SlideShare a Scribd company logo

Tour to Azure Security Center

Lalit Rawat
Lalit Rawat

We have discussed about azure security center and it's features.We have discussed on best practices about azure security and Security center feature.

Technology
1 of 24
Download to read offline
Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
Cloud security is a shared responsibility
Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
Securing Azure Environments
One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
Demo Security Center Overview
Policy & compliance
Policy & Compliance
Policy & Compliance
Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
Demo Compliance & Policy
Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
What is a custom alert?
Custom alert example
Creating Custom Security Alerts Lets See Demo
Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template
Our Supporters #askgab19#gabblr19 Use the HASHTAG

Recommended

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 

Recommended

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 
Azure security basics
Azure security basicsAzure security basics
Azure security basics
Stas Lebedenko
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
Bruno Capuano
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
Zabeel Institute
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
Abdul Khan
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 

More Related Content

What's hot

Azure security basics
Azure security basicsAzure security basics
Azure security basics
Stas Lebedenko
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
Bruno Capuano
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
Zabeel Institute
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 

What's hot (20)

Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure security
Azure securityAzure security
Azure security
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 

Similar to Tour to Azure Security Center

Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
Abdul Khan
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
NCCOMMS
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
girish goudar
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
Peter Selch Dahl
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
Vignesh Ganesan I Microsoft MVP
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
Reena Harnal
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
Amazon Web Services
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdf
Zen Bit Tech
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
RightScale
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
itnewsafrica
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
Valdez Ladd MBA, CISSP, CISA,
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
Patrick Sklodowski
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
Kevin Grossnicklaus
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
Andrew Siemer
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
RightScale
 

Similar to Tour to Azure Security Center (20)

Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdf
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 

Tour to Azure Security Center

  • 1. Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
  • 2. Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
  • 3. Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
  • 4. But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
  • 5. Cloud security is a shared responsibility
  • 6. Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
  • 8. One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
  • 9. Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
  • 10. Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
  • 15. Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
  • 17. Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
  • 18. File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
  • 19. What is a custom alert?
  • 22. Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
  • 23. Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template