SlideShare une entreprise Scribd logo

Tour to Azure Security Center

Lalit Rawat
Lalit Rawat

We have discussed about azure security center and it's features.We have discussed on best practices about azure security and Security center feature.

Technologie
1  sur  24
Télécharger pour lire hors ligne
Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
Cloud security is a shared responsibility
Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
Securing Azure Environments
One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
Demo Security Center Overview
Policy & compliance
Policy & Compliance
Policy & Compliance
Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
Demo Compliance & Policy
Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
What is a custom alert?
Custom alert example
Creating Custom Security Alerts Lets See Demo
Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template
Our Supporters #askgab19#gabblr19 Use the HASHTAG

Recommandé

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introductionLalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 

Recommandé

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introductionLalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterScott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
Azure security basics
Azure security basicsAzure security basics
Azure security basicsStas Lebedenko
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Azure security
Azure securityAzure security
Azure securityLalit Rawat
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftAlert Logic
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Karl Ots
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloudHimani Singh
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azureAbdul Khan
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 

Contenu connexe

Tendances

Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewAllen Brokken
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud SecurityAlert Logic
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftAlert Logic
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Karl Ots
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataAidan Finn
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and predictionVishwas Manral
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloudHimani Singh
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure securityZabeel Institute
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration TestingCheah Eng Soon
 

Tendances (20)

Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure security
Azure securityAzure security
Azure security
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 

Similaire à Tour to Azure Security Center

Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azureAbdul Khan
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanNCCOMMS
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net coregirish goudar
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKPeter Selch Dahl
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptxReena Harnal
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfZen Bit Tech
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud SecurityRightScale
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...itnewsafrica
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterPatrick Sklodowski
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureKevin Grossnicklaus
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two cloudsAndrew Siemer
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 

Similaire à Tour to Azure Security Center (20)

Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdf
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 

Dernier

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Dernier (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Tour to Azure Security Center

  • 1. Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
  • 2. Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
  • 3. Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
  • 4. But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
  • 5. Cloud security is a shared responsibility
  • 6. Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
  • 8. One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
  • 9. Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
  • 10. Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
  • 15. Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
  • 17. Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
  • 18. File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
  • 19. What is a custom alert?
  • 22. Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
  • 23. Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template