0% found this document useful (0 votes)
148 views46 pages

SecASC - M01 - Azure Security Center Overview

M01_Azure Security Center Overview
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
148 views46 pages

SecASC - M01 - Azure Security Center Overview

M01_Azure Security Center Overview
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 46

Conditions and Terms of Use

Microsoft Confidential

Copyright and Trademarks


© 2021 Microsoft Corporation. All rights reserved.

http://www.microsoft.com/en-us/legal/intellectualproperty/Permissions/default.aspx
Expanding digital estate
Security Operations Team
IT deployment &
Regulatory maintenance
compliance
requirements

Sophistication
of threats Rising infrastructure
costs and upfront
investment

Security Landscape Challenges


Too many
disconnected
products

Security skills
Lack of in short supply
automation
Visibility into security Without security controls in
and compliance place, 68% of breaches take
months or longer to discover.

​In 2019 … saw a 95 percent


increase in the cost of a
breach—on average $5.16
million.1

Cloud security
challenges
Increase in number and
sophistication of attacks
1Source: Time to respond
Ponemon Institute, Cost of a Breach Report
2Source: Microsoft

12B cloud activities inspected,


monitored, and controlled in 2019.2
Technology

Identity & access Network Data Security Threat protection Intelligent Security
management Edge management
Azure Security Center

Cloud Security Posture Management Cloud Workload Protection Platform

Strengthen multi cloud Protect your hybrid cloud


security posture with Azure Defender

Secure Policies and Improved For For cloud native For databases
Score compliance automation servers workloads and storage

For Azure For IoT


service layers devices

Streamline security management


Focus on security across
your hybrid workloads

No infrastructure setup or maintenance

Azure Security Center available in Azure portal

Automatically discover and monitor security of


Azure resources

Easily onboard resources running in other


clouds and on premises

Security Center’s Azure Defender allows you to


detect and prevent threats for Azure and
hybrid cloud workloads
Azure Security Center

Leveraging
Azure Arc

Strengthen multi cloud Protect your hybrid cloud


security posture with Azure Defender

Secure Policies and Improved Vulnerability Advanced Detection and


Score compliance automation assessment protection response

Streamline security management


Azure Arc
Azure services & management capabilities on any infrastructure, anywhere

Azure Arc for servers Azure Arc for Kubernetes Azure data services on Azure Arc

Organize and govern servers across Manage Kubernetes applications Run data services anywhere
environments at-scale Deploy Azure data services in moments
Azure Arc extends Azure's management Deploy and configure Kubernetes anywhere you need them. Get simpler
to physical and virtual servers anywhere. applications consistently across all your compliance, faster response times, and
Govern and manage servers from a environments with modern DevOps better security for your data.
single, scalable management pane. techniques.
Deploy Azure Defender anywhere
with Azure Arc Multi-cloud

Extension installation, e.g. Log Analytics agent,


Azure Arc
Qualys Azure Arc enables
cloud management and
security protections
Enforce compliance and simplify audit reporting
Azure Resource Single Control Plane for any
Identified as an Azure resource Manager resource, anywhere

Asset organization and inventory with a unified


view in the Azure Portal – Azure Tags
Azure Arc

Server owners can view and remediate to meet


their compliance – RBAC in Azure
Datacenter
& hosted
Multi-cloud & hybrid protection in ASC

On-prem

New! New! New!

Azure Arc

Security posture
& compliance Secure score Asset management Policy

Server protection
(Azure Defender for VMs) Threat detection VA (powered by Qualys) Application control

Automation &
management at scale Automation SIEM integration Export
Cloud security management at scale
ASC CSPM platform is extensible with standard
operational tools and interfaces

Create custom policies or import from GitHub

Adjust Secure Score with custom policies

Automate remediation with built in remediation scripts and


ARM templates

Deploy LogicApp templates to automation scenarios


(remediation, connect to ITSM solutions, notify owner)

Build reports for overtime tracking using API samples and OOTB
logic apps.

Query your security posture directly from Azure Resource Graph


Asset Inventory will improve
visibility across the entire estate

Asset Inventory provides a single view of all


monitored resources

Allows easy filtering, sorting and cross-


referencing experience across all your
subscriptions

With continue exploration in Azure Resource


Graph with capabilities that include building
reports, exporting to CSV Azure workbooks,
ect.
Manage organizational security
policy and compliance

Gain visibility into your security posture from


an organizational level and subscription level

Easily set centralized organization-wide


security policies across multiple subscriptions
using Azure Management Groups

Security policies drive the security


recommendations in Azure Security Center

Rapidly build and deploy new secure


environments with Azure Blueprints
Continuously assess and optimize
with Secure Score

Get insights on the security posture across


your workloads with clear, weighted,
comparable KPIs

Address security vulnerabilities with prioritized


recommendations

Score available at all levels, from the tenant


level down to the individual subscription

Improve your Secure Score and overall security


posture in minutes
Measure workloads

Analyze risk factors in your hybrid cloud


environment in accordance with security best
practices

Map Security Center’s assessments to controls


in regulatory standards (PCI, CIS, ISO, SOC and
more..)

Evaluate your regulatory compliance using the


Regulatory compliance dashboard
improve

Reduce attack surface by patching vulnerabilities


and applying a secure configuration standard
with built-in recommendations
Continuously monitor applications’
configuration best security practices

Instantly identify security issues across data


stores, web apps, servers, networking and
identity & access
Protect your Azure and hybrid workloads with
Azure Defender

Use industry-leading threat intelligence to gain deep


insights for your cloud workloads

Extend protection to on-premises and multi-cloud virtual


machines and SQL databases using Azure Arc SQL Server / VMs Containers

Protect data services, cloud native services, servers and


IoT from threats

With prioritized alerts, focus on what matters the most Network traffic IoT Apps
Comprehensive threat protection
Threat protection for Azure and hybrid workloads
General availability

Any Azure Azure Azure App Azure Azure Azure Azure Managed Azure Network Key SQL
Server VMSS K8s Services SQL Storage files Synapse Instance Layer V1 Vault Server

Public preview

PostgreSQL MySQL MariaDB IoT


Azure Defender Azure Security Center

Azure Defender provides security alerts and


advanced threat protection for virtual machines,
SQL databases, containers, web applications,
your network, and more

Safeguard Windows servers and clients and


protect Linux servers. Assess application
vulnerabilities in virtual machines

Monitor the security state of your hybrid


workloads via one console
monitor

Visualize the network components and their


configuration within your virtual networks in
Azure

Explore the connections between your virtual


networks, subnets and nodes

Identify vulnerabilities such as missing network


security groups or web application firewalls and
take quick action
Reduce attack surface
with cloud native controls

Protect against threats, such as brute force


attacks, by reducing access to VM ports only
when needed using Just-in-Time VM Access
and built-in recommendations

Detect network volumetric attacks on your


internet-facing cloud servers

Harden NSGs with Adaptive Network


Hardening recommendations
Adaptive network hardening

Harden your NSGs with adaptive learning of


network communication patterns
Simplify management with recommended
whitelists per Internet-facing VM, port and
protocol
Powered by Azure machine learning
Adaptive application
controls hardening

Adaptive application controls are an intelligent


and automated solution for defining allow lists
of known-safe applications for your machines
Adaptive application will help harden your
machines against malware, improve compliance,
and prevent software from running
Security Center uses machine learning to
analyze the applications running on your
machines
File integrity monitoring

Examines files and registries of the operating


system, application software, and others for
changes that might indicate an attack
Validates the integrity of Windows files,
Windows registry, and Linux files
Select the files that you want to be monitored
by enabling File Integrity Monitoring
Container image scanning

Image scan in ship Discover ACR registries,


scan all pushed images, and get visibility to
vulnerable images
Image scan in runtime Continuous scanning
of recently pulled images
Azure Kubernetes runtime protection

AKS cluster and nodes hygiene Harden and audit


AKS clusters according to Azure security
benchmarks and follow the Docker CIS
benchmark on container nodes
Runtime threat detection Detect suspicious
behavior in Kubernetes workloads via a unique
agentless approach leveraging Kubernetes audit
log, in addition to Kubernetes workers dedicated
detections
Admission control policy management
Mandate/audit security best practices on
Kubernetes workloads
Proactively protect Linux
and Windows servers
from threats
On-premises
Azure, AWS, and GCP

Use Just-in-Time VM Access to control


access to commonly attacked
Microsoft
management ports Defender for
Adaptive
application
Endpoint Behavior analytics controls
Enable controls to block malicious
applications, especially those missed by ! ! !
antimalware solutions, from running

Protect Windows and Linux servers with


the integration of Microsoft Defender for
servers Malicious code Data
execution exfiltration

Lateral
Movement
Protection Detection

Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP)

Detection capabilities: Processes, Files, Microsoft Antimalware service


host level networking, Memory

Response capabilities provided by


Microsoft Defender for Endpoint
including quarantine, delete file, isolate
machine, restrict app execution etc.
Microsoft Defender for Endpoint integration

Azure Security Center integrates with


Microsoft Defender for Endpoint to provide
comprehensive Endpoint Detection and
Response (EDR) capabilities

Microsoft Defender alerts are available in the


Azure Security Center console
ASC customers can access Microsoft Defender
for Endpoint (MDE) portal to perform detailed
investigation to uncover scope of breach
Protect hybrid workloads

On-prem

New! New!

New! Azure Arc

Server hygiene Secure score Policy VA (powered by Qualys)

Advanced protection Application control JIT VM Access File Integrity Monitoring

Detection & response Threat detection (powered by MDATP) SIEM integration Export & Automation
Multi Cloud Visibility

Onboard your workloads in Azure, Amazon


Web Services (AWS), and Google Cloud
Platform (GCP)

Azure Security Center provides visibility and


protection across both AWS and GCP cloud
environments

A single view showing Azure Security Center


recommendations and GCP Security Command
Center findings
Azure Defender for IoT

Asset inventory auto-discovery of IoT/OT assets including


visual network map and device details (manufacturer,
type, MAC/IP, protocols used, etc.

Vulnerability management device CVEs, open ports,


unauthorized internet connections, and more - plus
overall IoT/OT security risk score with recommended
mitigations

Threat detection leverages machine learning and IoT/aware


behavioral analytics to immediately detect advanced
IoT/OT threats (such as fileless malware) based on
anomalous or unauthorized activity versus static IOCs

Azure Sentinel integration native integration with Azure


Sentinel enables the SOC to quickly identify multistage
attacks that cross IT/OT boundaries - and to remove silos
between IT and OT teams
Azure Defender for SQL

Threat detectiondetect unusual and harmful attempts to breach SQL servers in Azure,
on-premises and other clouds

Vulnerability assessment discover and remediate security misconfigurations in SQL


servers in Azure, on-premises and other clouds

Protect SQL servers anywhere Support for Azure Arc enabled SQL servers
Azure Defender for the Azure Service Layer

Security Center can detect malicious traffic


on the network-layer from deep packet
inspection collected by Azure core routers

Detecting harmful activity to your Azure


subscription environment is now enhanced
with integration powered by Microsoft
Cloud App Security

Security Center detects unusual and


potentially harmful attempts to access or
exploit Key Vault accounts
Azure Defender for the Azure Service Layer

A known reconnaissance Network communication High volume of


toolkit run has been with a malicious machine operations in a Key Vault
detected in your detected
environment
Suspicious policy change
Suspicious management Incoming SQL brute
and secret query in a Key
session using Azure portal force attempts detected
detected Vault
Use of advanced Azure Outgoing denial-of- Unusual operation
persistence techniques service attack detected pattern in a Key Vault

Suspicious management Suspicious outgoing SSH User accessed high


session using an inactive network activity to volume of Key Vaults
account detected multiple destinations
SIEM
Azure Sentinel

Microsoft 365 Defender Azure Defender

Email/docs Endpoints SQL Server VMs Containers

Network
Identities Apps traffic IoT Apps

XDR
Microsoft Defender
Threat protection for cloud at scale

Microsoft
365
App Network
IoT

Partner
solutions

SQL Azure Security Access Multi-cloud Azure


Center ASC Connector Sentinel
SIEM

IoT Compute Network Data

Azure Security Center Azure Sentinel


Cloud Workload Protection Cloud Native SIEM
©Microsoft Corporation
Azure
Azure Security Center
streams alerts to Sentinel

End-to end visibility of security alerts

Data correlation across multiple Microsoft


products provides deep threat detection
capabilities for investigations

Detecting and following suspicious activities


across many data sources is helpful during an
investigation
Questions?

You might also like