←back to thread

Microsoft said it lost weeks of security logs for its customers' cloud products

(techcrunch.com)
285 points alephnerd | 1 comments | 20 Oct 24 21:42 UTC | HN request time: 0s | source
Show context
neya ◴[21 Oct 24 07:28 UTC] No.41901576[source]
If you use Azure in any realistic production environments, then it's on you. Even with $100k in free credits, they couldn't convince me to use it for more than a month. It is expensive, the interface is highly user unfriendly and most important of all, their products don't at all seem reliable for production workloads because of stuff like this. Sorry Microsoft, I think you can do much better.
replies(15): >>41901755 #>>41902286 #>>41902571 #>>41902679 #>>41902715 #>>41903167 #>>41903320 #>>41903580 #>>41903869 #>>41904371 #>>41904976 #>>41905535 #>>41905826 #>>41905858 #>>41907485 #
BodyCulture ◴[21 Oct 24 08:01 UTC] No.41901755[source]
I was laughing recently when at some place they started to install MS software on all Linux machines to integrate them into Azure. At that point you should just stop and think for a while about it. Didn’t you go for Linux because you wanted to have a reliable system?
replies(1): >>41902267 #
ratg13 ◴[21 Oct 24 09:34 UTC] No.41902267[source]
The MS security software (for better or worse), is better than any open-source linux solution, and can follow attackers as they move laterally through the network, instead of linux servers being a big black hole were adversaries can do as they please.

All security software from any vendor is going to have issues, and often you just have to go with whatever the company is running for the whole environment and not compromising security because of some jokes from the 90s

replies(9): >>41902295 #>>41902467 #>>41902535 #>>41903119 #>>41903242 #>>41903448 #>>41903573 #>>41903949 #>>41911336 #
e40 ◴[21 Oct 24 12:06 UTC] No.41903242[source]
Please give us details, because this seems unbelievable.
replies(1): >>41903700 #
ratg13 ◴[21 Oct 24 13:00 UTC] No.41903700[source]
It's just basic EDR .. you have events that are flagged .. so on linux, let's say someone does something like setuid or setgid on a system file. Innocuous but potentially dangerous actions like this get flagged in the system.

These events are correlated against other actions that might have happened on the same system or other systems that the user had logged onto prior to this one.

Even if it's not the same user, the events are still correlated and alerted upon if suspicous. (both individually and holistically)

If users are using microsoft authentication for access, the accounts will be flagged and locked out, generally forcing users to fully authenticate with MFA and forcing a password change.

replies(2): >>41904008 #>>41904348 #
simonh ◴[21 Oct 24 14:09 UTC] No.41904348[source]
Microsoft isn't the only company to provide a service like this, and the others are cross platform.
replies(2): >>41904567 #>>41905104 #
gruez ◴[21 Oct 24 14:29 UTC] No.41904567[source]
Crowdstrike, for instance :^)
replies(1): >>41904950 #
BobaFloutist ◴[21 Oct 24 15:02 UTC] No.41904950[source]
Hey, an outage is better than a hack...right?
replies(1): >>41905182 #
lkjdsklf ◴[21 Oct 24 15:24 UTC] No.41905182{3}[source]
A crashed machine is a secure machine.

That’s what grampy used to say

replies(1): >>41905831 #
1. opwieurposiu ◴[21 Oct 24 16:35 UTC] No.41905831{4}[source]
If you can't boot it, they can't hack it.