVP authors & contributors: Visual Studio and Development Technologies and Windows Technologies MVP Ken Cenerelli @KenCenerelli

Using Animations with Xamarin Forms: Windows Development MVP Houssem Dellai @HoussemDellai

Source - https://blogs.msdn.microsoft.com/mvpawardprogram/2016/06/10/heres-your-fridayfive/

Wednesday, June 8, 2016

Azure Active Directory Identity Protection Playbook

Source - https://azure.microsoft.com/en-us/documentation/articles/active-directory-identityprotection-playbook/

Here is an Azure Active Directory Identity Protection Playbook  which can be used to  simulates the following risk event types:

  • Sign-ins from anonymous IP addresses (easy)
  • Sign-ins from unfamiliar locations (moderate)
  • Impossible travel to atypical locations (difficult)

Read more at source - https://azure.microsoft.com/en-us/documentation/articles/active-directory-identityprotection-playbook/

Tuesday, June 7, 2016

AADConnect–New Version 1.1.189.0

Source - https://www.microsoft.com/en-us/download/details.aspx?id=47594

A new version of AAD connect (version 1.1.189.0) is available for download.  The following new features and bug fixes are included in this version:

1.1.189.0

Released: 2016 June

Fixed issues and improvements:

  • Azure AD Connect can now be installed on a FIPS compliant server.
  • Fixed an issue where a NetBIOS name could not be resolved to the FQDN in the Active Directory Connector.

Source - https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/

Download - https://www.microsoft.com/en-us/download/details.aspx?id=47594

Saturday, May 14, 2016

New Version of AADConnect–Version 1.1.180.0

Source - https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/

A new version of AADConnect (version 1.1.180.0) is available as of today. 

1.1.180.0

Released: 2016 May

New features:

Fixed issues and improvements:

  • Added filtering to the Sync Rule Editor to make it easy to find sync rules.
  • Improved performance when deleting a connector space.
  • Fixed an issues when the same object was both deleted and added in the same run (called delete/add).
  • A disabled Sync Rule will no longer re-enable included objects and attributes on upgrade or directory schema refresh.

Read more at source - https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-version-history/

Tuesday, May 10, 2016

Azure Identity Protection

Source - https://blogs.technet.microsoft.com/ad/2016/05/10/how-we-protect-azuread-and-microsoft-account-from-leaked-usernames-and-passwords/

The Identity Protection team is responsible for preventing hackers and cyber criminals from getting access to user accounts in the Microsoft account (MSA) and Azure Active Directory (Azure AD) services. We safeguard hundreds of millions of unique users across more than 13 billion logins every day.

As a lot of you know, a number of articles were published last week about a Russian hacker offering 272.3 million stolen usernames and passwords. This has received a lot of press coverage so we thought you might be interested to learn how we handle these lists when we discover them.

The first thing to understand is that the vast majority of stolen credentials are acquired when a hacker breaches a vulnerable website that stores passwords in plaintext or uses weak encryption or hashing practices. (Stolen usernames and passwords are also commonly acquired in phishing attacks or malware.) The second thing to understand is that many people use the same username and password with multiple sites.

Taken together, this means that when someone else’s services are hacked, it can put accounts with the same username and password in our system at risk.

Because these kinds of breaches and attacks happen quite frequently, we’ve built a standard set of processes and automated services to make sure our users are always protected.

We discover stolen credentials in a bunch of different ways. Mostly our machine learning systems and algorithms find them before any disclosure, but we also find lists by working with local and national governments, industry partners, security researchers and academic institutions all around the world. We also work closely with Microsoft Digital Crimes Unit, Security Response Center, The Office365 team, The Xbox team and many others who contribute to Microsoft’s Intelligent Security Graph and use the combined results to detect and stop attacks.

When we discover a new list of usernames and passwords, we run them through an automated system that checks to see if any of the credentials match those in our MSA or Azure AD systems by comparing the hashes of the submitted password to the hashed password stored with the actual accounts. The good news is that, most of the time, the credentials passed around by criminals don’t match any accounts in our services because the data in this lists is fabricated or out of date.

For this particular list, 9.62% of the usernames matched an account in our systems. And of those, only 1.03% had a matching password. So overall less than 0.1% of the list had a valid match for username and password in our systems.

But remember, our machine learning systems and algorithms find and automatically protect most compromised credentials before any disclosure. In this case, we had already protected 58.3% of that 0.1% because we had already caught an invalid access attempt or other suspicious activity!

The result? Of all the accounts in this list, 0.042 % of them were actually at risk.

Once we’ve identified the subset of accounts that are vulnerable, our automated mitigations kick in to protect them.

In the case of consumer accounts in MSA, the account is marked as being at risk. The next time the rightful account owner logs in, we interrupt them, require that they verify their identity with a second factor, and then require them to change their password.

It looks like this:

In the case of business accounts in Azure AD, the Azure Active Directory Identity Protection service – currently in public preview – gives corporate IT administrators the option to use the same kinds of automated mitigation policies for their user accounts in Azure AD.

The Azure AD user experience looks like this (note the Wingtip Toys brand here is a placeholder logo):

The cool thing about this is that when we detect a user’s password is compromised, Azure AD admins can have the account automatically locked down and protected before the bad guy can ever use the credentials – just like we do for our Microsoft consumer accounts in MSA.

Here’s a screen shot of the admin console in Azure AD Identity Protection, where admins can see their users at risk:

Drill into specifics:

And set policies to automatically remediate users we find at risk:

Last week, Alex Simons mentioned in this blog that Microsoft had just published our 20th Security Intelligence Report. In that report we explained that we detect more than 10 million credential attacks every day across our identity systems. This includes millions of attacks every day where the username and password are correct, but we detect that the person attempting to log in is a cyber-criminal.

So while 33 million Hotmail username/password pairs in the wild is definitely important to us, it is a relatively small volume, less than half of what we process in an average week, and a drop in the bucket compared to the more than 4
billion credentials we detected being attacked last year.

We hope this helps you understand how those articles you saw relate to your identity security – and how we’re using credential lists (and a lot of other signals) to keep your account safe.

And hey – if *you* ever want to contribute compromised credentials you’ve found, or any other security issue, secure@microsoft.com is the right place to begin the process of reporting them and beginning a secure transfer. But please, don’t send us creds in email! Once we get your contact info we’ll work with you to make appropriate arrangements.

Read more at source - https://blogs.technet.microsoft.com/ad/2016/05/10/how-we-protect-azuread-and-microsoft-account-from-leaked-usernames-and-passwords/

Thursday, May 5, 2016

Advanced Threat Analytics new version 1.6 is now available

Source - https://blogs.technet.microsoft.com/ata/2016/05/05/advanced-threat-analytics-new-version-1-6-is-now-available/

We really love and are proud of what we do: we continue to innovate in order to help you identify advanced persistent threats (APTs) and insider threats in your network before they cause damage. As of today, we are glad to share that Advanced Threat Analytics (ATA) is monitoring over 5 million users and 10 million devices!

I want to personally thank our customers and community for your interest with our solution and more importantly making the leap from the traditional security approach to User and Entity Behavioral Analytics (UEBA) with our solution. Your feedback and input have been essential to our product development.

Today, we are proud to announce that ATA’s new version (1.6) is publicly available. With this blogpost, I would like to share detailed information about this update and explain the exciting new enhancements our team developed.

As pioneers of the UEBA market, we set the bar very high and we are introducing exciting new capabilities and innovation:

  • New detections such as
    • Pass-The-Hash, Brute Force and others based on unusual protocol behavior
    • Elevation of privileges
    • Reconnaissance via Net Session enumeration
    • Compromised Credentials via Malicious DPAPI Request
    • Compromised Credentials via Malicious Replication Requests
  • New deployment option with the ATA Lightweight Gateway helping with branch sites and IaaS deployments
  • New and improved detection engine that significantly improves our performance and scale
  • Support for automatic updates and upgrades using Microsoft Updates
  • Improvements in third party integration to enrich detection

New Detections

Attackers are constantly evolving and improving their Tactics, Techniques and Procedures (TTPs). This is why one of our focus areas is detecting advanced attacks that are being used “in the wild”. Let’s take a look at some of the new detections we have:

Reconnaissance via Net Session enumeration: Reconnaissance is a key stage within the advanced attackers’ kill chain. Domain Controllers (DCs) function as file servers for the purpose of Group Policy Object distribution, using the SMB (Server Message Block) protocol. As part of the reconnaissance phase, an attacker can query the DC for all active SMB sessions on the server, allowing the user to gain access to all the users and IP addresses associated with those SMB sessions. SMB session enumeration may be used by attackers for targeting sensitive accounts, helping them move laterally across the network.

Compromised credentials via Malicious Replication Request: In Active Directory (AD) environments replication happens regularly between Domain Controllers. An attacker may spoof an AD replication request (sometimes impersonating a Domain Controller) allowing the attacker to retrieve the data stored in AD, including password hashes, without utilizing more intrusive techniques like Volume Shadow Copy.

Compromised Credentials via Malicious DPAPI Request: Data Protection API (DPAPI) is a password-based data protection service. This protection service is used by various applications that store user’s secrets, such as website passwords and file-share credentials. In order to support password-loss scenarios, users can decrypt protected data by using a recovery key which does not involve their password. In a domain environment, attackers can remotely steal the recovery key and use it to decrypt protected data on all of the domain-joined computers.

New deployment option

The ATA Lightweight Gateway is a new deployment option that enables you to deploy the ATA Gateway on the on-premises or IaaS Domain Controllers, removing the need for dedicated hardware and/or port-mirroring configuration. The ATA Lightweight Gateway introduces automatic and dynamic resource management based on the available resources on the DC. This intelligent capability will make sure that the existing operations of the DC will not be affected. In addition, the ATA Lightweight Gateway simplifies the deployment of the ATA Gateway in branch sites where there is a limitation of hardware resources and/or port-mirroring support and reduce the TCO.

Performance and Scale

In this new version of ATA (1.6), the performance and scale were greatly improved, enabling ATA to monitor large enterprise environments. This is possible due to significant improvements we have made in our detection engine. In addition, the changes we’ve made enable us to drastically reduce the storage requirements and now ATA requires x5 less space than the previous versions.

Automatic Updates Support

We know that a security solution should always be up to date. This is why with this new version we are introducing automatic updates to ATA. So no more manual downloads and upgrades!

Starting with this version, all releases will automatically update and upgrade via integration with Microsoft Updates (includes WSUS and SCCM integrations). Updates will include new behavior algorithms, detections, features and hotfixes in a simple and seamless way.

Once available in the Microsoft Update cloud service, or in the on-premises WSUS/SCCM, the ATA Center will automatically identify and download the updates. After the ATA Center is updated, all ATA Gateways (unless configured otherwise) will automatically download and deploy the updates from the ATA Center.

Third Party Integration

We are constantly expanding our support for additional 3rd party data sources to enrich our detection of insider threats and APTs. In this version we are introducing the Support for IBM QRadar – This new ATA version supports receiving events from IBM QRadar SIEM solution, in addition to the previously supported SIEM solutions (RSA Security Analytics, HP Arcsight and Splunk).

Read more at source - https://blogs.technet.microsoft.com/ata/2016/05/05/advanced-threat-analytics-new-version-1-6-is-now-available/

Tuesday, May 3, 2016

Azure AD Connect Configuration Documenter

Source - https://github.com/Microsoft/AADConnectConfigDocumenter

AAD Connect configuration documenter is a tool to generate documentation of an Azure AD Connect installation. Currently, the documentation is only limited to the Azure AD Connect sync configuration.

The goal of this project is to:

  • To enable quick understanding of the synchronization configuration and "how it happens"!
  • To build confidence in getting things right when making changes to the default configuration!!
  • To know what was changed when you applied a new build of Azure AD Connect!!!

Prerequisites:

  1. .NET Framework 4.5 to be able to run the tool
  2. A fair understanding of MIIS 2003 / ILM 2007 / FIM 2010 / MIM 2016 sync engine technical concepts to be able to understand the report.

How to use the tool:

  • Download the latest release from the releases tab under the Code tab tab and extract the zip file to an empty local folder on a machine which has .NET Framework 4.5 installed.
    • This will extract the Documenter application binaries along with the sample data files for "Contoso".
    • Make sure that the tool runs by double-clicking on the cmd file AzureADConnectSyncDocumenter.cmd.
  • Export the Server Configuration of your pilot / test Azure AD Connect sync server by running Get-ADSyncServerConfiguration cmdlet defined in ADSync module shipped with Azure AD Connect.
    Import-Module ADSync 
    Get-ADSyncServerConfiguration -Path "<CompletePathToOutputFolder>"
  • Copy the configuration export files produced in the previous step to a folder under the "Data" directory of the Documenter tool.
    • e.g. the "Pilot" configuration files for the customer "Contoso" are provided as a sample under the "Data\Contoso\Pilot" folder.
  • If you want to document the changes from a specific baseline, export the server configuration of your baseline / production Azure AD Connect server and copy the output to a folder under the Documenter "Data" directory.
    • e.g. the "Production" configuration files for the customer "Contoso" are provided as a sample under the "Data\Contoso\Production" folder.
  • Edit AzureADConnectSyncDocumenter.cmd for the values of "Pilot" and "Production" directories.
    • If you don't have a baseline / production config, specify the same path as the "Pilot" config.
  • Run the updated batch file. Upon successful execution, the generated report will be found in the Documenter "Report" folder.

https://aka.ms/aadConnectConfigDocumenter

Read more at source - https://github.com/Microsoft/AADConnectConfigDocumenter

Tuesday, March 8, 2016

Microsoft Azure Datacenter IP Ranges

Source - https://www.microsoft.com/en-us/download/details.aspx?id=41653

This file contains the Compute IP address ranges (including SQL ranges) used by the Microsoft Azure Datacenters. A new xml file will be uploaded every Wednesday (Pacific Time) with the new planned IP address ranges. New IP address ranges will be effective on the following Monday (Pacific Time). Please download the new xml file and perform the necessary changes on your site before Monday.

Download the XML file from https://www.microsoft.com/en-us/download/details.aspx?id=41653

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More