Programmatically onboard and manage your subscriptions in Azure Security Center
Securing your Azure workloads has become easier with the release of Azure Security Center (ASC) official PowerShell Module! Many organizations are looking to automate more tasks, as manual work is prone to human error and creates a potential for duplicative work. The need for automation is especially prevalent when it comes to large scale deployments that involve dozens of subscriptions with hundreds and thousands of resources – all of which must be secured from the beginning. Read about it in the https://azure.microsoft.com/en-us/blog/programmatically-onboard-and-manage-your-subscriptions-in-azure-security-center/.New Azure Security Paper Series
There are a new set of Azure Security Papers as announced https://blogs.technet.microsoft.com/yuridiogenes/2017/05/04/new-azure-security-paper-series/ that I thought were worth promoting in this space: Azure Operational Security To help customers better understand the array of security controls implemented within Microsoft Azure from both the customer's and Microsoft operational perspectives, this white paper, “Azure Operational Security", is written that provides a comprehensive look at the operational security available with Windows Azure. https://docs.microsoft.com/en-us/azure/security/azure-operational-security Azure Advanced Threat Detection This white paper will guide you the “Microsoft Azure approaches” towards threat vulnerability diagnostic and analysing the risk associated with the malicious activities targeted against servers and other Azure resources. This helps you to identify the methods of identification and vulnerability management with optimized solutions by the Azure platform and customer-facing security services and technologies. https://docs.microsoft.com/en-us/azure/security/azure-threat-detection Azure Logging and Auditing This whitepaper provides an introduction for generating, collecting, and analyzing security logs from services hosted on Azure, and it can help you gain security insights into your Azure deployments. https://docs.microsoft.com/en-us/azure/security/azure-log-audit Introduction to Azure Security Azure’s infrastructure is designed from facility to applications for hosting millions of customers simultaneously, and it provides a trustworthy foundation upon which businesses can meet their security requirements. In addition, Azure provides you with a wide array of configurable security options and the ability to control them so that you can customize security to meet the unique requirements of your organization’s deployments. This document helps you understand how Azure security capabilities can help you fulfill these requirements. https://docs.microsoft.com/en-us/azure/security/azure-security Isolation in the Azure Public Cloud This article outlines how Microsoft Azure provides isolation against both malicious and non-malicious users and serves as a guide for architecting cloud solutions by offering various isolation choices to architects. This white paper focuses on the technology of Azure platform and customer-facing security controls, and does not attempt to address SLAs, pricing models, and DevOps practice considerations. https://docs.microsoft.com/en-us/azure/security/azure-isolationHow Azure Security Center helps reveal a Cyberattack
The Azure Security Center (ASC) analysts team reviews and investigates ASC alerts to gain insight into security incidents affecting Microsoft Azure customers, helping improve Azure Security alerts and detections. ASC helps customers keep pace with rapidly evolving threats by using advanced analytics and global threat intelligence. Although we have come a long way as far as cloud security is concerned, even today security factors are heavily discussed as companies consider moving their assets to the cloud. The Azure Security Center team understands how critical it is for our customers to be assured that their Azure deployments are secure, not only from advanced attacks but even from the ones that are not necessarily new or novel. The beauty of ASC lies in its simplicity. Although ASC uses machine learning, anomaly detection, and behavioral analysis to determine suspicious events, it still addresses simple things like SQL brute force attacks that Bad Guys/Script Kiddies are using to break into Microsoft SQL servers. Read about it on the https://azure.microsoft.com/en-us/blog/how-azure-security-center-helps-reveal-a-cyberattack/.Large Scale Analysis of DNS Query Logs Reveals Botnets in the Cloud
The arms race between data security professionals and cybercriminals continues at a rapid pace. More than ever, attackers exploit compute resources for malicious purposes by deploying malware, known as “bots”, in virtual machines running in the cloud. Even a conservative estimate reveals that, at least, 1 in every 10,000 machines are part of some known Botnet. To better protect VMs in the cloud, Azure Security Center (ASC) applies a novel supervised Machine Learning model for high-precision Botnet detection based on analysis of DNS query logs. This model achieves 95% precision and 43% recall and can detect Botnets before they are reported by antimalware companies. Read more on the https://azure.microsoft.com/en-us/blog/large-scale-analysis-of-dns-query-logs-reveals-botnets-in-the-cloud/.Azure Security Center Guide and Demo
I thought these recent Azure Security Center resources may be of interest. TechNet UK Your 2017 guide to Azure Security Center https://blogs.technet.microsoft.com/uktechnet/2017/02/17/your-2017-guide-to-azure-security-center/ As ransomware attacks become more sophisticated, cloud based applications are at an increased risk. Professionals using Microsoft Azure must now take full advantage of the recently introduced Security Center to defend their cloud infrastructure and applications. With support for Windows Server 2016 recently announced and a host of new updates planned for 2017, organisations will be missing out if they fail to make the most of Azure Security Center. Microsoft Ignite Australia 2017 Leverage Azure for the most Stringent Security and Compliance Requirements https://channel9.msdn.com/Events/Ignite/Australia-2017/CLD327 See how Azure meets the security and compliance requirements of some of our most security conscious customers in financial services and public sector. We will cover some of the common concerns of a CSO/CISO and how Azure addresses them. Learn how you can leverage Azure’s massive investments in compliance certifications. Learn how to leverage Azure security center to manage and monitor your enterprise’s Azure deployments or import the logs into other SIEM tools. See demos of the Azure security center, Azure’s network security capabilities and some partner solutions available off the Azure marketplace. https://view.officeapps.live.com/op/view.aspx?src=https%3a%2f%2fignite2017au.blob.core.windows.net%2fignite%2fExports%2fDay2%2fCLD327%2fCLD327.pptxAzure Security Center Data Flow Document Now Available!!
Hello Everyone, The Azure Security Data Flow document is now available. The goal of this document is to walk you through the paths that data traverses when using Azure Security Center (ASC). It covers agent collection, the central collection of log data, the creation of recommendations and alerts. https://aka.ms/ascdataflow As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.Azure Security Center Private Preview: Export to Log Analytics
We’re working on a new feature that exports data, such alerts and recommendations, to Log Analytics. You can try it out by joining our private preview here: https://aka.ms/ASC-LA. Space is limited. We can’t guarantee that all applicants will be able to join the private preview.
