Mitigate Threats Using Azure Defender (part 2)

By Ashwin Venugopal -

 


To read part 1 please click here


Azure Security Center

Azure Security Center is a unified infrastructure security management system that is capable of strengthening the security posture of your data centers while providing advanced threat protection across your hybrid workloads in the cloud- whether they are in Azure or not- and on-premises. It offers you all the tools needed to harden your network, secure your services, as well as make sure you're on top of your security posture and addresses the three most urgent security challenges:
  • Rapidly changing workloads- It's both the strength and challenge of the cloud. On the one hand, end users are empowered to do more, while on the other, how do you make sure that ever-changing services people are using and creating are up to your security standards as well as follow the best security practices?

  • Increasingly sophisticated attacks- Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow the best security practices.

  • Security skills are in short supply- The number of the security alerts and alerting systems far outnumbers the number of the administrators with the necessary background as well as experience to make sure your environments are protected. Staying up to date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front. 

To help you protect yourself from these challenges, the Security Center provides you with the tools to:
  • Strengthen security posture- Security Center assesses your environment as well as enables you to understand the status of your resources and whether they are secure.
  • Protect against threat- Security Center assesses your workloads and raises threat prevention recommendations as well as security alerts.
  • Get secure faster- In the Security Center, everything is done in cloud speed. Because it is natively integrated, deployment of the Security Center is easy, providing you with the autoprovisioning and protection with the Azure Services.

Strengthen security posture

Azure security Center allows you to strengthen your security posture that is it helps you to identify and perform the hardening tasks recommended as security best practices as well as implement them across your machines, data services, and apps while also providing you the tools you need to have a bird's eye view on your workloads, with the focused visibility on your network security estate.

Manage organization security policy & compliance

In Security Center, you can easily set up your policies to run on management groups, across subscriptions, and even for a whole tenant. It helps you to identify Shadow IT subscriptions and by simply looking at the subscriptions labeled not covered in your dashboard, you can immediately know when there are newly created subscriptions and make sure they are covered by your policies as well as protected by the Azure Security Center.

Continuous assessment

Azure Security Center continuously discovers new resources being deployed across your workloads and assesses whether they are configured according to the best security practices. To help you , Security Center also groups the recommendations into the security controls and adds a secure score value to each control so that you can understand how important each recommendation is to your overall security posture which is very crucial in enabling you to prioritize your security work.

Network map

One of the most powerful tools the Security Center can provide by continuously monitoring your network's security status is the Network map that allows you to see the topology of your workloads, so that you can see if each node is properly configured. 

Optimize & improve security by configuring recommended controls

The heart of the Azure Security Center's value lies in its recommendations that are tailored to the particular security concerns found on your workloads while doing the security admin work for you by not only finding your vulnerabilities but also providing you with the specific instructions for how to get rid of them. 

These recommendations readily help you to reduce the attack surface across each of your resources that includes Azure virtual machines, non-Azure servers, and Azure PaaS services such as SQL and Storage accounts and more- where each type of resource is assessed differently and has its own standards.

Protect against threats

Security Center's threat protection enables you to detect and prevent threats at the Infrastructure as a Service (IaaS) layer, non-Azure servers, and for Platforms as a Service (PaaS) in Azure while also including the fusion kill-chain analysis, which automatically correlates alerts in your environment based on cyber kill-chain analysis, to help you better understand the full story of an attack campaign, where it started, and what kind of impact it had on your resources.

Integration with Microsoft Defender for Endpoint

Security Center includes automatic, native integration with the Microsoft Defender for Endpoint which means that without any configuration, your Windows and Linux machines are fully integrated with the Security Center's recommendations as well as assessment. 

The adaptive application controls in the Security Center enables end-to-end app approval listing across your Windows servers. You don't need to create the rules and check violations that is done automatically for you.

Protect PaaS

Security Center helps you to detect threats across the Azure PaaS services as well as those targeting the  Azure services, including the Azure App Service, Azure SQL, Azure Storage Account, and more data services. You can also take advantage of the native integration with the Microsoft Cloud App Security's User and Entity Behavioral Analytics (UEBA) to perform the anomaly detection on your Azure activity logs.

Block brute force attacks

Security Center helps you to limit exposure to the brute force attacks and by reducing the access to the virtual machine ports, using the just-in-time VM access, you can harden your network by preventing any unnecessary access. You can set secure access policies in the selected ports for only authorized users, allowed source IP address ranges or IP addresses, and for a limited amount of time. 

Protect data services

Security Center includes capabilities that helps you to perform automatic classification of your data in Azure SQL. You can also get assessments for potential vulnerabilities across Azure SQL as well as Storage services and recommendations for how to mitigate them.

Get secure faster

Native Azure integration (including Azure Policy and Azure Monitor Logs) combined with the  seamless integration with our Microsoft security solutions, such as the Microsoft Cloud App Security and Microsoft Defender for Endpoint, helps make sure your security solution is comprehensive as well as simple to onboard and roll out.

Automatically discover & onboard Azure resources with automatic provisioning

Security Center provides seamless, native integration with the Azure and Azure resources that is you can pull together a complete security story involving Azure Policy as well as built-in Security Center policies across all your Azure resources while making sure that the whole thing is automatically applied to the newly discovered resources as you create them in Azure.  



To read part 1 please click here









Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more