Azure Security Center- Your Security Is Our Pride (Part 1)
Cyber Kill Chain
A Kill chain can be
described as the structure of an attack against an objective in a particular
series of steps that describes the progression of the cyberattack from reconnaissance
to data exfiltration.
By understanding the
intention and process of the cyberattack one can easily identify, investigate
and subdue the threats. Azure security center alerts will help you to easily
achieve your goals without breaking any sweat.
Protection
against threats
Azure center’s threat
protection can help you to detect and prevent all kinds of threats whether it
is at the Infrastructure as a Service (IaaS) layer, which are non-Azure
servers, or at the Platforms as a Service (PaaS) layer in Azure. Whatever or
wherever the threats may be, Azure security center alerts will never cease in
its extraordinary ways of detecting and subduing the threats.
The security center’s supported kill chain intents are based on MITRE ATT&CKTM framework and its threat protection includes fusion kill-chain analysis, which can easily correlate alerts in your environment based on cyber kill chain analysis. To easily understand how Azure security center works you should firstly understand the nature of a cyberattack, how it starts, what kind of impact it can have on your resources, etc. So, to help you understand it, the typical steps that trace the stages of a cyberattack are illustrated below:
Reconnaissance
This is the observation stage where the attackers assess your network and services to identify possible easy targets and techniques to gain entry
Intrusion
At this stage attackers will use the knowledge gained in the reconnaissance phase to get access to a part of your network which often involves exploring a flaw or a security hole.
Exploitation
This phase involves exploiting the vulnerabilities and inserting malicious code onto the system to get more access
Privilege Escalation
Usually attackers always try to gain administrative access to compromised systems so they can get easy access to more critical data and move into other connected systems.
Lateral Movement
This the act of moving laterally to the connected servers and gain greater access to any potential data.
Obfuscation / Anti-forensics
To successfully pull-off a cyberattack, the attackers are always required to cover-up their entry. Hence, to prevent detection by any security team, they will often compromise data and clear audit logs.
Denial of Service
This stage includes disruption of normal access to users and systems to keep the attack from being monitored, tracked, or blocked for as long as possible.
All the cyberattack
related stages illustrated above are associated with the different types of
attacks or threats that targets various subsystems.
Azure
Security Center
Azure Security Center or
ASC is a unified infrastructure security management system that strengthens the
security posture of your data centers, and provide advanced threat protection
across your hybrid workloads in the cloud (whether they are in Azure) or not as
well as on premises.
For keeping your
resources safe, a joint effort between your cloud provider, Azure, and you (the
customer) is necessarily required. There is more customer responsibility as you
move to IaaS (infrastructure as a Service) than there is on PaaS (Platform as a
Service), and SaaS (Software as a Service), you have to make sure that your
workloads are absolutely secure as you move to cloud or to IaaS or PaaS at the
same time. Azure Security Center offers you enough tools to secure your network
and services while making sure that you are on the top of your security
posture.
There are about three most urgent security challenges currently addressed by Azure Security Center:
- Rapidly changing workloads- It can be considered both as the strength and challenge of the cloud because on one hand it empowers the end users to do more while on the other hand it will make you wonder about how to make sure that the ever-changing services which people always use and create are up to your security standards and follow all the best practices for security or not.
- Increasingly sophisticated attacks- The ever-increasing sophisticated attacks are always a matter of concern wherever you run your workloads and if you don’t follow the best security practices, you’ll always be vulnerable on your internet facing public cloud workloads.
- Security skills are in short supply- The number of administrators with necessary background to ensure the protection of your resources is very much less than the number of security alerts and alerting systems available. The ever-changing world of security makes it next to impossible to stay in place while staying updated with the latest attacks (which is a constant challenge) at the same time.
- Strengthen security posture- Security Center can conveniently assess your environment and allow you to understand the status of your resources, whether they are secure or not.
- Protect against threats- Security Center can assess your workloads and raise threat prevention recommendations and alerts whenever or wherever required.
- Get secure faster- Because Security Center is natively integrated to cloud, everything is done at cloud speed here, which makes the deployment of security center easy while providing you with auto-provisioning and protection with Azure services.
All
the PaaS services in Azure including Service Fabric, SQL databases, and storage
accounts are automatically protected and monitored by Security Center without
any deployment initiation because Security Center is natively a part of Azure,
plus it can even protect non-Azure servers and virtual machines (by
auto-provisioning them in Security Center) in the cloud or on premises, for
both Windows and Linux servers, by installing the Log Analytics agent on them.
The
events collected from the agents and also from Azure are combined in the
security analytics engine to provide you readymade recommendations that you
should follow while regularly investigating all the security alerts as soon as
possible to make sure that the malicious attacks aren’t taking place on your
workloads and they are secure.
Whenever
you enable the Security Center, the built-in security policy of the Security
Center is reflected in Azure Policy under Security Center Category, that is
automatically assigned to all Security Center registered subscriptions whether
it is free or standard tier containing only Audit Policies.
Security
Center makes mitigating your security alerts much easier, by adding a Secure
Score that are now associated with each recommendation you receive making it
very crucial in prioritizing your security work to maintain your overall
security posture.
Azure Security Center recommendations
The
most important part of Azure Center’s values are embedded in its
recommendations. All the recommendations are tailored according to the
particular security concern detected on your workloads with the specific
instructions to get rid of them, which must be followed as it is. Here, the
Security Center does all the job of an admin and you just need to follow the
instructions making it way much easier to pursue impeccable security threat
detection and investigation than it seems.
These
recommendations helps to reduce attack surface across each of your resources
while assessing them differently with its own standards.
Scan container images in Azure Container
Registry for vulnerabilities
The
image scanning is done by analyzing the packages or other dependencies defined
in the container image file and then checking for any known vulnerabilities in
the same. Whenever you introduce any new container images to Azure Container
Registry the scan is automatically triggered and found vulnerability as
Security Center recommendations will surface along with the instructions to fix
them up conveniently.
· Security Center’s free pricing tier is
enabled on all your current Azure subscriptions once you visit Azure Security
Center dashboard in the azure portal for the first time or if enabled
programmatically then via API.
· Standard pricing tier should be upgraded
to take the advantage of the advanced security management and threat detection
capabilities. It can be tried for free for 30 days.
Hence, Azure Security Center offers you the one stop solution of all your cyber security problems that too in the most convenient way possible.
To read part 2 please click here
Comments
Post a Comment