Source URL: https://techcrunch.com/2024/10/17/microsoft-said-it-lost-weeks-of-security-logs-for-its-customers-cloud-products/
Source: Hacker News
Title: Microsoft said it lost weeks of security logs for its customers’ cloud products
Feedly Summary: Comments
AI Summary and Description: Yes
Summary: Microsoft has reported a significant outage in security log data collection for its cloud products, affecting its ability to detect intrusions. A bug in the internal monitoring agents led to this outage, raising concerns about potential security vulnerabilities during the two-week period when logs were missing. This incident follows a previous controversy where Microsoft was criticized for withholding security logs from certain U.S. federal departments that could have helped identify cyber intrusions earlier.
Detailed Description: The recent incident involving Microsoft highlights critical implications for cloud security and logging mechanisms.
– **Incident Overview:**
– Microsoft notified customers that over two weeks’ worth of security logs were missing due to a bug in the internal monitoring agent, affecting log uploads between September 2 and September 19.
– The issues were confirmed not to relate to a security incident but impacted the collection of log data, essential for identifying unauthorized access and intrusions.
– **Potential Risks:**
– Missing logs impede network defenders’ abilities to track user activities, logins, and failed access attempts, potentially complicating the detection of unauthorized access and intrusions during this period.
– Affected products include Microsoft Entra, Sentinel, Defender for Cloud, and Purview, which are critical to cloud security monitoring.
– **Customer Communication and Responsibility:**
– Microsoft communicated the issues to impacted customers, but access to such notifications is likely restricted to users with tenant admin rights.
– John Sheehan, a corporate vice president at Microsoft, stated that the issue had been mitigated by rolling back a service change and that support was offered to affected clients.
– **Historical Context:**
– This outage follows a previous scrutiny of Microsoft by federal investigators regarding a lack of security logs that could have helped identify attacks more swiftly.
– Specifically, the incidents involving a China-backed group known as Storm-0558 demonstrated the dangers of inadequate logging, with access to logs leading to better detection of security breaches.
– **Implications for Security and Compliance Professionals:**
– The lack of log data demonstrates the critical need for robust logging mechanisms and transparency from cloud service providers regarding incidents affecting security monitoring.
– It highlights the importance of securing log access, ensuring that all customers have the data necessary for threat detection, and managing the potential security and compliance implications that arise from outages like this one.
This event serves as a cautionary tale about the reliance on cloud providers for security log management and the potential risks when logging systems fail.