Microsoft announces hacker friendly Azure instance for security research
At BlackHat 2019 Microsoft announced the launch for the Azure Security Lab along with a range of bug bounties for Azure vulnerabilities up to $300,000.
The ASL is a separate instance of the Azure hosting platform which is available for approved security researchers to attempt to exploit vulnerabilities they discover in order to practically push the limits of what is possible during a cyberattack – and then share the results with Microsoft so the vulnerabilities can be patched.
Kymberlee Price from MSRC Community & Partner Engagement Programs said:
The isolation of the Azure Security Lab allows us to offer something new: researchers can not only research vulnerabilities in Azure, they can attempt to exploit them…. We work hard to earn your trust in the cloud, but we don’t do it alone. Partnerships are core to our security strategy, and one of our key partners is the global community of security researchers.
While Microsoft is breaking new ground by building an entire infrastructure to be used by security testers, their underlying philosophy will be recognised by all wise security managers: you will never find all your own vulnerabilities, you have to use an independent set of eyes. For most organisations this means a combination of automated vulnerability scans and human powered penetration tests which target both web applications and the network infrastructure.
Not every business can afford to build an entire separate security testing environment, but all businesses should ensure their network is secure by engaging an external penetration test at least once a year.