Getting started with Azure Sentinel (part 1 of 4)

 



To read part 2, please click here
To read part 3, please click here
To read part 4, please click here




Current Cloud Security Landscape

Every security architecture requires a thorough understanding of the IT environment it will protect and you should know all the security solutions that will be deployed to protect a particular IT environment. The major components of a modern IT environment are as follows:
  1. Identity for authentication and authorization of access to systems.
  2. Networks to gain access to internal resources and the internet.
  3. Storage and compute in the data center for internal applications and sensitive information.
  4. End user devices and the applications they use to interact with data.
  5. You can also include Industrial Control Systems (IOC) and the IoT for some environments. 

The threats and vulnerabilities of all these components must be studied thoroughly before any further use. 

Cloud security reference framework

The components of cloud security reference framework is given below which can help you in mapping and discovery of the security solutions:
  • Security Operations Center- It can offer following technologies as well as procedures at high level: log management and Security Incident and Event Monitoring (SIEM), Security Orchestration and Automated Response (SOAR) along with the vulnerability management, threat intelligence, incident response as well as intrusion prevention or detection.

  • Productivity Services- It includes currently in use solution daily by an end user to secure the business productivity services like email protections, SharePoint Online, OneDrive for Business, Box, Dropbox, Google Apps, Salesforce and many more.

  • Identity & Access Management- If an attacker gain access to your environment, they will first of all go for weak or vulnerable accounts while using them to exploit the system. Hence, an identity is usually first step to your IT environments by a successful phishing attack. 

  • Client Endpoint Management- It offers protection for a wide range of endpoints from desktops and laptops to mobile devices as well as kiosk systems with the help of some specialized solutions like Endpoint Detection and Response (EDR), Mobile Device Management (MDM), and Mobile Application Management (MAM) from advanced and persistent threats against the operating systems and applications. It cal also provide secure printing, managing peripherals, and any devices that an end user generally interacts during work.

  • Cloud Access Security Broker- CASB is an old component and runs as a cloud solution that can ingest log data from SaaS applications as well as firewalls while applying its own threat detection and prevention solutions. SIEM solution takes the information from CASB to know the situation of your diverse IT environment.

  • Perimeter Network- It is one of the most advanced cyber security and known as a frontline defense or only line of defense. But, nowadays it includes multiple options from external facing advanced firewalls, web proxy servers, and application gateways to virtual private networking solutions and secure DNS along with the protection services like DDoS, Web Application Firewall, and Intrusion Protection/Detection services.

  • IoT & Industrial Control Systems- The ICS is generally operated and maintained in isolation from the corporate environment called the Information Technology/Operational Technology divide (IT/OT divide). It runs systems existing from decades and cannot be easily updated or replaced. Whereas IoT is similar as well as different as there are many small headless devices that collect data and control critical business functions without working on same network.

  • Private Cloud Infrastructure- The technologies in this component are stoarge, newtorks, internal firewalls, physical and virtual servers while determining the extent of log data collection as well as transfer to the cloud for Azure Monitor ingestion.

  • Public Cloud Infrastructure- Nowadays these are mainstay in modern IT environments and ideally have many governance as well as security layers embedded into the full life cycle of creation and operations including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS) services. 

  • Privileged Access Management- It makes sure the high governance of all the system-level access, while removing unwanted permissions and recording every request for elevated access. The advanced solutions allows rotation of passwords for service accounts, management of shared system accounts, local administrator accounts on all computers and servers. Password vaults and session recordings can also be implemented for evidence gathering.

  • Cloud Workload Protection Platform- It is also known as Cloud Security Posture Management (CSPM) according to the developed solution's view. It may include any DevOps tools for deployment and configuration management solutions of private as well as public platforms along with a potentially enforced configuration compliance with multiple regulatory and industry standard frameworks.

  • Information Security- It can easily protect the data at rest as well as in transition regardless of the storage whether it is endpoint, portable or cloud storage. It includes secure collaboration, digital rights management, securing email, scanning for regulated data and other sensitive information.   

The cloud Security Reference Framework can easily guide about the required services to protect your cloud implementation.




To read part 2, please click here
To read part 3, please click here
To read part 4, please click here





Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)