Conditions and Terms of Use

Microsoft Confidential

Copyright and Trademarks

© 2021 Microsoft Corporation. All rights reserved.

http://www.microsoft.com/en-us/legal/intellectualproperty/Permissions/default.aspx
Expanding digital estate
Security Operations Team
 IT deployment &
Regulatory maintenance
compliance
requirements

Sophistication
of threats Rising infrastructure
costs and upfront
investment

Security Landscape Challenges

Too many
disconnected
products

Security skills
Lack of in short supply
automation
 Visibility into security Without security controls in
and compliance place, 68% of breaches take
months or longer to discover.

​In 2019 … saw a 95 percent

increase in the cost of a
breach—on average $5.16
million.1

Cloud security
challenges
Increase in number and
sophistication of attacks
1Source: Time to respond
Ponemon Institute, Cost of a Breach Report
2Source: Microsoft

12B cloud activities inspected,

monitored, and controlled in 2019.2
Technology

Identity & access Network Data Security Threat protection Intelligent Security
management Edge management
Azure Security Center

Cloud Security Posture Management Cloud Workload Protection Platform

Strengthen multi cloud Protect your hybrid cloud

security posture with Azure Defender

Secure Policies and Improved For For cloud native For databases
Score compliance automation servers workloads and storage

For Azure For IoT

service layers devices

Streamline security management

 Focus on security across
your hybrid workloads

No infrastructure setup or maintenance

Azure Security Center available in Azure portal

Automatically discover and monitor security of

Azure resources

Easily onboard resources running in other

clouds and on premises

Security Center’s Azure Defender allows you to

detect and prevent threats for Azure and
hybrid cloud workloads
Azure Security Center

Leveraging
Azure Arc

Strengthen multi cloud Protect your hybrid cloud

security posture with Azure Defender

Secure Policies and Improved Vulnerability Advanced Detection and

Score compliance automation assessment protection response

Streamline security management

Azure Arc
Azure services & management capabilities on any infrastructure, anywhere

Azure Arc for servers Azure Arc for Kubernetes Azure data services on Azure Arc

Organize and govern servers across
environments
Azure Arc extends Azure's management
to physical and virtual servers anywhere.
Govern and manage servers from a
single, scalable management pane.
Manage Kubernetes applications
at-scale
Deploy and configure Kubernetes
applications consistently across all your
environments with modern DevOps
techniques.
Run data services anywhere
Deploy Azure data services in moments
anywhere you need them. Get simpler
compliance, faster response times, and
better security for your data.
Deploy Azure Defender anywhere
with Azure Arc Multi-cloud

Extension installation, e.g. Log Analytics agent,

Azure Arc
Qualys Azure Arc enables
cloud management and
security protections
Enforce compliance and simplify audit reporting
Azure Resource Single Control Plane for any
Identified as an Azure resource Manager resource, anywhere

Asset organization and inventory with a unified

view in the Azure Portal – Azure Tags
Azure Arc

Server owners can view and remediate to meet

their compliance – RBAC in Azure
Datacenter
& hosted
Multi-cloud & hybrid protection in ASC

On-prem

New! New! New!

Azure Arc

Security posture
& compliance Secure score Asset management Policy

Server protection
(Azure Defender for VMs) Threat detection VA (powered by Qualys) Application control

Automation &
management at scale Automation SIEM integration Export
Cloud security management at scale
ASC CSPM platform is extensible with standard
operational tools and interfaces

Create custom policies or import from GitHub

Adjust Secure Score with custom policies

Automate remediation with built in remediation scripts and

ARM templates

Deploy LogicApp templates to automation scenarios

(remediation, connect to ITSM solutions, notify owner)

Build reports for overtime tracking using API samples and OOTB
logic apps.

Query your security posture directly from Azure Resource Graph

Asset Inventory will improve
visibility across the entire estate

Asset Inventory provides a single view of all

monitored resources

Allows easy filtering, sorting and cross-

referencing experience across all your
subscriptions

With continue exploration in Azure Resource

Graph with capabilities that include building
reports, exporting to CSV Azure workbooks,
ect.
Manage organizational security
policy and compliance

Gain visibility into your security posture from

an organizational level and subscription level

Easily set centralized organization-wide

security policies across multiple subscriptions
using Azure Management Groups

Security policies drive the security

recommendations in Azure Security Center

Rapidly build and deploy new secure

environments with Azure Blueprints
Continuously assess and optimize
with Secure Score

Get insights on the security posture across

your workloads with clear, weighted,
comparable KPIs

Address security vulnerabilities with prioritized

recommendations

Score available at all levels, from the tenant

level down to the individual subscription

Improve your Secure Score and overall security

posture in minutes
Measure workloads

Analyze risk factors in your hybrid cloud

environment in accordance with security best
practices

Map Security Center’s assessments to controls

in regulatory standards (PCI, CIS, ISO, SOC and
more..)

Evaluate your regulatory compliance using the

Regulatory compliance dashboard
 improve

Reduce attack surface by patching vulnerabilities

and applying a secure configuration standard
with built-in recommendations
Continuously monitor applications’
configuration best security practices

Instantly identify security issues across data

stores, web apps, servers, networking and
identity & access
Protect your Azure and hybrid workloads with
Azure Defender

Use industry-leading threat intelligence to gain deep

insights for your cloud workloads

Extend protection to on-premises and multi-cloud virtual

machines and SQL databases using Azure Arc SQL Server / VMs Containers

Protect data services, cloud native services, servers and

IoT from threats

With prioritized alerts, focus on what matters the most Network traffic IoT Apps
Comprehensive threat protection
Threat protection for Azure and hybrid workloads
General availability

Any Azure Azure Azure App Azure Azure Azure Azure Managed Azure Network Key SQL
Server VMSS K8s Services SQL Storage files Synapse Instance Layer V1 Vault Server

Public preview

PostgreSQL MySQL MariaDB IoT

Azure Defender Azure Security Center

Azure Defender provides security alerts and

advanced threat protection for virtual machines,
SQL databases, containers, web applications,
your network, and more

Safeguard Windows servers and clients and

protect Linux servers. Assess application
vulnerabilities in virtual machines

Monitor the security state of your hybrid

workloads via one console
 monitor

Visualize the network components and their

configuration within your virtual networks in
Azure

Explore the connections between your virtual

networks, subnets and nodes

Identify vulnerabilities such as missing network

security groups or web application firewalls and
take quick action
Reduce attack surface
with cloud native controls

Protect against threats, such as brute force

attacks, by reducing access to VM ports only
when needed using Just-in-Time VM Access
and built-in recommendations

Detect network volumetric attacks on your

internet-facing cloud servers

Harden NSGs with Adaptive Network

Hardening recommendations
Adaptive network hardening

Harden your NSGs with adaptive learning of

network communication patterns
Simplify management with recommended
whitelists per Internet-facing VM, port and
protocol
Powered by Azure machine learning
Adaptive application
controls hardening

Adaptive application controls are an intelligent

and automated solution for defining allow lists
of known-safe applications for your machines
Adaptive application will help harden your
machines against malware, improve compliance,
and prevent software from running
Security Center uses machine learning to
analyze the applications running on your
machines
File integrity monitoring

Examines files and registries of the operating

system, application software, and others for
changes that might indicate an attack
Validates the integrity of Windows files,
Windows registry, and Linux files
Select the files that you want to be monitored
by enabling File Integrity Monitoring
Container image scanning

Image scan in ship Discover ACR registries,

scan all pushed images, and get visibility to
vulnerable images
Image scan in runtime Continuous scanning
of recently pulled images
Azure Kubernetes runtime protection

AKS cluster and nodes hygiene Harden and audit

AKS clusters according to Azure security
benchmarks and follow the Docker CIS
benchmark on container nodes
Runtime threat detection Detect suspicious
behavior in Kubernetes workloads via a unique
agentless approach leveraging Kubernetes audit
log, in addition to Kubernetes workers dedicated
detections
Admission control policy management
Mandate/audit security best practices on
Kubernetes workloads
Proactively protect Linux
and Windows servers
from threats
On-premises
Azure, AWS, and GCP

Use Just-in-Time VM Access to control

access to commonly attacked
Microsoft
management ports Defender for
Adaptive
application
Endpoint Behavior analytics controls
Enable controls to block malicious
applications, especially those missed by ! ! !
antimalware solutions, from running

Protect Windows and Linux servers with

the integration of Microsoft Defender for
servers Malicious code Data
execution exfiltration

Lateral
Movement
 Protection Detection

Endpoint Detection and Response (EDR) Endpoint Protection Platform (EPP)

Detection capabilities: Processes, Files, Microsoft Antimalware service

host level networking, Memory

Response capabilities provided by

Microsoft Defender for Endpoint
including quarantine, delete file, isolate
machine, restrict app execution etc.
Microsoft Defender for Endpoint integration

Azure Security Center integrates with

Microsoft Defender for Endpoint to provide
comprehensive Endpoint Detection and
Response (EDR) capabilities

Microsoft Defender alerts are available in the

Azure Security Center console
ASC customers can access Microsoft Defender
for Endpoint (MDE) portal to perform detailed
investigation to uncover scope of breach
Protect hybrid workloads

On-prem

New! New!

New! Azure Arc

Server hygiene Secure score Policy VA (powered by Qualys)

Advanced protection Application control JIT VM Access File Integrity Monitoring

Detection & response Threat detection (powered by MDATP) SIEM integration Export & Automation
Multi Cloud Visibility

Onboard your workloads in Azure, Amazon

Web Services (AWS), and Google Cloud
Platform (GCP)

Azure Security Center provides visibility and

protection across both AWS and GCP cloud
environments

A single view showing Azure Security Center

recommendations and GCP Security Command
Center findings
Azure Defender for IoT

Asset inventory auto-discovery of IoT/OT assets including

visual network map and device details (manufacturer,
type, MAC/IP, protocols used, etc.

Vulnerability management device CVEs, open ports,

unauthorized internet connections, and more - plus
overall IoT/OT security risk score with recommended
mitigations

Threat detection leverages machine learning and IoT/aware

behavioral analytics to immediately detect advanced
IoT/OT threats (such as fileless malware) based on
anomalous or unauthorized activity versus static IOCs

Azure Sentinel integration native integration with Azure

Sentinel enables the SOC to quickly identify multistage
attacks that cross IT/OT boundaries - and to remove silos
between IT and OT teams
Azure Defender for SQL

Threat detectiondetect unusual and harmful attempts to breach SQL servers in Azure,
on-premises and other clouds

Vulnerability assessment discover and remediate security misconfigurations in SQL

servers in Azure, on-premises and other clouds

Protect SQL servers anywhere Support for Azure Arc enabled SQL servers
Azure Defender for the Azure Service Layer

Security Center can detect malicious traffic

on the network-layer from deep packet
inspection collected by Azure core routers

Detecting harmful activity to your Azure

subscription environment is now enhanced
with integration powered by Microsoft
Cloud App Security

Security Center detects unusual and

potentially harmful attempts to access or
exploit Key Vault accounts
Azure Defender for the Azure Service Layer

A known reconnaissance Network communication High volume of

toolkit run has been with a malicious machine operations in a Key Vault
detected in your detected
environment
Suspicious policy change
Suspicious management Incoming SQL brute
and secret query in a Key
session using Azure portal force attempts detected
detected Vault
Use of advanced Azure Outgoing denial-of- Unusual operation
persistence techniques service attack detected pattern in a Key Vault

Suspicious management Suspicious outgoing SSH User accessed high

session using an inactive network activity to volume of Key Vaults
account detected multiple destinations
 SIEM
Azure Sentinel

Microsoft 365 Defender Azure Defender

Email/docs Endpoints SQL Server VMs Containers

Network
Identities Apps traffic IoT Apps

XDR
Microsoft Defender
Threat protection for cloud at scale

Microsoft
365
App Network
IoT

Partner
solutions

SQL Azure Security Access Multi-cloud Azure

Center ASC Connector Sentinel
SIEM

IoT Compute Network Data

Azure Security Center Azure Sentinel

Cloud Workload Protection Cloud Native SIEM
©Microsoft Corporation
Azure
Azure Security Center
streams alerts to Sentinel

End-to end visibility of security alerts

Data correlation across multiple Microsoft

products provides deep threat detection
capabilities for investigations

Detecting and following suspicious activities

across many data sources is helpful during an
investigation
Questions?