Organizations can integrate their security operations into VAST. The solution combines the abilities of Power BI and Azure Log Analytics to present data visualization of security states. This makes understanding security situations easier for companies. “Visual Auditing Security Tool (VAST) is a cloud-based PowerBI dashboard solution that provides security professionals visibility about the many of the most common types of security weaknesses in an IT environment. It also provides specific, actionable KPI-based metrics to measure your organization’s effectiveness in mitigating well-established, known attack playbooks.” Project VAST uses an efficient tab system that makes searching log files and data easier. Essentially a security information and event management (SIEM) system at its core, VAST is able to help in the following situations:
Insecure LDAP [Lightweight Directory Access Protocol] (unsigned, unencrypted) calls going against the domain controllers. Quickly identify the source and destination of the traffic. Deprecated protocol and cipher usage (NTLM, wDigest, DES, RC4, SMB1, etc.) in the environment. Rich visual display represents verbose logging information. All logons and authentications going against domain controllers in the environment. At a glance, understand which accounts authenticate to which computers and whether the logons are safe or insecure. Measure compliance with security best practices to lower the risk of credential theft. Understand the use of the service accounts. Measure the deployment and effectiveness of tools like the Local Administrator Password Solution (LAPS) and audit its usage in the environment. Monitor the organization’s compliance with security best practices, such as the Microsoft Security Privilege Access (SPA) roadmap (https://aka.ms/privsec)
Availability
It seems Project VAST is exclusive to Microsoft Premier customers. This is the company’s tech support program that is sold to organizations. In its announcement, Microsoft points out VAST needs four days to set up, which also includes on-site support form a Microsoft Premier field engineer. A further one day of remote support completes the set up.