An additional security intelligence layer can spot malware being uploaded to cloud storage accounts.
Microsoft has extended Advanced Threat Protection for Azure Storage to cover documents held in Azure Files and Azure Data Lake Storage Gen 2.
Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics.
If the tools identifies malicious activity, it will send an email to the database’s administrators, as well as a notification to the Azure Security Center. It will also suggest different methods of remedying the problem.
Among the different malicious activities the tool is capable of tracking are possible attempts of data exfiltration, persistence gain, data gathering, probing or lateral movement across the Azure cloud.
All storage accounts with file shares and blob containers need to have the feature toggled on in advance, the company confirmed.
“With Azure Files, organisations get the added benefit of a secure storage infrastructure that is massively scalable, and globally available. Even with all these capabilities, it’s still essential to bolster cybersecurity, especially with the growing complexity and sophistication of cyberattacks,”.
There’s no denying the convenience of USB media. From hard drives and flash drives to a wide range of other devices, they offer a fast, simple way to transport, share and store data. However, from a business security perspective, their highly accessible and portable nature makes them a complete nightmare, with data leakage, theft, and loss all common occurrences.
Widespread remote working appears to have compounded these issues. According to new research, there’s been a 123% increase in the volume of data downloaded to USB media by employees since the onset of COVID-19, suggesting many have used such devices to take large volumes of data home with them. As a result, there’s hundreds of terabytes of potentially sensitive, unencrypted corporate data floating around at any given time, greatly increasing the risk of serious data loss.
Fortunately, effective implementation of USB control and encryption can significantly minimize that risk.
What is USB control and encryption?
USB control and encryption refers to the set of techniques and practices used to secure the access of devices to USB ports. Such techniques and practices form a key part of endpoint security and help protect both computer systems and sensitive data assets from loss, as well as security threats (e.g., malware) that can be deployed via physical plug-in USB devices.
There are numerous ways that USB control and encryption can be implemented. The most authoritarian approach is to block the use of USB devices altogether, either by physically covering endpoint USB ports or by disabling USB adapters throughout the operating system. While this is certainly effective, for the vast majority of businesses it simply isn’t a workable approach given the huge number of peripheral devices that rely on USB ports to function, such as keyboards, chargers, printers and so on.
Instead, a more practical approach is to combine less draconian physical measures with the use of encryption that protects sensitive data itself, meaning even if a flash drive containing such data is lost or stolen, its contents remain safe. The easiest (and usually most expensive) way to do this is by purchasing devices that already have robust encryption algorithms built into them.
A cheaper alternative is to implement and enforce specific IT policies governing the use of USB devices. This could either be one that only permits employees to use certain “authenticated” USB devices – whose file systems have been manually encrypted – or stipulating that individual files must be encrypted before they can be transferred to a USB storage device.
Greater control means better security The default USB port controls offered as part of most operating systems tend to be quite limited in terms of functionality. Security teams can choose to leave them completely open, designate them as read-only, or fully disable them.
With the help of USB control applications, admins can use this information to limit or block certain types of USB devices on specific endpoint ports. A good example would be permitting the use of USB-connected mice via the port, but banning storage devices, such as USB sticks, that pose a much greater threat to security.
Some control applications go further still, allowing security teams to put rules in place that govern USB ports down to an individual level. This includes specifying exactly what kinds of files can be copied or transferred via a particular USB port or stipulating that a particular port can only be used by devices from a pre-approved whitelist (based on their serial number). Such controls can be extremely effective at preventing unauthorized data egress, as well as malicious actions like trying to upload malware via an unauthorized USB stick.
A centrally controlled solution saves significant logistical headaches It’s worth noting that a normal business network can contain hundreds, or even thousands of endpoints, each with one or more USB ports. As such, control and encryption solutions that can be managed centrally, rather than on an individual basis, are significantly easier to implement and manage. This is particularly true at this current point in time, where remote working protocols make it almost impossible to effectively manage devices any other way.
While portable USB drives and devices are seen as a quick, convenient way to transport or store data by employees, they often present a major headache for security professionals.
Fortunately, implementing USB control and encryption solutions can greatly improve the tools at a security team’s disposal to deal with such challenges and ensure both the network and sensitive company data remains protected at all times.
