In this session, students will learn about Azure Security Center and Azure platform security.
Azure Security Center makes it easier than ever to protect your Microsoft Azure virtual machines and virtual networks (as well as Azure SQL Databases, Storage, and more), enabling you to move to the cloud with confidence.
6. Ensure compliance with company or regulatory
security requirements
CENTRAL POLICY MANAGEMENT
Define a security policy for each
subscription in Security Center
Apply across multiple subscriptions
using Azure Management Groups
DISCOVERY AND ONBOARDING
Automatically discover new Azure
resources, apply policy, and
provision the monitoring agent
11. Built-in Azure, no setup required
Automatically discover
and monitor security of
Azure resources
Gain insights for hybrid resources
Easily onboard resources running in
other clouds and on-premises
Monitor security state of cloud resources1
12. Ensure secure VM configurations2
Harden Virtual Machines
System update status
Antimalware protection
OS and web server config
Fix vulnerabilities quickly
Prioritized, actionable security
recommendations
13. Encrypt disks and data3
Use Network Security Groups
Apply NSG rules to con
Storage
Azure SQL Database
14. Control network traffic4
Use Network Security Groups
Apply NSG rules for inbound and
outbound traffic
Add Built-In and Partner Firewalls
Protect web applications with
web application firewalls
Deploy Next Generation firewalls
15. Collect security data5
Analyze and search security
logs from many sources
Connected security solutions
running in Azure, eg firewalls and
antimalware solutions
Azure Active Directory
Information Protection and
Advanced Threat Analytics
Any security solution that
support Common Event Format
(CEF)
16. EASY ACCESS
Access to VMs requires only
local admin credentials, which
are easier targets for brute
attacks than more carefully
managed domain accounts
100,00 ATTACKS/MONTH
On average Azure VMs are the
subject to 100,000 brute force
attacks targeting management
ports, most commonly RDP
and SSH ports
ALWAYS OPEN
While access to management
ports is only required
sporadically, these ports are
often left open for convenience
or by accident
17. Limit exposure to brute force attacks6
Lock down management ports
on virtual machines
Enable just-in-time access
to virtual machines
Access automatically granted
for limited time
18. BUILT ON CLOUD LOG ANALYTICS PLATFORM
ALWAYS EVOLVING
Malware is constantly changing - you can no longer
rely on antimalware software to detect and remove
malicious code from running on your machines
HARD TO BLOCK
Application controls can be very effective at blocking malware
and unwanted applications, but management of whitelists can
be labor-intensive and error prone
Malware is rampant and rapidly evolving
19. Block malware and unwanted applications7
Allow safe applications only
Adaptive whitelisting learns
application patterns
Simplified management with
recommended whitelists
20. Use advanced analytics to detect threats
quickly
8
Get prioritized security alerts
Details about detected threats
and recommendations
Detect threats across the kill chain
Alerts that conform to kill
chain patterns are fused into
a single incident
22. PORT SCANNING
ACTIVITY DETECTED
BRUTE FORCE
ACTIVITY DETECTED
SUSPICIOUS PROCESS
EXECUTED ON VM
DNS DATA EXFILTRATION
ACTIVITY DETECTED
KILL CHAIN
INCIDENT GENERATED
Anatomy of real attack-detected by Security Center
23. Quickly assess the scope and impact of
attack
9
Simplify security operations and
investigations
Interactive experience to
explore links across alerts,
computers and users
Use predefined or ad hoc
queries for deeper
examination
24. Automate threat response10
Automate and orchestrate common
security workflows
Create playbooks with integration
of Azure Logic Apps
Trigger workflows from any alert
to enable conditional actions
25. Azure Security Center helps unify security management
and protects hybrid cloud workloads
Prevent threats with
adaptive controls
Gain visibility
and control
Enable intelligent detection
and response
Centrally manage security
across all of your IaaS
deployment
Harden OS, VNet, storage,
and SQL configurations and
apply preventive controls
Monitor VM events and
network traffic to identify
threats and react quickly
26. Take actions today
To learn more, visit
azure.microsoft.com/en-us/services/security-center/
Use Security Center for
Azure resources
Start trial for ASC
standard to get advanced
threat protection
Onboard on-premises
and other cloud
workloads
28. Identity is full of Constant Challenges …
Administering & Managing identity
and user access to resources
Securing Networks
Managing Known & Unknown
Threats
Industry Governess & Compliance
Encrypting communications and
operation processes
Dealing with Law Enforcement
29. Risk based Conditional Access
automatically protects against
suspicious logins and
compromised credentials
Detect and remediate
configuration vulnerabilities to
improve your security posture
Gain insights from a
consolidated view of machine
learning based threat detection
Q
Brute force attacks
Leaked credentials
Infected devices
Suspicious sign-in
activities
Configuration
vulnerabilities
Risk-Based policies
MFA Challenge
Risky Logins
Block attacks
Change bad
credentials
Azure Identity Protection
30. User Logs in
Date / Time
Location
Alert Triggers
Detailed Logs
Risk Evaluation
Reporting Services
Detailed
Heuristics
Azure Identity Protection
31. Azure AD Identity Protection
Provides Admins with Detailed Reports on:
Looks for Users with potentially leaked
credentials
Monitors Irregular sign-in activity
Looks for Sign-ins from possibly infected
devices & unfamiliar locations
Monitors Sign-ins from IP addresses with
suspicious activity
Monitors Sign-ins from impossible travel &
Much More …
*Requires Azure AD Premium
Azure Identity Protection
User Logs in
33. Azure Multi Factor Authentication
Method of authentication requiring more
than one verification method
Combines device as something you have or
Somewhere you are
Password Something you know
Fully supports Biometrics (Something you are)
Adds a critical second layer of security to user
sign-ins and transactions
Available for Azure, Office 365 & Hybrid
Deployments
User Logs in
34. Azure Multi Factor Authentication
Authentication Methods:
Phone call
Text message
Mobile app notification
Users can choose the method they prefer
Mobile app verification code
Supports 3rd party OAUTH tokens
Supports Windows Hello for Business
Integrates with 3rd party Biometric Systems
39. What is Advanced Threat Analytics?
Cloud linked to on-premises that protects your enterprise from multiple
types of advanced targeted cyber attacks and insider threats.
Reconnaissance: Detects attackers as they gather information on your
environment and its assets
Lateral movement cycle, Prevents attackers spreading their attack surface
inside your network.
Prevents persistence during which an attacker captures the information
allowing them to resume their campaign using various set of entry points,
credentials and techniques.
40. Can Help Prevent the following Attacks
Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Malicious replications
Reconnaissance
Brute Force
Remote execution
41. Can Help Detect the following Threats
Anomalous logins
Unknown threats
Password sharing
Lateral movement