Even if software security isn’t your full-time job, people are going to expect you, as a developer, to know what is going on. The good news is there are amazing security innovations happening right now, like using machine learning to analyze security threats with Azure Sentinel and Semmle’s semantic understanding engine to defend against cybersecurity vulnerabilities in open source code on GitHub. But we will touch more on this later!
At a more basic level, when you use Microsoft Azure or Office 365, you have the ability to add automated defenses against common threats like Denial of Service (DDoS) attacks and investigate suspicious activity in your enterprise infrastructure. These defenses include:
If you need a refresher on what DDoS attacks are, Anupam Vij and Scott Hanselman created a great video explaining why it is critical for every business running in Azure to use these services to enhance their security profile.
When we look to the future of code and app security, we all hope for even greater automation beyond what these tools and services provide today. This is where machine learning comes in. Azure Sentinel is an AI-based solution that connects to your resources and intelligently looks for new threats and suspicious activity. It uses data connectors to integrate with Azure AD, Azure Security Center, Azure Advanced Threat Protection, and Microsoft Cloud App Security. If you happen to have resources on AWS, you can even use Azure Sentinel to analyze your AWS CloudTrail data. Impressed?
Another jaw-dropping use of machine learning is happening with GitHub’s acquisition of Semmle, which has a semantic-understanding engine for open source code. If you work in GitHub, you may occasionally have qualms about finding the perfect code to solve your problem but being uncertain of its provenance. Semmle provides a declarative query language to search for insecure code patterns. More ambitiously, Semmle is cataloging open source queries for common vulnerabilities, which can then be run against any open source code you are consuming in your own code base. This is the first step in making all the open source code on GitHub fully reliable, removing a major barrier that has been hampering the spread of open source software. It has the potential to change the future of the open source movement.
If you would like to learn more about these security topics, Microsoft Learn has several courses available to help you become an expert on software and cloud security:
Learn how to secure resources using policy, role-based access control and other Azure services. |
|
Learn how to work with subscriptions, users, and groups by configuring Microsoft Azure Active Directory for workloads. |
|
Learn how to configure security policies and manage security alerts with the tools and services in Azure. |
|
Learn how to secure your Azure apps and associated data with encryption, certificates, and policy. |
|
Learn how to configure, protect, and isolate your networks in Azure. |
|
Learn how to protect and harden your virtual machines in Azure. |
In addition to all of these great resources, the RSA Conference will be held in San Francisco from February 24-28, giving you an opportunity for an up to date, deep dive into the world of software security!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.