'Project VAST' Joins Microsoft's Security Arsenal

Microsoft this week took the wraps off "Project VAST," a tool designed to surface security problems visually.

Project VAST (or "Visual Auditing Security Tool") combines Microsoft's Azure Log Analytics with its Power BI data visualization service. However, it has its own user interface that aims to provide organizations with an "interactive data visualization" of security events so they don't have to spend time sifting through log events,

Jon Shectman, a Microsoft Premier field engineer specializing in security issues, described Project VAST in a post on Wednesday. Shectman created Project VAST with fellow security Premier Field Engineer Brian Delaney. The announcement is the first post in a planned series. There's limited information available about Project VAST right now, but a Channel 9 "Taste of Premier about VAST" video will get posted "in the next two weeks," Shectman promised.

The Project VAST tool will be capable of integrating with data from the Microsoft Advanced Threat Analytics service, which acts as a forensic tool for investigating security breaches in organizations. It would seem that Project VAST is yet another security information and event management (SIEM) kind of solution that blends together various Microsoft tooling. However, Shectman described Project VAST as also being able to coexist with non-Microsoft SIEM products. In the future, Project VAST could get integrated with these SIEM products, he suggested.

Project VAST captures domain controller event log data and uses the Microsoft Monitoring Agent to put the data into Azure Log Analytics. The data are further sorted using the Kusto query language before surfacing in visual form via Power BI.

There's not much information out there about the Kusto query language. It apparently is used in Azure App Insights by Microsoft's Visual Studio team but was brought over for use in Azure Log Analytics, too, according to a description by SquaredUp, a software company that builds data visualization products for IT operations.

The user interface of Project VAST shows areas of security interest in the form of tabs. Shectman described the tabs as surfacing "actionable KPI-based metrics" that can be used to assess an organization's security effectiveness and take action.

"You might think of each tab, therefore, as representing a step on your organization’s ongoing security journey: User and Computer Hygiene, LAPS Deployment and Auditing, Insecure LDAP, Deprecated Protocols, Account Theft and Misuse, Privileged Group Hygiene, Authentication Posture, and more," said Shectman regarding the types of tabs shown in the Project VAST interface.

The requirements to use Project VAST aren't clear from the announcement, but it can be used by "organizations of many different sizes," according to Shectman. Microsoft is offering "a limited number of demo slots" to test it, which are available by contacting the Technical Account Manager used by an organization.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Streamlining Office 365 App Activations

    The Office 365 app installation experience should get a little easier for end users starting as early as next month.

  • Microsoft Invests $1 Billion in Next-Level AI Research

    Research outfit OpenAI and Microsoft have inked a $1 billion deal around artificial general intelligence (AGI), considered the holy grail of AI research.

  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • 2019 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss this year.