News

Microsoft Takes Wraps Off 'Project VAST' for Security

• By Kurt Mackie
• 04/04/2018

Microsoft recently unveiled the newest addition to its security arsenal: Project VAST, a tool designed to surface security problems visually.

Project VAST combines Microsoft's Azure Log Analytics tool with its Power BI data visualization tool, but it has its own user interface. Its name stands for "Visual Auditing Security Tool."

The idea behind the Project VAST interface is to provide IT pros with an "interactive data visualization" of security events so they won't have to spend time sifting through log events to get the data, according to a post last week by Jon Shectman, a Microsoft Premier field engineer specialized on security issues.

Shectman created Project VAST with fellow security Premier Field Engineer Brian Delaney. The announcement is the first post in a planned series. There's limited information available about Project VAST right now, but a Channel 9 "Taste of Premier about VAST" video will get posted "in the next two weeks," Shectman promised.

The Project VAST tool will be capable of integrating with data from the Microsoft Advanced Threat Analytics service, which acts as a forensic tool for investigating security breaches in organizations. It would seem that Project VAST is yet another security information and event management (SIEM) kind of solution that blends together various Microsoft tooling. However, Shectman described Project VAST as also being able to coexist with non-Microsoft SIEM products. In the future, Project VAST could get integrated with these SIEM products, he suggested.

Project VAST captures domain controller event log data and uses the Microsoft Monitoring Agent to put the data into Azure Log Analytics. The data are further sorted using the Kusto query language before surfacing in visual form via Power BI.

There's not much information out there about the Kusto query language. It apparently is used in Azure App Insights by Microsoft's Visual Studio team but was brought over for use in Azure Log Analytics, too, according to a description by SquaredUp, a software company that builds data visualization products for IT operations.

The user interface of Project VAST shows areas of security interest in the form of tabs. Shectman described the tabs as surfacing "actionable KPI-based metrics" that can be used to assess an organization's security effectiveness and take action.

"You might think of each tab, therefore, as representing a step on your organization’s ongoing security journey: User and Computer Hygiene, LAPS Deployment and Auditing, Insecure LDAP, Deprecated Protocols, Account Theft and Misuse, Privileged Group Hygiene, Authentication Posture, and more," said Shectman regarding the types of tabs shown in the Project VAST interface.

The requirements to use Project VAST aren't clear from the announcement, but it can be used by "organizations of many different sizes," according to Shectman. Microsoft is offering "a limited number of demo slots" to test it, which are available by contacting the Technical Account Manager used by an organization.