Mitigate Threats Using Azure Defender (part 2)

By Ashwin Venugopal -

 


To read part 1 please click here


Azure Security Center

Azure Security Center is a unified infrastructure security management system that is capable of strengthening the security posture of your data centers while providing advanced threat protection across your hybrid workloads in the cloud- whether they are in Azure or not- and on-premises. It offers you all the tools needed to harden your network, secure your services, as well as make sure you're on top of your security posture and addresses the three most urgent security challenges:
  • Rapidly changing workloads- It's both the strength and challenge of the cloud. On the one hand, end users are empowered to do more, while on the other, how do you make sure that ever-changing services people are using and creating are up to your security standards as well as follow the best security practices?

  • Increasingly sophisticated attacks- Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow the best security practices.

  • Security skills are in short supply- The number of the security alerts and alerting systems far outnumbers the number of the administrators with the necessary background as well as experience to make sure your environments are protected. Staying up to date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front. 

To help you protect yourself from these challenges, the Security Center provides you with the tools to:
  • Strengthen security posture- Security Center assesses your environment as well as enables you to understand the status of your resources and whether they are secure.
  • Protect against threat- Security Center assesses your workloads and raises threat prevention recommendations as well as security alerts.
  • Get secure faster- In the Security Center, everything is done in cloud speed. Because it is natively integrated, deployment of the Security Center is easy, providing you with the autoprovisioning and protection with the Azure Services.

Strengthen security posture

Azure security Center allows you to strengthen your security posture that is it helps you to identify and perform the hardening tasks recommended as security best practices as well as implement them across your machines, data services, and apps while also providing you the tools you need to have a bird's eye view on your workloads, with the focused visibility on your network security estate.

Manage organization security policy & compliance

In Security Center, you can easily set up your policies to run on management groups, across subscriptions, and even for a whole tenant. It helps you to identify Shadow IT subscriptions and by simply looking at the subscriptions labeled not covered in your dashboard, you can immediately know when there are newly created subscriptions and make sure they are covered by your policies as well as protected by the Azure Security Center.

Continuous assessment

Azure Security Center continuously discovers new resources being deployed across your workloads and assesses whether they are configured according to the best security practices. To help you , Security Center also groups the recommendations into the security controls and adds a secure score value to each control so that you can understand how important each recommendation is to your overall security posture which is very crucial in enabling you to prioritize your security work.

Network map

One of the most powerful tools the Security Center can provide by continuously monitoring your network's security status is the Network map that allows you to see the topology of your workloads, so that you can see if each node is properly configured. 

Optimize & improve security by configuring recommended controls

The heart of the Azure Security Center's value lies in its recommendations that are tailored to the particular security concerns found on your workloads while doing the security admin work for you by not only finding your vulnerabilities but also providing you with the specific instructions for how to get rid of them. 

These recommendations readily help you to reduce the attack surface across each of your resources that includes Azure virtual machines, non-Azure servers, and Azure PaaS services such as SQL and Storage accounts and more- where each type of resource is assessed differently and has its own standards.

Protect against threats

Security Center's threat protection enables you to detect and prevent threats at the Infrastructure as a Service (IaaS) layer, non-Azure servers, and for Platforms as a Service (PaaS) in Azure while also including the fusion kill-chain analysis, which automatically correlates alerts in your environment based on cyber kill-chain analysis, to help you better understand the full story of an attack campaign, where it started, and what kind of impact it had on your resources.

Integration with Microsoft Defender for Endpoint

Security Center includes automatic, native integration with the Microsoft Defender for Endpoint which means that without any configuration, your Windows and Linux machines are fully integrated with the Security Center's recommendations as well as assessment. 

The adaptive application controls in the Security Center enables end-to-end app approval listing across your Windows servers. You don't need to create the rules and check violations that is done automatically for you.

Protect PaaS

Security Center helps you to detect threats across the Azure PaaS services as well as those targeting the  Azure services, including the Azure App Service, Azure SQL, Azure Storage Account, and more data services. You can also take advantage of the native integration with the Microsoft Cloud App Security's User and Entity Behavioral Analytics (UEBA) to perform the anomaly detection on your Azure activity logs.

Block brute force attacks

Security Center helps you to limit exposure to the brute force attacks and by reducing the access to the virtual machine ports, using the just-in-time VM access, you can harden your network by preventing any unnecessary access. You can set secure access policies in the selected ports for only authorized users, allowed source IP address ranges or IP addresses, and for a limited amount of time. 

Protect data services

Security Center includes capabilities that helps you to perform automatic classification of your data in Azure SQL. You can also get assessments for potential vulnerabilities across Azure SQL as well as Storage services and recommendations for how to mitigate them.

Get secure faster

Native Azure integration (including Azure Policy and Azure Monitor Logs) combined with the  seamless integration with our Microsoft security solutions, such as the Microsoft Cloud App Security and Microsoft Defender for Endpoint, helps make sure your security solution is comprehensive as well as simple to onboard and roll out.

Automatically discover & onboard Azure resources with automatic provisioning

Security Center provides seamless, native integration with the Azure and Azure resources that is you can pull together a complete security story involving Azure Policy as well as built-in Security Center policies across all your Azure resources while making sure that the whole thing is automatically applied to the newly discovered resources as you create them in Azure.  



To read part 1 please click here









Comments

Post a Comment

Popular posts from this blog

Deployment (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Microsoft Monitoring Agent (MMA) MMA is used across multiple Microsoft solutions and has undergone a few name changes as its features and functionality have evolved. If it is being considered to be used, then following areas should be covered during a Microsoft Sentinel deployment project: Consider the timelines and the strategy for a migration to AMA (Azure Monitor Agent) before the MMA end-of-life.  Consider the central deployment and management methodology for MMA. Determine which endpoints are in scope for deployment as these affect the log ingestion volume significantly.  Azure Monitor Agent (AMA) Organizations with MMA as the main Microsoft Sentinel agent should start planning the migration to AMA as soon as possible to avoid a rushed migration. One of the main advantages of AMA is the ability to control the log collection policy centrally and apply different policies against different groups of computers, re
Read more

Project Resourcing (Part 2)

By Ashwin Venugopal -
Image
  To read part 1, please click  here Engineering - SIEM The SIEM engineers configures Microsoft Sentinel, including Log Analytics, Logic Apps, workbooks, and playbooks. They are also responsible for the following high-level tasks: Initial configuration of Azure tenant, including provisioning required resources, assigning access roles, and configuring workspace parameters like log retention, resource tagging, and blueprints.  Deployment and configuration of syslog/CEF log collection agents in appropriate locations to collect logs from on-premises devices. Generally, it will be joint effort of both system engineer and SIEM engineer, involving configuration and potential troubleshooting.  Working with system owners to enable log forwarding and configuring any required parsing of log data in Log Analytics.  Working with security operations to create and deploy KQL analytic rules to offer detections for SOC/Computer Security Incident Response Team (CSRIT) use. Tuning of alert rule parameter
Read more

Design Planning (Part 3)

By Ashwin Venugopal -
Image
  To read part 1, please click  here To read part 2, please click  here Complex Organizational Structures SIEM can be an expensive security control, hence, it is common multiple businesses to contribute to the overall expense. Various organizational units may require a level of access to specific dashboards or sets of data. Microsoft Sentinel offers the ability to assign table-level permissions and limit the level of access to the minimum required to perform requisite job functions.  Role-based Access Control (RBAC) Requirements Microsoft Sentinel offers an extensive list of Azure built-in roles that can be used to provide granular access according to the job requirements and permitted level of access. Some of them are various Microsoft Sentinel dedicated roles: Microsoft Sentinel Contributor- Can perform all engineering-related configuration, such as creating alert rules, configuring data connectors, and additional similar tasks.  Microsoft Sentinel Reader- Can query the log data stor
Read more