Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

03_Azure Security Center_GAB2019


Published on

รู้จักเครื่องมือที่จะเข้ามาช่วยจัดการในเรื่องของความปลอดภัยให้กับ Resources ต่าง ๆ ใน Azure
โดยคุณวิสิทธิ์ ทองภู่
Microsoft MVP (Azure)

Published in: Technology
  • Be the first to comment

  • Be the first to like this

03_Azure Security Center_GAB2019

  1. 1. More than 10 years of IT Experience and working with MS. Team and Partners to deliver Microsoft Solutions and specializes in the following Microsoft Technologies and Solutions: - Microsoft Cloud Solutions (Private, Public and Hybrid Clouds) - Windows Server 2012, R2, 2016, and 2019 AD, Hyper-V, and Infrastructure Services - System Center 2012 R2, 2016 and 2019 (System & Device Management and Others) - Windows 10 Enterprise Services (Deployment, Security, and Others) IT Consultant
  2. 2. Azure Security Center (ASC)-Introduction Threats increasing rapidly, and the Threats Landscape is changing continuously. Ransom-wares like Wanna Cry infections in businesses and even home users, was in the beginning of 2017 a big problem. Another security threat are Trojans. Attackers can breach a resource and then use this source to attack other resources in the Cloud. Customers need to detect (monitor) breaches and based on these alerts, they need to take the necessary actions to prevent these attacks. This will result in a better protection of Customer’s Environment and will cause less loss of Data and Money. Detecting/Monitoring Threats is a good start, but Customers need to gather data to understand the Threats, looking for patterns by using Machine Learning that will make the solution more bullet proof against Threats.
  3. 3. Azure Security Center (ASC)-Introduction Shared Responsibility Model
  4. 4. Azure Security Center (ASC)-Introduction Based on this model we can adopt that protection of only the assets is not enough. Building a Solid Security Posture will be more the way to go, to secure Customer’s Environment against Threats. This Solid Security Posture is based on 3 Pillars: StorageComputeIdentity Networking CloudOn-Premises and • Prevent • Detect • Respond
  5. 5. Azure Security Center (ASC)-Introduction Azure Security Center (ASC) is a Microsoft Azure Service which provides a Unified Security Management Solution (Prevent, Detect, and Respond to Security Threats) that affect the Azure Resources and Workloads on Hybrid Cloud Environments. ASC is centralized visibility showing you the security level of all your resources. Also, it utilizes Azure Services such as Machine Learning and Advanced Analytics to help you identify and detect security threats before they compromise your environment. Azure Security Center does more than detect threats. It also assesses the security of your Hybrid Cloud Workload and provides recommendations to mitigate threats. And it provides centralized policy management to ensure compliance with company or regulatory security requirements.
  6. 6. Azure Security Center (ASC)-Introduction Everything you need to configure Azure Security Center is in the Azure Portal. The Azure Security Center Dashboard on the Azure Portal gives you a full overview of the security state of all workloads across your organization. From this console, you can automatically discover and commission new Azure resources and apply security policies across your hybrid cloud. From the ASC dashboard, you can also configure the collation of security-related data from a variety of sources, including logs from your Azure services, firewalls, and third-party provided Azure Security Center solutions such as vulnerability scanners.
  7. 7. Azure Security Center (ASC)-Features 1. Centralized Policy Management 2. Continuous Security Assessments (Threat Intelligence) 3. Actionable Recommendations 4. Advanced Cloud Defenses 5. Intelligent Alerting.
  8. 8. ASC Features-Centralized Policy Management ASC centralizes and enforces Security Policy Management (Standardization) across your organization’s Cloud and On-Premise Environments which improves compliance and security. Enabling Centralized Security Policy Management involves configuring components contained within the ASC Security Policy Service. These include Data Collection, Security Policies, and Email Notifications. With these settings you can adjust for agent provisioning, how data collects, what ASC controls and recommends, and configure your alerting infrastructure.
  9. 9. ASC Features-Continuous Security Assessment ASC’s Advanced Threat Detection Capabilities. These include integrated Threat Intelligence which looks for security risks by leveraging security data collected from Microsoft products globally, behavioral analytics which applies known patterns to discover malicious behavior, and anomaly detection which uses statistical profiling to build a historical baseline and alerts on events which deviate from established norms.
  10. 10. ASC Features-Actionable Recommendations ASC gathers security-related data from a variety of sources which include logs and events generated by Azure Services as well as data provided by third-party services commissioned to protect your Azure hybrid environments. From the data collected, ASC provides actionable recommendations which you can execute directly from the Azure portal. These recommendations include simple administrative instructions like providing security contact details or applying system updates, to more advanced tasks including deploying end-point protection on your commissioned VMs or applying disk encryption where this has not been enabled. With ASC’s Actionable Recommendations you can remediate security vulnerabilities before they are exploited which ASC ranks by the severity and impact they would have on your IT assets. This ASC feature not only lets you get a consolidated list of all open security issues affecting your environment; it provides the necessary actions you need to take to remediate problems.
  11. 11. ASC Features-Advanced Cloud Defenses The Advanced Cloud Defenses incorporated into ASC include the following features created to specifically protect Cloud Resources from compromise. 1. Just-In-Time (JIT) VM Access 2. Adaptive Application Controls 3. File Integrity Monitoring (FIM)
  12. 12. Advanced Cloud Defenses-JIT Just-in-time (JIT) VM Access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
  13. 13. Advanced Cloud Defenses-Adaptive Application Control Adaptive Application Control is an Intelligent, Automated end-to-end application whitelisting Solution from Azure Security Center. It helps you control which applications can run on your Azure and non-Azure VMs (Windows and Linux), which, among other benefits, helps harden your VMs against malware.
  14. 14. Advanced Cloud Defenses-File Integrity Monitoring File Integrity Monitoring (FIM) also known as change monitoring, examines files and registries of operating system, application software, and others for changes that might indicate an attack. A comparison method is used to determine if the current state of the file is different from the last scan of the file. You can leverage this comparison to determine if valid or suspicious modifications have been made to your files. ASC’s File Integrity Monitoring validates the integrity of Windows files, Windows registry, and Linux files. You select the files that you want monitored by enabling FIM. Security Center monitors files with FIM enabled for activity such as: •File and Registry creation and removal •File modifications (changes in file size, access control lists, and hash of the content) •Registry modifications (changes in size, access control lists, type, and the content)
  15. 15. ASC Features-Intelligent Alerting ASC consolidates alerts created from incidents which collect and log from a variety of different sources. Using Advanced Analytics and Threat Intelligence to detect incoming attacks and post-breach activity. ASC will prioritize and group these alerts by criticality ensuring you have the visibility to focus on the most important incidents first.
  16. 16. Azure Security Center (ASC)-Pricing