News

'Project VAST' Joins Microsoft's Security Arsenal

• By Kurt Mackie
• March 30, 2018

Microsoft this week took the wraps off "Project VAST," a tool designed to surface security problems visually.

Project VAST (or "Visual Auditing Security Tool") combines Microsoft's Azure Log Analytics with its Power BI data visualization service. However, it has its own user interface that aims to provide organizations with an "interactive data visualization" of security events so they don't have to spend time sifting through log events,

Jon Shectman, a Microsoft Premier field engineer specializing in security issues, described Project VAST in a post on Wednesday. Shectman created Project VAST with fellow security Premier Field Engineer Brian Delaney. The announcement is the first post in a planned series. There's limited information available about Project VAST right now, but a Channel 9 "Taste of Premier about VAST" video will get posted "in the next two weeks," Shectman promised.

The Project VAST tool will be capable of integrating with data from the Microsoft Advanced Threat Analytics service, which acts as a forensic tool for investigating security breaches in organizations. It would seem that Project VAST is yet another security information and event management (SIEM) kind of solution that blends together various Microsoft tooling. However, Shectman described Project VAST as also being able to coexist with non-Microsoft SIEM products. In the future, Project VAST could get integrated with these SIEM products, he suggested.

Project VAST captures domain controller event log data and uses the Microsoft Monitoring Agent to put the data into Azure Log Analytics. The data are further sorted using the Kusto query language before surfacing in visual form via Power BI.

There's not much information out there about the Kusto query language. It apparently is used in Azure App Insights by Microsoft's Visual Studio team but was brought over for use in Azure Log Analytics, too, according to a description by SquaredUp, a software company that builds data visualization products for IT operations.

The user interface of Project VAST shows areas of security interest in the form of tabs. Shectman described the tabs as surfacing "actionable KPI-based metrics" that can be used to assess an organization's security effectiveness and take action.

"You might think of each tab, therefore, as representing a step on your organization’s ongoing security journey: User and Computer Hygiene, LAPS Deployment and Auditing, Insecure LDAP, Deprecated Protocols, Account Theft and Misuse, Privileged Group Hygiene, Authentication Posture, and more," said Shectman regarding the types of tabs shown in the Project VAST interface.

The requirements to use Project VAST aren't clear from the announcement, but it can be used by "organizations of many different sizes," according to Shectman. Microsoft is offering "a limited number of demo slots" to test it, which are available by contacting the Technical Account Manager used by an organization.