cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
fnajera
Fluorite | Level 6 fnajera
Fluorite | Level 6

SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 06-17-2024 03:57 PM (1013 views)

Hi team,

 

As you know, when SAS Viya is deployed via marketplace, two managed group nodes are created by the managed application. Obviously we don't have access to those groups. However, Azure Security is notifying about the following vulnerabilities. How can we address them? 

 

fnajera_0-1718654156377.png

 

fnajera_1-1718654194127.png

 

 

Please let me know if you need further information.

 

Thank you.

0 Likes
Reply
6 REPLIES 6
fnajera
Fluorite | Level 6 fnajera
Fluorite | Level 6

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 06-19-2024 01:16 PM (933 views)  |   In reply to fnajera
Any update about this question? We cannot go on production, because security team is concerned about these vulnerability alerts
0 Likes
Reply
Conor_H
SAS Employee Conor_H
SAS Employee

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 06-22-2024 08:35 AM (852 views)  |   In reply to fnajera

Thank you for bringing the Azure security recommendations to our attention. We are conducting a review of the recommendations to ensure that the high severity vulnerabilities are addresses first. I will provide an update when that review is complete. Note that some of the medium and low alerts may trigger additional infrastructure costs for additional Microsoft security products or services. 

0 Likes
Reply
fnajera
Fluorite | Level 6 fnajera
Fluorite | Level 6

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 06-24-2024 03:25 PM (813 views)  |   In reply to Conor_H
Thank you so much Conor, Please let me know if you need further information, and we're looking forward to know about the review.
0 Likes
Reply
fnajera
Fluorite | Level 6 fnajera
Fluorite | Level 6

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 06-24-2024 03:28 PM (810 views)  |   In reply to Conor_H
Sorry Conor, just to notify to the stakeholders, what is a likely date for having these vulnerabilities solved?
0 Likes
Reply
Conor_H
SAS Employee Conor_H
SAS Employee

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 07-17-2024 09:16 AM (619 views)  |   In reply to fnajera

We’ve reviewed the security vulnerabilities highlighted by Microsoft Defender. While we plan to address several issues, we may not resolve all, especially those involving additional Azure services that increase costs. An independent third party has verified our security and conducted a thorough vulnerabilities scan. We appreciate your understanding as we balance security with cost-effectiveness.

0 Likes
Reply
fnajera
Fluorite | Level 6 fnajera
Fluorite | Level 6

Re: SAS Viya Marketplace - Vulnerabilities treatment in Azure

Posted 07-17-2024 03:21 PM (602 views)  |   In reply to Conor_H
Thank you so much for your update Conor. Is there a list of the vulnerabilities that SAS may resolve that does not affect costs? So we can inform to the Security Team. Thanks as always.
0 Likes
Reply

SAS Innovate 2025: Save the Date

 SAS Innovate 2025 is scheduled for May 6-9 in Orlando, FL. Sign up to be first to learn about the agenda and registration!

Save the date!

Discussion stats
  • 6 replies
  • ‎06-17-2024 03:57 PM
  • 1014 views
  • 0 likes
  • 2 in conversation