Azure Security Center

Udaiappa Ramachandran
Udaiappa RamachandranCTO, Akumina, Inc., em Akumina
Azure Security Center Udaiappa Ramachandran ( Udai ) https://udai.io
About me • Udaiappa Ramachandran ( Udai ) • CTO-Akumina, Inc. • Cloud Expert • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • https://udai.io
Agenda • Introduction • Azure Security Center • Azure Defender • Secure Score • Security Policies • Regulatory Compliance • Security Alerts • Cloud Connectors • Resource Graph • DEMO…DEMO…DEMO… • References
Security/Data Breaches • Adobe • Adult Friend Finder • Ashley Madison • AWS S3 Bucket • Canva • Code Spaces (source code hosting) • Dubsmash • eBay • Equifax • Facebook • Heartland Payment Systems • LinkedIn • Marriott International • My Fitness Pal • MySpace • NetEase • Podesta/Hillary Emails • Sina Weibo • Target • Yahoo • Zynga
Challenges • Threats increasing in volume and sophistication • Attacker business models evolve to maximize attacker return on investment (ROI) • Attack automation and evasion techniques evolving along multiple dimensions • Can’t Stop All Attacks • Must balance investments across prevention, detection, and response • Prevention investments must be focused on real world attacks • Integration is required, but complex and costly • Threat Detection requires context from a diverse signal sources and high volumes of data • Efficient operations requires integration of tools and technology like machine learning • Requires Blend of Human Expertise and Technology • Need human expertise, adaptability, and creativity to combat human threat actors • Difficult to hire people deep expertise, growing skillset takes a long time
Why use Security Center? • Centralized policy management – Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads. • Continuous security assessment – Monitor the security posture of machines, networks, storage and data services, and applications to discover potential security issues. • Actionable recommendations – Remediate security vulnerabilities before they can be exploited by attackers with prioritized and actionable security recommendations. • Prioritized alerts and incidents - Focus on the most critical threats first with prioritized security alerts and incidents. • Advanced cloud defenses – Reduce threats with just in time access to management ports and adaptive application controls running on your VMs. • Integrated security solutions - Collect, search, and analyze security data from a variety of sources, including connected partner solutions.
Azure Security Center (ASC) • Cloud Security Posture Management • Policies, initiatives and recommendations • Secure Score and security controls • Cloud Workload Protection • Protect threats against Servers, Cloud native workloads, databases and storage • Security alerts and incidents
Security HYGIENE • Software • Code • Third party • Compute & Apps • Network • Data & Storage • Identity
Security Score • Measurement of an organization’s security posture, higher the number lower the risk • Score may fluctuate if no governance on new resource provisioning
Security Policy • Security Policy is the driver for Security Score • Built in set of policies(security controls) automatically assigned on your subscription • The resources are assessed continuously • Each policy is in audit mode and checks for misconfigurations • Customize or Disable policies not relevant to organization
Microsoft Defender (XDR) • M365 Defender • Identities • Endpoints • Apps • E-mail • Cloud Apps • Docs • Azure Defender • SQL • Virtual Machines • Containers • Network • IoT • PaaS Applications (Azure App Services)
Regulatory Compliances • ISO 27001 • PCI DSS 3.2.1 • SOC TSP • NIST SP 800-53 • NIST SP 800 171 • SWIFT CSP CSCF v2020 • UKO and UK NHS • Canada Federal PBMM • HIPAA HITRUST • Azure CIS 1.3.0 • CMMC Level 3 • New Zealand ISM Restricted
Remediation • Manual – Follow the remediation steps • ARM Template • PowerShell • Workflow Automation
Security Alerts • Security alerts • Custom alerts • Thread intelligence • Detected threat types • Threat origin • Threat intelligence map
Continuous Export • Export Types • Security Recommendations • Secure Score • Security alerts • Regulatory compliance • Export frequency • Streaming updates • Snapshots • Export Target • Event Hub • Log Analytics
Cloud Connectors • AWS - Security Hub • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard- aws?WT.mc_id=Portal-Microsoft_Azure_Security • GCP - GCP Security Commands • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp
Azure Resource Graph(ARG) - Query • Query ASC Data • Export to CSV • Create Azure Workbook • ARG API
References • http://docs.microsoft.com/en-us/azure/security-center • https://www.youtube.com/playlist?list=PL3ZTgFEc7LysTt_FBVZ1Bw8CyyyPraHGr • https://docs.microsoft.com/en-us/security/cybersecurity-reference- architecture/mcra • https://docs.microsoft.com/en-us/learn/browse • https://azure.microsoft.com/en-us/pricing/details/azure-defender/ • https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop • Git Resources • https://github.com/Azure/Azure-Security-Center • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ASCRecommendationsAzureResource • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ResourceExemption
1 de 18

Azure Security Center

Baixar para ler offline
Tecnologia

Azure Security Center provides security posture management and threat protection for your hybrid cloud workloads. Cloud Security Posture Management includes Policies, initiatives, recommendations, secure scores, and security controls. Cloud Workload Protection protects threats against servers, cloud-native workloads, databases, and storage security alerts and incidents.

Udaiappa Ramachandran
Udaiappa RamachandranCTO, Akumina, Inc., em Akumina

Recomendados

Integrated Security & Operations for Scaling Securely in AWS por
Integrated Security & Operations for Scaling Securely in AWSIntegrated Security & Operations for Scaling Securely in AWS
Integrated Security & Operations for Scaling Securely in AWSAmazon Web Services
704 visualizações23 slides
Security and Compliance in the Cloud por
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
1.6K visualizações71 slides
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat... por
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Amazon Web Services
592 visualizações16 slides
Azure governance por
Azure governanceAzure governance
Azure governanceUdaiappa Ramachandran
300 visualizações17 slides
(SEC402) Enterprise Cloud Security via DevSecOps 2.0 por
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
9.6K visualizações38 slides
Introduction to DevSecOps on AWS por
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
5.4K visualizações35 slides

Mais conteúdo relacionado

Mais procurados

AWS Webcast - Understanding the AWS Security Model por
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
8.6K visualizações25 slides
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |... por
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
4.4K visualizações20 slides
Shared Security Responsibility for the Azure Cloud por
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
2.7K visualizações24 slides
AWS Security por
AWS Security AWS Security
AWS Security Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
145 visualizações26 slides
CSS17: DC - The AWS Shared Responsibility Model in Practice por
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeAlert Logic
237 visualizações33 slides
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW... por
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Amazon Web Services
6.2K visualizações36 slides

Mais procurados(20)

AWS Webcast - Understanding the AWS Security Model por Amazon Web Services
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services8.6K visualizações
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |... por Amazon Web Services
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services4.4K visualizações
Shared Security Responsibility for the Azure Cloud por Alert Logic
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic 2.7K visualizações
AWS Security por Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL
AWS Security AWS Security
AWS Security
Magdy El-Faramawy , MBA,PMP,CISA,CM,ITIL145 visualizações
CSS17: DC - The AWS Shared Responsibility Model in Practice por Alert Logic
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
Alert Logic 237 visualizações
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW... por Amazon Web Services
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...
Amazon Web Services6.2K visualizações
AWS Summit 2014 - Perth - Keynote por Amazon Web Services
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - Keynote
Amazon Web Services1.4K visualizações
F5 on AWS: How MailControl Improved their Application Visbility and Security por Amazon Web Services
F5 on AWS: How MailControl Improved their Application Visbility and Security F5 on AWS: How MailControl Improved their Application Visbility and Security
F5 on AWS: How MailControl Improved their Application Visbility and Security
Amazon Web Services722 visualizações
Intro to AWS: Security por Amazon Web Services
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services1.5K visualizações
Best Practices in Cloud Security por Alert Logic
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic 565 visualizações
The AWS Shared Responsibility Model in Practice por Alert Logic
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic 173 visualizações
Compliance in the Cloud Using Security by Design por Amazon Web Services
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
Amazon Web Services5.2K visualizações
Microsoft Azure Security Overview por Alert Logic
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic 8.7K visualizações
The 2014 AWS Enterprise Summit - Understanding AWS Security por Amazon Web Services
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
Amazon Web Services2.2K visualizações
Architecting for Greater Security on AWS por Amazon Web Services
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
Amazon Web Services7.6K visualizações
AWS Shared Security Model in Practice por Alert Logic
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Alert Logic 193 visualizações
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub... por Amazon Web Services
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Amazon Web Services496 visualizações
Managing Security with AWS | AWS Public Sector Summit 2017 por Amazon Web Services
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services774 visualizações
K8s monitoring with prometheus por Kasun Rajapakse
K8s monitoring with prometheusK8s monitoring with prometheus
K8s monitoring with prometheus
Kasun Rajapakse152 visualizações
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice por Alert Logic
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
Alert Logic 282 visualizações

Similar a Azure Security Center

Azure Operation Management Suite - security and compliance por
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
661 visualizações25 slides
LIFT OFF 2017: AWS and Cloud Computing por
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud ComputingRobert Herjavec
1.1K visualizações18 slides
AWS Cloud Security por
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAmazon Web Services LATAM
2K visualizações49 slides
Daniel Grabski | Microsofts cybersecurity story por
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
227 visualizações26 slides
AWS Cloud Security por
AWS Cloud SecurityAWS Cloud Security
AWS Cloud SecurityAWS Riyadh User Group
555 visualizações52 slides
TechTalksUtah-Sentinel-20191108.pptx por
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
2 visualizações54 slides

Similar a Azure Security Center(20)

Azure Operation Management Suite - security and compliance por Asaf Nakash
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
Asaf Nakash661 visualizações
LIFT OFF 2017: AWS and Cloud Computing por Robert Herjavec
LIFT OFF 2017: AWS and Cloud ComputingLIFT OFF 2017: AWS and Cloud Computing
LIFT OFF 2017: AWS and Cloud Computing
Robert Herjavec1.1K visualizações
AWS Cloud Security por Amazon Web Services LATAM
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
Amazon Web Services LATAM2K visualizações
Daniel Grabski | Microsofts cybersecurity story por Microsoft Österreich
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
Microsoft Österreich227 visualizações
AWS Cloud Security por AWS Riyadh User Group
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
AWS Riyadh User Group555 visualizações
TechTalksUtah-Sentinel-20191108.pptx por JustineGarcia32
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia322 visualizações
Secure the modern Enterprise por Microsoft Österreich
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
Microsoft Österreich1.7K visualizações
Managed SOC on Multi-Cloud-1.pptx por mayaz786
Managed SOC on Multi-Cloud-1.pptxManaged SOC on Multi-Cloud-1.pptx
Managed SOC on Multi-Cloud-1.pptx
mayaz7867 visualizações
366864108 azure-security por ober64
366864108 azure-security366864108 azure-security
366864108 azure-security
ober64166 visualizações
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w... por Amazon Web Services
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services1.9K visualizações
NIST Cybersecurity Framework (CSF) on the Public Cloud por CloudHesive
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive192 visualizações
Getting Started with Azure Security Center por Cheah Eng Soon
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon995 visualizações
Azure Security Center por Microsoft
Azure Security CenterAzure Security Center
Azure Security Center
Microsoft90 visualizações
Azure Security Overview por David J Rosenthal
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal906 visualizações
Aujas Cyber Security por VivianMarcello3
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
VivianMarcello3153 visualizações
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf por Kranthi Aragonda
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda16 visualizações
Protecting microservices using secure design patterns 1.0 por Trupti Shiralkar, CISSP
Protecting microservices using secure design patterns 1.0Protecting microservices using secure design patterns 1.0
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP117 visualizações
microsoft-cybersecurity-reference-architectures (1).pptx por GenericName6
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
GenericName6332 visualizações
Fundamentals of Microsoft 365 Security , Identity and Compliance por Vignesh Ganesan I Microsoft MVP
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP535 visualizações
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2... por aOS Community
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Community210 visualizações

Mais de Udaiappa Ramachandran

Vector Search using OpenAI in Azure Cognitive Search.pptx por
Vector Search using OpenAI in Azure Cognitive Search.pptxVector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptxUdaiappa Ramachandran
14 visualizações16 slides
AzureOpenAI.pptx por
AzureOpenAI.pptxAzureOpenAI.pptx
AzureOpenAI.pptxUdaiappa Ramachandran
555 visualizações16 slides
OpenAI-Copilot-ChatGPT.pptx por
OpenAI-Copilot-ChatGPT.pptxOpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptxUdaiappa Ramachandran
551 visualizações13 slides
DiagnoseAndSolveproblems.pptx por
DiagnoseAndSolveproblems.pptxDiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptxUdaiappa Ramachandran
32 visualizações9 slides
MAUI.pptx por
MAUI.pptxMAUI.pptx
MAUI.pptxUdaiappa Ramachandran
77 visualizações10 slides
CosmosDB.pptx por
CosmosDB.pptxCosmosDB.pptx
CosmosDB.pptxUdaiappa Ramachandran
25 visualizações18 slides

Mais de Udaiappa Ramachandran(20)

Vector Search using OpenAI in Azure Cognitive Search.pptx por Udaiappa Ramachandran
Vector Search using OpenAI in Azure Cognitive Search.pptxVector Search using OpenAI in Azure Cognitive Search.pptx
Vector Search using OpenAI in Azure Cognitive Search.pptx
Udaiappa Ramachandran14 visualizações
AzureOpenAI.pptx por Udaiappa Ramachandran
AzureOpenAI.pptxAzureOpenAI.pptx
AzureOpenAI.pptx
Udaiappa Ramachandran555 visualizações
OpenAI-Copilot-ChatGPT.pptx por Udaiappa Ramachandran
OpenAI-Copilot-ChatGPT.pptxOpenAI-Copilot-ChatGPT.pptx
OpenAI-Copilot-ChatGPT.pptx
Udaiappa Ramachandran551 visualizações
DiagnoseAndSolveproblems.pptx por Udaiappa Ramachandran
DiagnoseAndSolveproblems.pptxDiagnoseAndSolveproblems.pptx
DiagnoseAndSolveproblems.pptx
Udaiappa Ramachandran32 visualizações
MAUI.pptx por Udaiappa Ramachandran
MAUI.pptxMAUI.pptx
MAUI.pptx
Udaiappa Ramachandran77 visualizações
CosmosDB.pptx por Udaiappa Ramachandran
CosmosDB.pptxCosmosDB.pptx
CosmosDB.pptx
Udaiappa Ramachandran25 visualizações
.NET7.pptx por Udaiappa Ramachandran
.NET7.pptx.NET7.pptx
.NET7.pptx
Udaiappa Ramachandran41 visualizações
AzureDevOps por Udaiappa Ramachandran
AzureDevOpsAzureDevOps
AzureDevOps
Udaiappa Ramachandran134 visualizações
.NET6.pptx por Udaiappa Ramachandran
.NET6.pptx.NET6.pptx
.NET6.pptx
Udaiappa Ramachandran336 visualizações
Azure Automation and Update Management por Udaiappa Ramachandran
Azure Automation and Update ManagementAzure Automation and Update Management
Azure Automation and Update Management
Udaiappa Ramachandran510 visualizações
Azure staticwebapps por Udaiappa Ramachandran
Azure staticwebappsAzure staticwebapps
Azure staticwebapps
Udaiappa Ramachandran233 visualizações
Azure privatelink por Udaiappa Ramachandran
Azure privatelinkAzure privatelink
Azure privatelink
Udaiappa Ramachandran248 visualizações
Containers Hands-on lab por Udaiappa Ramachandran
Containers Hands-on labContainers Hands-on lab
Containers Hands-on lab
Udaiappa Ramachandran165 visualizações
Azure cosmosdb por Udaiappa Ramachandran
Azure cosmosdbAzure cosmosdb
Azure cosmosdb
Udaiappa Ramachandran205 visualizações
Knowledge Mining With Azure Search por Udaiappa Ramachandran
Knowledge Mining With Azure SearchKnowledge Mining With Azure Search
Knowledge Mining With Azure Search
Udaiappa Ramachandran158 visualizações
Azure serverless computing por Udaiappa Ramachandran
Azure serverless computingAzure serverless computing
Azure serverless computing
Udaiappa Ramachandran405 visualizações
Azure Service Fabric Mesh por Udaiappa Ramachandran
Azure Service Fabric MeshAzure Service Fabric Mesh
Azure Service Fabric Mesh
Udaiappa Ramachandran443 visualizações
Azure Web Apps Advanced Security por Udaiappa Ramachandran
Azure Web Apps Advanced SecurityAzure Web Apps Advanced Security
Azure Web Apps Advanced Security
Udaiappa Ramachandran666 visualizações
Azure marketplace por Udaiappa Ramachandran
Azure marketplaceAzure marketplace
Azure marketplace
Udaiappa Ramachandran316 visualizações
Azure functions serverless por Udaiappa Ramachandran
Azure functions serverlessAzure functions serverless
Azure functions serverless
Udaiappa Ramachandran298 visualizações

Último

ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... por
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...Jasper Oosterveld
19 visualizações49 slides
Igniting Next Level Productivity with AI-Infused Data Integration Workflows por
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Safe Software
280 visualizações86 slides
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive por
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveNetwork Automation Forum
34 visualizações35 slides
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors por
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensorssugiuralab
21 visualizações15 slides
Future of Indian ConsumerTech por
Future of Indian ConsumerTechFuture of Indian ConsumerTech
Future of Indian ConsumerTechKapil Khandelwal (KK)
22 visualizações68 slides
Case Study Copenhagen Energy and Business Central.pdf por
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdfAitana
16 visualizações3 slides

Último(20)

ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... por Jasper Oosterveld
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
Jasper Oosterveld19 visualizações
Igniting Next Level Productivity with AI-Infused Data Integration Workflows por Safe Software
Igniting Next Level Productivity with AI-Infused Data Integration Workflows Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Safe Software280 visualizações
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive por Network Automation Forum
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLiveAutomating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Automating a World-Class Technology Conference; Behind the Scenes of CiscoLive
Network Automation Forum34 visualizações
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors por sugiuralab
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective SensorsTouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
TouchLog: Finger Micro Gesture Recognition Using Photo-Reflective Sensors
sugiuralab21 visualizações
Future of Indian ConsumerTech por Kapil Khandelwal (KK)
Future of Indian ConsumerTechFuture of Indian ConsumerTech
Future of Indian ConsumerTech
Kapil Khandelwal (KK)22 visualizações
Case Study Copenhagen Energy and Business Central.pdf por Aitana
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdf
Aitana16 visualizações
SAP Automation Using Bar Code and FIORI.pdf por Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP23 visualizações
Uni Systems for Power Platform.pptx por Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.56 visualizações
Data Integrity for Banking and Financial Services por Precisely
Data Integrity for Banking and Financial ServicesData Integrity for Banking and Financial Services
Data Integrity for Banking and Financial Services
Precisely25 visualizações
Voice Logger - Telephony Integration Solution at Aegis por Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma39 visualizações
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... por TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc11 visualizações
Zero to Automated in Under a Year por Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum15 visualizações
SUPPLIER SOURCING.pptx por angelicacueva6
SUPPLIER SOURCING.pptxSUPPLIER SOURCING.pptx
SUPPLIER SOURCING.pptx
angelicacueva616 visualizações
Network Source of Truth and Infrastructure as Code revisited por Network Automation Forum
Network Source of Truth and Infrastructure as Code revisitedNetwork Source of Truth and Infrastructure as Code revisited
Network Source of Truth and Infrastructure as Code revisited
Network Automation Forum27 visualizações
NET Conf 2023 Recap por Lee Richardson
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson10 visualizações
Microsoft Power Platform.pptx por Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.53 visualizações
Future of AR - Facebook Presentation por ssuserb54b561
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
ssuserb54b56115 visualizações
virtual reality.pptx por G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal14 visualizações
6g - REPORT.pdf por Liveplex
6g - REPORT.pdf6g - REPORT.pdf
6g - REPORT.pdf
Liveplex10 visualizações
Evolving the Network Automation Journey from Python to Platforms por Network Automation Forum
Evolving the Network Automation Journey from Python to PlatformsEvolving the Network Automation Journey from Python to Platforms
Evolving the Network Automation Journey from Python to Platforms
Network Automation Forum13 visualizações

Azure Security Center

  • 1. Azure Security Center Udaiappa Ramachandran ( Udai ) https://udai.io
  • 2. About me • Udaiappa Ramachandran ( Udai ) • CTO-Akumina, Inc. • Cloud Expert • Microsoft Azure, Amazon Web Services and Google • New Hampshire Cloud User Group (http://www.meetup.com/nashuaug ) • https://udai.io
  • 3. Agenda • Introduction • Azure Security Center • Azure Defender • Secure Score • Security Policies • Regulatory Compliance • Security Alerts • Cloud Connectors • Resource Graph • DEMO…DEMO…DEMO… • References
  • 4. Security/Data Breaches • Adobe • Adult Friend Finder • Ashley Madison • AWS S3 Bucket • Canva • Code Spaces (source code hosting) • Dubsmash • eBay • Equifax • Facebook • Heartland Payment Systems • LinkedIn • Marriott International • My Fitness Pal • MySpace • NetEase • Podesta/Hillary Emails • Sina Weibo • Target • Yahoo • Zynga
  • 5. Challenges • Threats increasing in volume and sophistication • Attacker business models evolve to maximize attacker return on investment (ROI) • Attack automation and evasion techniques evolving along multiple dimensions • Can’t Stop All Attacks • Must balance investments across prevention, detection, and response • Prevention investments must be focused on real world attacks • Integration is required, but complex and costly • Threat Detection requires context from a diverse signal sources and high volumes of data • Efficient operations requires integration of tools and technology like machine learning • Requires Blend of Human Expertise and Technology • Need human expertise, adaptability, and creativity to combat human threat actors • Difficult to hire people deep expertise, growing skillset takes a long time
  • 6. Why use Security Center? • Centralized policy management – Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads. • Continuous security assessment – Monitor the security posture of machines, networks, storage and data services, and applications to discover potential security issues. • Actionable recommendations – Remediate security vulnerabilities before they can be exploited by attackers with prioritized and actionable security recommendations. • Prioritized alerts and incidents - Focus on the most critical threats first with prioritized security alerts and incidents. • Advanced cloud defenses – Reduce threats with just in time access to management ports and adaptive application controls running on your VMs. • Integrated security solutions - Collect, search, and analyze security data from a variety of sources, including connected partner solutions.
  • 7. Azure Security Center (ASC) • Cloud Security Posture Management • Policies, initiatives and recommendations • Secure Score and security controls • Cloud Workload Protection • Protect threats against Servers, Cloud native workloads, databases and storage • Security alerts and incidents
  • 8. Security HYGIENE • Software • Code • Third party • Compute & Apps • Network • Data & Storage • Identity
  • 9. Security Score • Measurement of an organization’s security posture, higher the number lower the risk • Score may fluctuate if no governance on new resource provisioning
  • 10. Security Policy • Security Policy is the driver for Security Score • Built in set of policies(security controls) automatically assigned on your subscription • The resources are assessed continuously • Each policy is in audit mode and checks for misconfigurations • Customize or Disable policies not relevant to organization
  • 11. Microsoft Defender (XDR) • M365 Defender • Identities • Endpoints • Apps • E-mail • Cloud Apps • Docs • Azure Defender • SQL • Virtual Machines • Containers • Network • IoT • PaaS Applications (Azure App Services)
  • 12. Regulatory Compliances • ISO 27001 • PCI DSS 3.2.1 • SOC TSP • NIST SP 800-53 • NIST SP 800 171 • SWIFT CSP CSCF v2020 • UKO and UK NHS • Canada Federal PBMM • HIPAA HITRUST • Azure CIS 1.3.0 • CMMC Level 3 • New Zealand ISM Restricted
  • 13. Remediation • Manual – Follow the remediation steps • ARM Template • PowerShell • Workflow Automation
  • 14. Security Alerts • Security alerts • Custom alerts • Thread intelligence • Detected threat types • Threat origin • Threat intelligence map
  • 15. Continuous Export • Export Types • Security Recommendations • Secure Score • Security alerts • Regulatory compliance • Export frequency • Streaming updates • Snapshots • Export Target • Event Hub • Log Analytics
  • 16. Cloud Connectors • AWS - Security Hub • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard- aws?WT.mc_id=Portal-Microsoft_Azure_Security • GCP - GCP Security Commands • https://docs.microsoft.com/en-us/azure/security-center/quickstart-onboard-gcp
  • 17. Azure Resource Graph(ARG) - Query • Query ASC Data • Export to CSV • Create Azure Workbook • ARG API
  • 18. References • http://docs.microsoft.com/en-us/azure/security-center • https://www.youtube.com/playlist?list=PL3ZTgFEc7LysTt_FBVZ1Bw8CyyyPraHGr • https://docs.microsoft.com/en-us/security/cybersecurity-reference- architecture/mcra • https://docs.microsoft.com/en-us/learn/browse • https://azure.microsoft.com/en-us/pricing/details/azure-defender/ • https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop • Git Resources • https://github.com/Azure/Azure-Security-Center • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ASCRecommendationsAzureResource • https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify- ResourceExemption

Notas do Editor

  1. AWS BUCKETS - https://www.scmagazine.com/contractor-misconfigures-aws-exposes-data-of-50000-australian-employees/article/704873/ AWS BUCKETS - https://www.tripwire.com/state-of-security/featured/preventing-yet-another-aws-s3-storage-breach-with-tripwire/ PODESTA / HILLARY - https://en.wikipedia.org/wiki/Podesta_emails OPM - https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach TARGET - https://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/ ASHLEY MADISON – ENUMERATION ATTACK Other Breaches Source: https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html Thread Landscape 90+ million cyber incidents 4+ million cost per breach 400+ billion loss from cyber attacks
  2. Rapidly changing resource Increasingly sophisticated attacks Security skills are in short supply Security hygiene is important https://outpost24.com/Press-Release-37-of-organisations-have-suffered-a-cyberattack-on-cloud-environments-due-to-the-lack-of-basic-cloud-security-hygiene https://blog.automox.com/bad-cyber-hygiene-breaches-tied-to-unpatched-vulnerabilities
  3. https://www.youtube.com/watch?v=p_yCOAhgSQk https://techcommunity.microsoft.com/t5/azure-sentinel/integrating-azure-security-center-with-azure-sentinel/ba-p/482847
  4. https://www.youtube.com/watch?v=p_yCOAhgSQk
  5. https://www.youtube.com/watch?v=p_yCOAhgSQk
  6. XDR-Extended Detection and Response DMZ=Demilitarized Zone DVR=Digital Video Recorder CVE=Common Vulnerabilities and Exposures CVSS=Common Vulnerability Scoring System
  7. ISO=International Organization for Standardization PCI=Payment Card Industry SOC TSP=Service Organization Controls Trust Service Criteria(Principles) NIST=National Institute of Standards and Technology CIS=Center for Internet Security CMMC=Cybersecurity Maturity Model Certification NZISM=New Zealand Information Security Manual HIPAA=The Health Insurance Portability and Accountability Act of 1996
  8. Determine the nature of the attack. Determine the attack point of origin. Determine the intent of the attack. Was the attack directed at your organization to acquire specific information, or was it random? Identify the systems that were compromised. Identify the files that were accessed and determine the sensitivity of those files.
  9. securityresources | where * contains 'Diagnostic logs should be enabled in App service' | where properties.status.code has 'unhealthy' securityresources | where * contains 'Azure Cosmos DB accounts should have firewall rules' | where properties.status.code has 'unhealthy'
  10. Privileged identity management –PIM, just in time administration MAM, MDM – Mobile application management , mobile device management https://aka.ms/ops101-learn https://aka.ms/ops101-blog https://aka.ms/ops101-docs https://docs.microsoft.com/en-us/security/ciso-workshop/ciso-workshop https://channel9.msdn.com/Shows/IT-Ops-Talk/OPS101-Securing-your-Hybrid-environment-Part-1-Azure-Security-Center https://channel9.msdn.com/Shows/IT-Ops-Talk/OPS103-Securing-your-Hybrid-environment--Part-2-Azure-Sentinel https://github.com/Azure/Azure-Security-Center https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify-ASCRecommendationsAzureResource https://github.com/Azure/Azure-Security-Center/tree/main/Workflow%20automation/Notify-ResourceExemption https://techcommunity.microsoft.com/t5/azure-security-center/how-to-keep-track-of-resource-exemptions-in-azure-security/ba-p/1770580 https://techcommunity.microsoft.com/t5/azure-security-center/send-asc-recommendations-to-azure-resource-stakeholders/ba-p/1216663 https://techcommunity.microsoft.com/t5/azure-security-center/creating-a-custom-dashboard-for-azure-security-center-with-azure/ba-p/1518647