In this session, students will learn about Azure Security Center and Azure platform security. Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.

2. Scott Hoag
Principal Cloud Solutions Architect
Opsgility
@ciphertxt
https://psconfig.com
https://about.me/scotth

3. Azure Security Center
Identity
Advanced Threat Analytics

4. Azure Security Center

5. Microsoft Azure Security Center

6. Ensure compliance with company or regulatory
security requirements
CENTRAL POLICY MANAGEMENT
Define a security policy for each
subscription in Security Center
Apply across multiple subscriptions
using Azure Management Groups
DISCOVERY AND ONBOARDING
Automatically discover new Azure
resources, apply policy, and
provision the monitoring agent

7. Collect, search, and
analyze security data
from a variety of
sources

8. Search and
analyze security
data using a
flexible query
language

9. Use built-in
notable events to
monitor specific
event types or
create your own
watchlist

10. Built in cyber
defenses help
block malicious
access and
applications

11. Built-in Azure, no setup required
Automatically discover
and monitor security of
Azure resources
Gain insights for hybrid resources
Easily onboard resources running in
other clouds and on-premises
Monitor security state of cloud resources1

12. Ensure secure VM configurations2
Harden Virtual Machines
System update status
Antimalware protection
OS and web server config
Fix vulnerabilities quickly
Prioritized, actionable security
recommendations

13. Encrypt disks and data3
Use Network Security Groups
Apply NSG rules to con
Storage
Azure SQL Database

14. Control network traffic4
Use Network Security Groups
Apply NSG rules for inbound and
outbound traffic
Add Built-In and Partner Firewalls
Protect web applications with
web application firewalls
Deploy Next Generation firewalls

15. Collect security data5
Analyze and search security
logs from many sources
Connected security solutions
running in Azure, eg firewalls and
antimalware solutions
Azure Active Directory
Information Protection and
Advanced Threat Analytics
Any security solution that
support Common Event Format
(CEF)

16. EASY ACCESS
Access to VMs requires only
local admin credentials, which
are easier targets for brute
attacks than more carefully
managed domain accounts
100,00 ATTACKS/MONTH
On average Azure VMs are the
subject to 100,000 brute force
attacks targeting management
ports, most commonly RDP
and SSH ports
ALWAYS OPEN
While access to management
ports is only required
sporadically, these ports are
often left open for convenience
or by accident

17. Limit exposure to brute force attacks6
Lock down management ports
on virtual machines
Enable just-in-time access
to virtual machines
Access automatically granted
for limited time

18. BUILT ON CLOUD LOG ANALYTICS PLATFORM
ALWAYS EVOLVING
Malware is constantly changing - you can no longer
rely on antimalware software to detect and remove
malicious code from running on your machines
HARD TO BLOCK
Application controls can be very effective at blocking malware
and unwanted applications, but management of whitelists can
be labor-intensive and error prone
Malware is rampant and rapidly evolving

19. Block malware and unwanted applications7
Allow safe applications only
Adaptive whitelisting learns
application patterns
Simplified management with
recommended whitelists

20. Use advanced analytics to detect threats
quickly
8
Get prioritized security alerts
Details about detected threats
and recommendations
Detect threats across the kill chain
Alerts that conform to kill
chain patterns are fused into
a single incident

21. Use advanced analytics to detect threats quickly

22. PORT SCANNING
ACTIVITY DETECTED
BRUTE FORCE
ACTIVITY DETECTED
SUSPICIOUS PROCESS
EXECUTED ON VM
DNS DATA EXFILTRATION
ACTIVITY DETECTED
KILL CHAIN
INCIDENT GENERATED
Anatomy of real attack-detected by Security Center

23. Quickly assess the scope and impact of
attack
9
Simplify security operations and
investigations
Interactive experience to
explore links across alerts,
computers and users
Use predefined or ad hoc
queries for deeper
examination

24. Automate threat response10
Automate and orchestrate common
security workflows
Create playbooks with integration
of Azure Logic Apps
Trigger workflows from any alert
to enable conditional actions

25. Azure Security Center helps unify security management
and protects hybrid cloud workloads
Prevent threats with
adaptive controls
Gain visibility
and control
Enable intelligent detection
and response
Centrally manage security
across all of your IaaS
deployment
Harden OS, VNet, storage,
and SQL configurations and
apply preventive controls
Monitor VM events and
network traffic to identify
threats and react quickly

26. Take actions today
To learn more, visit
azure.microsoft.com/en-us/services/security-center/
Use Security Center for
Azure resources
Start trial for ASC
standard to get advanced
threat protection
Onboard on-premises
and other cloud
workloads

27. Azure Identity

28. Identity is full of Constant Challenges …
Administering & Managing identity
and user access to resources
Securing Networks
Managing Known & Unknown
Threats
Industry Governess & Compliance
Encrypting communications and
operation processes
Dealing with Law Enforcement

29. Risk based Conditional Access
automatically protects against
suspicious logins and
compromised credentials
Detect and remediate
configuration vulnerabilities to
improve your security posture
Gain insights from a
consolidated view of machine
learning based threat detection
Q
Brute force attacks
Leaked credentials
Infected devices
Suspicious sign-in
activities
Configuration
vulnerabilities
Risk-Based policies
MFA Challenge
Risky Logins
Block attacks
Change bad
credentials
Azure Identity Protection

30. User Logs in
Date / Time
Location
Alert Triggers
Detailed Logs
Risk Evaluation
Reporting Services
Detailed
Heuristics
Azure Identity Protection

31. Azure AD Identity Protection
Provides Admins with Detailed Reports on:
Looks for Users with potentially leaked
credentials
Monitors Irregular sign-in activity
Looks for Sign-ins from possibly infected
devices & unfamiliar locations
Monitors Sign-ins from IP addresses with
suspicious activity
Monitors Sign-ins from impossible travel &
Much More …
*Requires Azure AD Premium
Azure Identity Protection
User Logs in

32. Azure Multi-Factor
Authentication

33. Azure Multi Factor Authentication
Method of authentication requiring more
than one verification method
Combines device as something you have or
Somewhere you are
Password Something you know
Fully supports Biometrics (Something you are)
Adds a critical second layer of security to user
sign-ins and transactions
Available for Azure, Office 365 & Hybrid
Deployments
User Logs in

34. Azure Multi Factor Authentication
Authentication Methods:
Phone call
Text message
Mobile app notification
Users can choose the method they prefer
Mobile app verification code
Supports 3rd party OAUTH tokens
Supports Windows Hello for Business
Integrates with 3rd party Biometric Systems

35. Azure Multi Factor Authentication

36. Azure Multi Factor Authentication

37. Microsoft Authenticator
App which works with
both Microsoft
accounts and Azure
AD accounts
Supports both
enterprise and
consumer scenarios

38. Azure Advanced Threat
Analytics

39. What is Advanced Threat Analytics?
Cloud linked to on-premises that protects your enterprise from multiple
types of advanced targeted cyber attacks and insider threats.
Reconnaissance: Detects attackers as they gather information on your
environment and its assets
Lateral movement cycle, Prevents attackers spreading their attack surface
inside your network.
Prevents persistence during which an attacker captures the information
allowing them to resume their campaign using various set of entry points,
credentials and techniques.

40. Can Help Prevent the following Attacks
Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Malicious replications
Reconnaissance
Brute Force
Remote execution

41. Can Help Detect the following Threats
Anomalous logins
Unknown threats
Password sharing
Lateral movement

42. Azure Security Center
Identity
Advanced Threat Analytics

43. #jaxcloud @jaxcloudug
http://jaxug.cloud https://jaxcloudug.azurewebsites.net