รู้จักเครื่องมือที่จะเข้ามาช่วยจัดการในเรื่องของความปลอดภัยให้กับ Resources ต่าง ๆ ใน Azure โดยคุณวิสิทธิ์ ทองภู่ Microsoft MVP (Azure)

2. More than 10 years of IT Experience and working with MS. Team and Partners to deliver
Microsoft Solutions and specializes in the following Microsoft Technologies and Solutions:
- Microsoft Cloud Solutions (Private, Public and Hybrid Clouds)
- Windows Server 2012, R2, 2016, and 2019 AD, Hyper-V, and Infrastructure Services
- System Center 2012 R2, 2016 and 2019 (System & Device Management and Others)
- Windows 10 Enterprise Services (Deployment, Security, and Others)
IT Consultant

3. Azure Security Center (ASC)-Introduction
Threats increasing rapidly, and the Threats Landscape is changing continuously.
Ransom-wares like Wanna Cry infections in businesses and even home users, was in the
beginning of 2017 a big problem. Another security threat are Trojans.
Attackers can breach a resource and then use this source to attack other resources in the Cloud.
Customers need to detect (monitor) breaches and based on these alerts, they need to take the
necessary actions to prevent these attacks. This will result in a better protection of Customer’s
Environment and will cause less loss of Data and Money.
Detecting/Monitoring Threats is a good start, but
Customers need to gather data to understand the Threats,
looking for patterns by using Machine Learning that will
make the solution more bullet proof against Threats.

4. Azure Security Center (ASC)-Introduction
Shared Responsibility Model

5. Azure Security Center (ASC)-Introduction
Based on this model we can adopt that protection of only the assets is not enough. Building a
Solid Security Posture will be more the way to go, to secure Customer’s Environment against
Threats. This Solid Security Posture is based on 3 Pillars:
StorageComputeIdentity Networking
CloudOn-Premises and
• Prevent
• Detect
• Respond

6. Azure Security Center (ASC)-Introduction
Azure Security Center (ASC) is a Microsoft Azure Service which provides a Unified Security
Management Solution (Prevent, Detect, and Respond to Security Threats) that affect the Azure
Resources and Workloads on Hybrid Cloud Environments.
ASC is centralized visibility showing you the security level of all your resources. Also, it utilizes Azure
Services such as Machine Learning and Advanced Analytics to help you identify and detect
security threats before they compromise your environment.
Azure Security Center does more than detect threats. It also assesses the security of your Hybrid Cloud
Workload and provides recommendations to mitigate threats. And it provides centralized policy
management to ensure compliance with company or regulatory security requirements.

7. Azure Security Center (ASC)-Introduction
Everything you need to configure
Azure Security Center is in the
Azure Portal. The Azure Security
Center Dashboard on the Azure
Portal gives you a full overview of
the security state of all workloads
across your organization.
From this console, you can automatically discover and commission new Azure resources and apply
security policies across your hybrid cloud. From the ASC dashboard, you can also configure the
collation of security-related data from a variety of sources, including logs from your Azure services,
firewalls, and third-party provided Azure Security Center solutions such as vulnerability scanners.

8. Azure Security Center (ASC)-Features
1. Centralized Policy Management
2. Continuous Security Assessments (Threat Intelligence)
3. Actionable Recommendations
4. Advanced Cloud Defenses
5. Intelligent Alerting.

9. ASC Features-Centralized Policy Management
ASC centralizes and enforces Security Policy Management (Standardization) across your organization’s
Cloud and On-Premise Environments which improves compliance and security.
Enabling Centralized Security Policy Management involves configuring components contained within
the ASC Security Policy Service. These include Data Collection, Security Policies, and Email
Notifications. With these settings you can adjust for agent provisioning, how data collects, what ASC
controls and recommends, and configure your alerting infrastructure.

10. ASC Features-Continuous Security Assessment
ASC’s Advanced Threat Detection Capabilities. These include integrated Threat Intelligence which looks
for security risks by leveraging security data collected from Microsoft products globally, behavioral
analytics which applies known patterns to discover malicious behavior, and anomaly detection which
uses statistical profiling to build a historical baseline and alerts on events which deviate from established
norms.

11. ASC Features-Actionable Recommendations
ASC gathers security-related data from a variety of sources which include logs and events generated
by Azure Services as well as data provided by third-party services commissioned to protect your
Azure hybrid environments.
From the data collected, ASC provides actionable recommendations which you can execute directly
from the Azure portal. These recommendations include simple administrative instructions like
providing security contact details or applying system updates, to more advanced tasks including
deploying end-point protection on your commissioned VMs or applying disk encryption where this
has not been enabled.
With ASC’s Actionable Recommendations you can remediate security vulnerabilities before they are
exploited which ASC ranks by the severity and impact they would have on your IT assets. This ASC
feature not only lets you get a consolidated list of all open security issues affecting your environment;
it provides the necessary actions you need to take to remediate problems.

12. ASC Features-Advanced Cloud Defenses
The Advanced Cloud Defenses incorporated into ASC include the following features created
to specifically protect Cloud Resources from compromise.
1. Just-In-Time (JIT) VM Access
2. Adaptive Application Controls
3. File Integrity Monitoring (FIM)

13. Advanced Cloud Defenses-JIT
Just-in-time (JIT) VM Access can be used to lock down inbound traffic to your Azure VMs,
reducing exposure to attacks while providing easy access to connect to VMs when needed.

14. Advanced Cloud Defenses-Adaptive Application Control
Adaptive Application Control is an Intelligent, Automated end-to-end application
whitelisting Solution from Azure Security Center. It helps you control which applications can
run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits,
helps harden your VMs against malware.

15. Advanced Cloud Defenses-File Integrity Monitoring
File Integrity Monitoring (FIM) also known as change monitoring, examines files and
registries of operating system, application software, and others for changes that might indicate
an attack. A comparison method is used to determine if the current state of the file is different
from the last scan of the file. You can leverage this comparison to determine if valid or
suspicious modifications have been made to your files.
ASC’s File Integrity Monitoring validates the integrity of Windows files, Windows registry, and
Linux files. You select the files that you want monitored by enabling FIM. Security Center
monitors files with FIM enabled for activity such as:
•File and Registry creation and removal
•File modifications (changes in file size, access control lists, and hash of the content)
•Registry modifications (changes in size, access control lists, type, and the content)

16. ASC Features-Intelligent Alerting
ASC consolidates alerts created from incidents which
collect and log from a variety of different sources. Using
Advanced Analytics and Threat Intelligence to detect
incoming attacks and post-breach activity.
ASC will prioritize and group these alerts by criticality
ensuring you have the visibility to focus on the most
important incidents first.

17. Azure Security Center (ASC)-Pricing