SlideShare ist ein Scribd-Unternehmen logo

Azure Security Center Overview

Als PPTX, PDF herunterladen
Udaiappa Ramachandran
Udaiappa Ramachandran

Azure Security Center provides security posture management and threat protection for your hybrid cloud workloads. Cloud Security Posture Management includes Policies, initiatives, recommendations, secure scores, and security controls. Cloud Workload Protection protects threats against servers, cloud-native workloads, databases, and storage security alerts and incidents.

Technologie
1 von 18
Azure Security Center Udaiappa Ramachandran ( Udai ) https://udai.io
About me • Udaiappa Ramachandran ( Udai ) • CTO-Akumina, Inc. • Cloud Expert • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • https://udai.io
Agenda • Introduction • Azure Security Center • Azure Defender • Secure Score • Security Policies • Regulatory Compliance • Security Alerts • Cloud Connectors • Resource Graph • DEMO…DEMO…DEMO… • References
Security/Data Breaches • Adobe • Adult Friend Finder • Ashley Madison • AWS S3 Bucket • Canva • Code Spaces (source code hosting) • Dubsmash • eBay • Equifax • Facebook • Heartland Payment Systems • LinkedIn • Marriott International • My Fitness Pal • MySpace • NetEase • Podesta/Hillary Emails • Sina Weibo • Target • Yahoo • Zynga
Challenges • Threats increasing in volume and sophistication • Attacker business models evolve to maximize attacker return on investment (ROI) • Attack automation and evasion techniques evolving along multiple dimensions • Can’t Stop All Attacks • Must balance investments across prevention, detection, and response • Prevention investments must be focused on real world attacks • Integration is required, but complex and costly • Threat Detection requires context from a diverse signal sources and high volumes of data • Efficient operations requires integration of tools and technology like machine learning • Requires Blend of Human Expertise and Technology • Need human expertise, adaptability, and creativity to combat human threat actors • Difficult to hire people deep expertise, growing skillset takes a long time
Why use Security Center? • Centralized policy management – Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads. • Continuous security assessment – Monitor the security posture of machines, networks, storage and data services, and applications to discover potential security issues. • Actionable recommendations – Remediate security vulnerabilities before they can be exploited by attackers with prioritized and actionable security recommendations. • Prioritized alerts and incidents - Focus on the most critical threats first with prioritized security alerts and incidents. • Advanced cloud defenses – Reduce threats with just in time access to management ports and adaptive application controls running on your VMs. • Integrated security solutions - Collect, search, and analyze security data from a variety of sources, including connected partner solutions.
Azure Security Center (ASC) • Cloud Security Posture Management • Policies, initiatives and recommendations • Secure Score and security controls • Cloud Workload Protection • Protect threats against Servers, Cloud native workloads, databases and storage • Security alerts and incidents
Security HYGIENE • Software • Code • Third party • Compute & Apps • Network • Data & Storage • Identity
Security Score • Measurement of an organization’s security posture, higher the number lower the risk • Score may fluctuate if no governance on new resource provisioning
Security Policy • Security Policy is the driver for Security Score • Built in set of policies(security controls) automatically assigned on your subscription • The resources are assessed continuously • Each policy is in audit mode and checks for misconfigurations • Customize or Disable policies not relevant to organization
Microsoft Defender (XDR) • M365 Defender • Identities • Endpoints • Apps • E-mail • Cloud Apps • Docs • Azure Defender • SQL • Virtual Machines • Containers • Network • IoT • PaaS Applications (Azure App Services)
Regulatory Compliances • ISO 27001 • PCI DSS 3.2.1 • SOC TSP • NIST SP 800-53 • NIST SP 800 171 • SWIFT CSP CSCF v2020 • UKO and UK NHS • Canada Federal PBMM • HIPAA HITRUST • Azure CIS 1.3.0 • CMMC Level 3 • New Zealand ISM Restricted
Remediation • Manual – Follow the remediation steps • ARM Template • PowerShell • Workflow Automation
Security Alerts • Security alerts • Custom alerts • Thread intelligence • Detected threat types • Threat origin • Threat intelligence map
Continuous Export • Export Types • Security Recommendations • Secure Score • Security alerts • Regulatory compliance • Export frequency • Streaming updates • Snapshots • Export Target • Event Hub • Log Analytics
Cloud Connectors • AWS - Security Hub • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard- aws?WT.mc_id=Portal-Microsoft_Azure_Security • GCP - GCP Security Commands • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp
Azure Resource Graph(ARG) - Query • Query ASC Data • Export to CSV • Create Azure Workbook • ARG API
References • http://docs.microsoft.com/en-us/azure/security-center • https://www.youtube.com/playlist?list=PL3ZTgFEc7LysTt_FBVZ1Bw8CyyyPraHGr • https://docs.microsoft.com/en-us/security/cybersecurity-reference- architecture/mcra • https://docs.microsoft.com/en-us/learn/browse • https://azure.microsoft.com/en-us/pricing/details/azure-defender/ • https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop • Git Resources • https://github.com/Azure/Azure-Security-Center • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ASCRecommendationsAzureResource • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ResourceExemption

Empfohlen

Integrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSIntegrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Amazon Web Services
 
Azure governance
Azure governanceAzure governance
Azure governanceUdaiappa Ramachandran
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr serviceUdaiappa Ramachandran
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 

Empfohlen

Integrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSIntegrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Amazon Web Services
 
Azure governance
Azure governanceAzure governance
Azure governanceUdaiappa Ramachandran
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Azure signalr service
Azure signalr serviceAzure signalr service
Azure signalr serviceUdaiappa Ramachandran
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
AWS Security
AWS Security AWS Security
AWS Security Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
AWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAmazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
K8s monitoring with prometheus
K8s monitoring with prometheusK8s monitoring with prometheus
K8s monitoring with prometheusKasun Rajapakse
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
 
AWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAmazon Web Services
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security Amazon Web Services
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
K8s monitoring with prometheus
K8s monitoring with prometheusK8s monitoring with prometheus
K8s monitoring with prometheusKasun Rajapakse
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 

Was ist angesagt? (20)

AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
AWS Security
AWS Security AWS Security
AWS Security
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
 
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
 
AWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - Keynote
 
F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
K8s monitoring with prometheus
K8s monitoring with prometheusK8s monitoring with prometheus
K8s monitoring with prometheus
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 

Ähnlich wie Azure Security Center Overview

Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Managed SOC on Multi-Cloud-1.pptx
Managed SOC on Multi-Cloud-1.pptxManaged SOC on Multi-Cloud-1.pptx
Managed SOC on Multi-Cloud-1.pptxmayaz786
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-securityober64
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Trupti Shiralkar, CISSP
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 

Ähnlich wie Azure Security Center Overview (20)

Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
 
LIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
Managed SOC on Multi-Cloud-1.pptx
Managed SOC on Multi-Cloud-1.pptxManaged SOC on Multi-Cloud-1.pptx
Managed SOC on Multi-Cloud-1.pptx
 
366864108 azure-security
366864108 azure-security366864108 azure-security
366864108 azure-security
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
 
Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 

Mehr von Udaiappa Ramachandran

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Level up your security using Intune.pptx
Level up your security using Intune.pptxLevel up your security using Intune.pptx
Level up your security using Intune.pptxUdaiappa Ramachandran
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxUdaiappa Ramachandran
 
Vector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptxVector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptxUdaiappa Ramachandran
 
SecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxSecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxUdaiappa Ramachandran
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update ManagementUdaiappa Ramachandran
 

Mehr von Udaiappa Ramachandran (20)

RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Level up your security using Intune.pptx
Level up your security using Intune.pptxLevel up your security using Intune.pptx
Level up your security using Intune.pptx
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
AI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptxAI-Plugins-Planners-Persona-SemanticKernel.pptx
AI-Plugins-Planners-Persona-SemanticKernel.pptx
 
DOTNET8.pptx
DOTNET8.pptxDOTNET8.pptx
DOTNET8.pptx
 
AzureSynapse.pptx
AzureSynapse.pptxAzureSynapse.pptx
AzureSynapse.pptx
 
Vector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptxVector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptx
 
SecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptxSecureAzureServicesUsingADAuthentication.pptx
SecureAzureServicesUsingADAuthentication.pptx
 
AzureOpenAI.pptx
AzureOpenAI.pptxAzureOpenAI.pptx
AzureOpenAI.pptx
 
OpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptxOpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptx
 
DiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptxDiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptx
 
MAUI.pptx
MAUI.pptxMAUI.pptx
MAUI.pptx
 
CosmosDB.pptx
CosmosDB.pptxCosmosDB.pptx
CosmosDB.pptx
 
.NET7.pptx
.NET7.pptx.NET7.pptx
.NET7.pptx
 
AzureDevOps
AzureDevOpsAzureDevOps
AzureDevOps
 
AzureCostManagementAndBilling
AzureCostManagementAndBillingAzureCostManagementAndBilling
AzureCostManagementAndBilling
 
.NET6.pptx
.NET6.pptx.NET6.pptx
.NET6.pptx
 
Azure Automation and Update Management
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update Management
 
Azure staticwebapps
Azure staticwebappsAzure staticwebapps
Azure staticwebapps
 
Azure privatelink
Azure privatelinkAzure privatelink
Azure privatelink
 

Kürzlich hochgeladen

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 

Kürzlich hochgeladen (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 

Azure Security Center Overview

  • 1. Azure Security Center Udaiappa Ramachandran ( Udai ) https://udai.io
  • 2. About me • Udaiappa Ramachandran ( Udai ) • CTO-Akumina, Inc. • Cloud Expert • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • https://udai.io
  • 3. Agenda • Introduction • Azure Security Center • Azure Defender • Secure Score • Security Policies • Regulatory Compliance • Security Alerts • Cloud Connectors • Resource Graph • DEMO…DEMO…DEMO… • References
  • 4. Security/Data Breaches • Adobe • Adult Friend Finder • Ashley Madison • AWS S3 Bucket • Canva • Code Spaces (source code hosting) • Dubsmash • eBay • Equifax • Facebook • Heartland Payment Systems • LinkedIn • Marriott International • My Fitness Pal • MySpace • NetEase • Podesta/Hillary Emails • Sina Weibo • Target • Yahoo • Zynga
  • 5. Challenges • Threats increasing in volume and sophistication • Attacker business models evolve to maximize attacker return on investment (ROI) • Attack automation and evasion techniques evolving along multiple dimensions • Can’t Stop All Attacks • Must balance investments across prevention, detection, and response • Prevention investments must be focused on real world attacks • Integration is required, but complex and costly • Threat Detection requires context from a diverse signal sources and high volumes of data • Efficient operations requires integration of tools and technology like machine learning • Requires Blend of Human Expertise and Technology • Need human expertise, adaptability, and creativity to combat human threat actors • Difficult to hire people deep expertise, growing skillset takes a long time
  • 6. Why use Security Center? • Centralized policy management – Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads. • Continuous security assessment – Monitor the security posture of machines, networks, storage and data services, and applications to discover potential security issues. • Actionable recommendations – Remediate security vulnerabilities before they can be exploited by attackers with prioritized and actionable security recommendations. • Prioritized alerts and incidents - Focus on the most critical threats first with prioritized security alerts and incidents. • Advanced cloud defenses – Reduce threats with just in time access to management ports and adaptive application controls running on your VMs. • Integrated security solutions - Collect, search, and analyze security data from a variety of sources, including connected partner solutions.
  • 7. Azure Security Center (ASC) • Cloud Security Posture Management • Policies, initiatives and recommendations • Secure Score and security controls • Cloud Workload Protection • Protect threats against Servers, Cloud native workloads, databases and storage • Security alerts and incidents
  • 8. Security HYGIENE • Software • Code • Third party • Compute & Apps • Network • Data & Storage • Identity
  • 9. Security Score • Measurement of an organization’s security posture, higher the number lower the risk • Score may fluctuate if no governance on new resource provisioning
  • 10. Security Policy • Security Policy is the driver for Security Score • Built in set of policies(security controls) automatically assigned on your subscription • The resources are assessed continuously • Each policy is in audit mode and checks for misconfigurations • Customize or Disable policies not relevant to organization
  • 11. Microsoft Defender (XDR) • M365 Defender • Identities • Endpoints • Apps • E-mail • Cloud Apps • Docs • Azure Defender • SQL • Virtual Machines • Containers • Network • IoT • PaaS Applications (Azure App Services)
  • 12. Regulatory Compliances • ISO 27001 • PCI DSS 3.2.1 • SOC TSP • NIST SP 800-53 • NIST SP 800 171 • SWIFT CSP CSCF v2020 • UKO and UK NHS • Canada Federal PBMM • HIPAA HITRUST • Azure CIS 1.3.0 • CMMC Level 3 • New Zealand ISM Restricted
  • 13. Remediation • Manual – Follow the remediation steps • ARM Template • PowerShell • Workflow Automation
  • 14. Security Alerts • Security alerts • Custom alerts • Thread intelligence • Detected threat types • Threat origin • Threat intelligence map
  • 15. Continuous Export • Export Types • Security Recommendations • Secure Score • Security alerts • Regulatory compliance • Export frequency • Streaming updates • Snapshots • Export Target • Event Hub • Log Analytics
  • 16. Cloud Connectors • AWS - Security Hub • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard- aws?WT.mc_id=Portal-Microsoft_Azure_Security • GCP - GCP Security Commands • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp
  • 17. Azure Resource Graph(ARG) - Query • Query ASC Data • Export to CSV • Create Azure Workbook • ARG API
  • 18. References • http://docs.microsoft.com/en-us/azure/security-center • https://www.youtube.com/playlist?list=PL3ZTgFEc7LysTt_FBVZ1Bw8CyyyPraHGr • https://docs.microsoft.com/en-us/security/cybersecurity-reference- architecture/mcra • https://docs.microsoft.com/en-us/learn/browse • https://azure.microsoft.com/en-us/pricing/details/azure-defender/ • https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop • Git Resources • https://github.com/Azure/Azure-Security-Center • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ASCRecommendationsAzureResource • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ResourceExemption

Hinweis der Redaktion

  1. AWS BUCKETS - https://www.scmagazine.com/contractor-misconfigures-aws-exposes-data-of-50000-australian-employees/article/704873/ AWS BUCKETS - https://www.tripwire.com/state-of-security/featured/preventing-yet-another-aws-s3-storage-breach-with-tripwire/ PODESTA / HILLARY - https://en.wikipedia.org/wiki/Podesta_emails OPM - https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach TARGET - https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ ASHLEY MADISON – ENUMERATION ATTACK Other Breaches Source: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html Thread Landscape 90+ million cyber incidents 4+ million cost per breach 400+ billion loss from cyber attacks
  2. Rapidly changing resource Increasingly sophisticated attacks Security skills are in short supply Security hygiene is important https://outpost24.com/Press-Release-37-of-organisations-have-suffered-a-cyberattack-on-cloud-environments-due-to-the-lack-of-basic-cloud-security-hygiene https://blog.automox.com/bad-cyber-hygiene-breaches-tied-to-unpatched-vulnerabilities
  3. https://www.youtube.com/watch?v=p_yCOAhgSQk https://techcommunity.microsoft.com/t5/azure-sentinel/integrating-azure-security-center-with-azure-sentinel/ba-p/482847
  4. https://www.youtube.com/watch?v=p_yCOAhgSQk
  5. https://www.youtube.com/watch?v=p_yCOAhgSQk
  6. XDR-Extended Detection and Response DMZ=Demilitarized Zone DVR=Digital Video Recorder CVE=Common Vulnerabilities and Exposures CVSS=Common Vulnerability Scoring System
  7. ISO=International Organization for Standardization PCI=Payment Card Industry SOC TSP=Service Organization Controls Trust Service Criteria(Principles) NIST=National Institute of Standards and Technology CIS=Center for Internet Security CMMC=Cybersecurity Maturity Model Certification NZISM=New Zealand Information Security Manual HIPAA=The Health Insurance Portability and Accountability Act of 1996
  8. Determine the nature of the attack. Determine the attack point of origin. Determine the intent of the attack. Was the attack directed at your organization to acquire specific information, or was it random? Identify the systems that were compromised. Identify the files that were accessed and determine the sensitivity of those files.
  9. securityresources | where * contains 'Diagnostic logs should be enabled in App service' | where properties.status.code has 'unhealthy' securityresources | where * contains 'Azure Cosmos DB accounts should have firewall rules' | where properties.status.code has 'unhealthy'
  10. Privileged identity management –PIM, just in time administration MAM, MDM – Mobile application management , mobile device management https://aka.ms/ops101-learn https://aka.ms/ops101-blog https://aka.ms/ops101-docs https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop https://channel9.msdn.com/Shows/IT-Ops-Talk/OPS101-Securing-your-Hybrid-environment-Part-1-Azure-Security-Center https://channel9.msdn.com/Shows/IT-Ops-Talk/OPS103-Securing-your-Hybrid-environment--Part-2-Azure-Sentinel https://github.com/Azure/Azure-Security-Center https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify-ASCRecommendationsAzureResource https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify-ResourceExemption https://techcommunity.microsoft.com/t5/azure-security-center/how-to-keep-track-of-resource-exemptions-in-azure-security/ba-p/1770580 https://techcommunity.microsoft.com/t5/azure-security-center/send-asc-recommendations-to-azure-resource-stakeholders/ba-p/1216663 https://techcommunity.microsoft.com/t5/azure-security-center/creating-a-custom-dashboard-for-azure-security-center-with-azure/ba-p/1518647