Microsoft debuts Azure Security Lab, doubles top bug bounty to $40K

computer lock
Microsoft ups its cloud security game with Azure Security Lab. (Pixabay)

At Black Hat 2019 this morning, Microsoft doubled down on cloud security by announcing its Azure Security Lab, which is designed to let security experts test its cloud security in safe environments.

Microsoft also announced it was doubling the top bounty reward for security researchers who find bugs in Azure to $40,000, according to a blog post by Kymberlee Price, Microsoft's security community manager.

Security hacking challenges have been a vital mainstay for cybersecurity over the years, as companies invite hackers to find and disclose vulnerabilities before they are used for harm. Microsoft has issued $4.4 million in bounty rewards over the past year.

Sponsored by Ribbon

Webinar: Identity Assurance – Restoring Your Customer’s Trust in the Phone

Learn about Ribbon Call TrustTM, an identity assurance solution that encompasses STIR/SHAKEN and on a per-call, real-time basis will: determine caller intent and identify bad actors from network and call data analytics; provide multi-dimensional reputation scoring using Machine Learning algorithms; and recommend optimal call validation treatment. And will do this for both IP and TDM phone calls. With Ribbon Call Trust™ you can defeat robocalls and fraud attacks, truly restoring your customer’s trust in the phone.

The Azure Security Lab is a set of dedicated cloud hosts for security experts to make attacks against infrastructure-as-a-service scenarios. The Lab is a sandbox-like environment that allows the attacks to take place in locations that are isolated from Azure customers.

RELATED: Misconfiguration vulnerability the culprit for Capital One data loss - WSJ

In addition to the secure testing space, the lab program will also allow participating researchers to work directly with Microsoft Azure security experts. In order to take part in the Azure Security Lab, applicants need to first apply. Those with access to the Azure Security Lab may attempt the scenario-based challenges with top awards of $300,000.

Once they are accepted, security researchers can take part in quarterly campaigns for targeted scenarios with added incentives, as well as recognition and "exclusive swag," according to Price.

"We work hard to earn your trust in the cloud, but we don’t do it alone," Price said. "Partnerships are core to our security strategy, and one of our key partners is the global community of security researchers. By identifying and reporting vulnerabilities to Microsoft through coordinated vulnerability disclosure, security researchers have repeatedly demonstrated that working together helps protect customers."

Microsoft also announced on Tuesday that it had formalized its two-decade Safe Harbor commitment, which includes principles to ensure that the security researchers receive recognition for their work.

Suggested Articles

Employers used to give some workers a company phone; now they have the option to offer company internet.

CenturyLink is not a wireless company, but the company expects to be an important player in 5G and IoT.

Verizon Business’ Chief Product Officer Aamir Hussain said four categories of Verizon Business services are hot commodities during Covid.