News

'Project VAST' Joins Microsoft's Security Arsenal

Microsoft this week took the wraps off "Project VAST," a tool designed to surface security problems visually.

Project VAST (or "Visual Auditing Security Tool") combines Microsoft's Azure Log Analytics with its Power BI data visualization service. However, it has its own user interface that aims to provide organizations with an "interactive data visualization" of security events so they don't have to spend time sifting through log events,

Jon Shectman, a Microsoft Premier field engineer specializing in security issues, described Project VAST in a post on Wednesday. Shectman created Project VAST with fellow security Premier Field Engineer Brian Delaney. The announcement is the first post in a planned series. There's limited information available about Project VAST right now, but a Channel 9 "Taste of Premier about VAST" video will get posted "in the next two weeks," Shectman promised.

The Project VAST tool will be capable of integrating with data from the Microsoft Advanced Threat Analytics service, which acts as a forensic tool for investigating security breaches in organizations. It would seem that Project VAST is yet another security information and event management (SIEM) kind of solution that blends together various Microsoft tooling. However, Shectman described Project VAST as also being able to coexist with non-Microsoft SIEM products. In the future, Project VAST could get integrated with these SIEM products, he suggested.

Project VAST captures domain controller event log data and uses the Microsoft Monitoring Agent to put the data into Azure Log Analytics. The data are further sorted using the Kusto query language before surfacing in visual form via Power BI.

There's not much information out there about the Kusto query language. It apparently is used in Azure App Insights by Microsoft's Visual Studio team but was brought over for use in Azure Log Analytics, too, according to a description by SquaredUp, a software company that builds data visualization products for IT operations.

The user interface of Project VAST shows areas of security interest in the form of tabs. Shectman described the tabs as surfacing "actionable KPI-based metrics" that can be used to assess an organization's security effectiveness and take action.

"You might think of each tab, therefore, as representing a step on your organization’s ongoing security journey: User and Computer Hygiene, LAPS Deployment and Auditing, Insecure LDAP, Deprecated Protocols, Account Theft and Misuse, Privileged Group Hygiene, Authentication Posture, and more," said Shectman regarding the types of tabs shown in the Project VAST interface.

The requirements to use Project VAST aren't clear from the announcement, but it can be used by "organizations of many different sizes," according to Shectman. Microsoft is offering "a limited number of demo slots" to test it, which are available by contacting the Technical Account Manager used by an organization.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.