Azure Security Center- Your Security Is Our Pride (Part 1)


To read part 2 please click here

Cyber Kill Chain

A Kill chain can be described as the structure of an attack against an objective in a particular series of steps that describes the progression of the cyberattack from reconnaissance to data exfiltration.

By understanding the intention and process of the cyberattack one can easily identify, investigate and subdue the threats. Azure security center alerts will help you to easily achieve your goals without breaking any sweat.

Protection against threats

Azure center’s threat protection can help you to detect and prevent all kinds of threats whether it is at the Infrastructure as a Service (IaaS) layer, which are non-Azure servers, or at the Platforms as a Service (PaaS) layer in Azure. Whatever or wherever the threats may be, Azure security center alerts will never cease in its extraordinary ways of detecting and subduing the threats.

The security center’s supported kill chain intents are based on MITRE ATT&CKTM framework and its threat protection includes fusion kill-chain analysis, which can easily correlate alerts in your environment based on cyber kill chain analysis. To easily understand how Azure security center works you should firstly understand the nature of a cyberattack, how it starts, what kind of impact it can have on your resources, etc. So, to help you understand it, the typical steps that trace the stages of a cyberattack are illustrated below:

Reconnaissance

This is the observation stage where the attackers assess your network and services to identify possible easy targets and techniques to gain entry

Intrusion

At this stage attackers will use the knowledge gained in the reconnaissance phase to get access to a part of your network which often involves exploring a flaw or a security hole.

Exploitation

This phase involves exploiting the vulnerabilities and inserting malicious code onto the system to get more access

Privilege Escalation

Usually attackers always try to gain administrative access to compromised systems so they can get easy access to more critical data and move into other connected systems.

Lateral Movement

This the act of moving laterally to the connected servers and gain greater access to any potential data.

Obfuscation / Anti-forensics

To successfully pull-off a cyberattack, the attackers are always required to cover-up their entry. Hence, to prevent detection by any security team, they will often compromise data and clear audit logs.

Denial of Service

This stage includes disruption of normal access to users and systems to keep the attack from being monitored, tracked, or blocked for as long as possible.

All the cyberattack related stages illustrated above are associated with the different types of attacks or threats that targets various subsystems.

Azure Security Center

Azure Security Center or ASC is a unified infrastructure security management system that strengthens the security posture of your data centers, and provide advanced threat protection across your hybrid workloads in the cloud (whether they are in Azure) or not as well as on premises.

For keeping your resources safe, a joint effort between your cloud provider, Azure, and you (the customer) is necessarily required. There is more customer responsibility as you move to IaaS (infrastructure as a Service) than there is on PaaS (Platform as a Service), and SaaS (Software as a Service), you have to make sure that your workloads are absolutely secure as you move to cloud or to IaaS or PaaS at the same time. Azure Security Center offers you enough tools to secure your network and services while making sure that you are on the top of your security posture.

There are about three most urgent security challenges currently addressed by Azure Security Center:

  • Rapidly changing workloads- It can be considered both as the strength and challenge of the cloud because on one hand it empowers the end users to do more while on the other hand it will make you wonder about how to make sure that the ever-changing services which people always use and create are up to your security standards and follow all the best practices for security or not.
  • Increasingly sophisticated attacks- The ever-increasing sophisticated attacks are always a matter of concern wherever you run your workloads and if you don’t follow the best security practices, you’ll always be vulnerable on your internet facing public cloud workloads.
  • Security skills are in short supply- The number of administrators with necessary background to ensure the protection of your resources is very much less than the number of security alerts and alerting systems available. The ever-changing world of security makes it next to impossible to stay in place while staying updated with the latest attacks (which is a constant challenge) at the same time.
To help you to protect your resources against these challenges, Security Center offers you with the tools to:

  • Strengthen security posture- Security Center can conveniently assess your environment and allow you to understand the status of your resources, whether they are secure or not.
  • Protect against threats- Security Center can assess your workloads and raise threat prevention recommendations and alerts whenever or wherever required.
  • Get secure faster- Because Security Center is natively integrated to cloud, everything is done at cloud speed here, which makes the deployment of security center easy while providing you with auto-provisioning and protection with Azure services.
Architecture

All the PaaS services in Azure including Service Fabric, SQL databases, and storage accounts are automatically protected and monitored by Security Center without any deployment initiation because Security Center is natively a part of Azure, plus it can even protect non-Azure servers and virtual machines (by auto-provisioning them in Security Center) in the cloud or on premises, for both Windows and Linux servers, by installing the Log Analytics agent on them.

The events collected from the agents and also from Azure are combined in the security analytics engine to provide you readymade recommendations that you should follow while regularly investigating all the security alerts as soon as possible to make sure that the malicious attacks aren’t taking place on your workloads and they are secure.

Whenever you enable the Security Center, the built-in security policy of the Security Center is reflected in Azure Policy under Security Center Category, that is automatically assigned to all Security Center registered subscriptions whether it is free or standard tier containing only Audit Policies.

Security Center makes mitigating your security alerts much easier, by adding a Secure Score that are now associated with each recommendation you receive making it very crucial in prioritizing your security work to maintain your overall security posture.

Azure Security Center recommendations

The most important part of Azure Center’s values are embedded in its recommendations. All the recommendations are tailored according to the particular security concern detected on your workloads with the specific instructions to get rid of them, which must be followed as it is. Here, the Security Center does all the job of an admin and you just need to follow the instructions making it way much easier to pursue impeccable security threat detection and investigation than it seems.

These recommendations helps to reduce attack surface across each of your resources while assessing them differently with its own standards.

Scan container images in Azure Container Registry for vulnerabilities

The image scanning is done by analyzing the packages or other dependencies defined in the container image file and then checking for any known vulnerabilities in the same. Whenever you introduce any new container images to Azure Container Registry the scan is automatically triggered and found vulnerability as Security Center recommendations will surface along with the instructions to fix them up conveniently.

     Licensing

·              Security Center’s free pricing tier is enabled on all your current Azure subscriptions once you visit          Azure Security Center dashboard in the azure portal for the first time or if enabled programmatically      then via API.

·            Standard pricing tier should be upgraded to take the advantage of the advanced security management     and threat detection capabilities. It can be tried for free for 30 days.

   Hence, Azure Security Center offers you the one stop solution of all your cyber security problems           that too in the most convenient way possible.


To read part 2 please click here

Comments

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

Work with String Data Using KQL Statements

Threat Hunting in Microsoft Sentinel (part 1)