🪴 Quartz 4.0

01 - Protect against security threats on Azure

4 min read

Protect against security threats on Azure

linking:: AZ-900, Azure-Security

Azure Security Center (Microsoft Defender for Cloud)

Monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. The term security posture refers to cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats.

  • Monitor security settings across on-premises and cloud workloads.
  • Automatically apply required security settings to new resources as they come online.
  • Provide security recommendations that are based on your current configurations, resources, and networks.
  • Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited.
  • Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run.
  • Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred.
  • Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.
  • Resources are analyzed against the security controls of any governance policies it has assigned, it can view its overall regulatory compliance from a security perspective all from one place.
  • Resource security hygiene shows health of resources from security perspective, recommendations categorized based on priority.
  • Secure score is a measurement of an organization’s security posture. Secure score is based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the score you receive.
  • Just-in-time VM access Tailwind Traders will configure just-in-time access to VMs. This access blocks traffic by default to specific network ports of VMs, but allows traffic for a specified time when an admin requests and approves it.
  • Adaptive application controls Tailwind Traders can control which applications are allowed to run on its VMs. In the background, Security Center uses machine learning to look at the processes running on a VM. It creates exception rules for each resource group that holds the VMs and provides recommendations. This process provides alerts that inform the company about unauthorized applications that are running on its VMs.
  • Adaptive network hardening Security Center can monitor the internet traffic patterns of the VMs, and compare those patterns with the company’s current network security group (NSG) settings. From there, Security Center can make recommendations about whether the NSGs should be locked down further and provide remediation steps.
  • File integrity monitoring Tailwind Traders can also configure the monitoring of changes to important files on both Windows and Linux, registry settings, applications, and other aspects that might indicate a security attack.
  • Centralized view of all security alerts, can be integrated with logic apps to investigate, dismiss, or send integration.

Azure Sentinel

  • Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
  • Detect previously undetected threats Minimize false positives by using Microsoft’s comprehensive analytics and threat intelligence.
  • Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
  • Respond to incidents rapidly Use built-in orchestration and automation of common tasks.

Provides an investigation graph, and can also use Azure Monitor Workbooks to automate response to threats.

Azure Key Vault

  • Manage secrets You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
  • Manage encryption keys You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data.
  • Manage SSL/TLS certificates Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.
  • Store secrets backed by hardware security modules (HSMs) These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.

Azure Dedicated Host

  • Gives you visibility into, and control over, the server infrastructure that’s running your Azure VMs.
  • Helps address compliance requirements by deploying your workloads on an isolated server.
  • Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.

Graph View