Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products (techcrunch.com) 12
Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.
The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.
The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.
Shrug (Score:3)
You're hosted in Microsoft's cloud. You don't need logs to know you were hacked. Just assume you were hacked again and move on to the clean up and post mortem steps.
We're going to have to fix this (Score:2)
Suggestions
- Reduce attack surface area - limit cloud usage to as few cloud technologies as possible
- Weigh a balance between everything is a microservice and monolithic APIs. A point in between may be easier to manage, easier to deploy and less likely to fault/fail or be attacked
- Reduce or limit the number of libraries used in a solution to the minimum within reason
- Reduce the number of different technologies in the solution's technology stack when possible
- Get business justification why the mix of cl
Damn..... (Score:2)
Microsoft practically invented cloud redundancy. They mulefaced the thing....
And it took 3 weeks to notice... (Score:3)
I can see you have a lot of automation to help out in the boring stuff like monitoring and validating incoming data. And some very motivated employees!
Guess I should be happy they were honest about it at all, and not just hiding it until someone else notices and publicly shames them.
Re:And it took 3 weeks to notice... (Score:4, Insightful)
Been there, Done that (Score:3)
Security... (Score:4, Funny)
Microsoft taking that security through obscurity literally..
Re:Security... (Score:5, Insightful)
More like reputation through obscurity. They just had that big breach last year with some bigwigs' Outlook 365 accounts getting compromised. It wouldn't be acceptable to announce another breach this year. So instead they announce the logs went missing.
Kind of like when police bodycam footage goes missing.
"We're Trusted(TM)" (Score:2)
Not a security incident, huh? (Score:2)
The notification said that the logging outage was not caused by a security incident [...]
Without logs, how would you know for sure that it wasn't a security incident?
No Poop September (Score:2)
Microsoft tries No Poop September, only makes it half way.