SlideShare una empresa de Scribd logo

Tour to Azure Security Center

Lalit Rawat
Lalit Rawat

We have discussed about azure security center and it's features.We have discussed on best practices about azure security and Security center feature.

Tecnología
1 de 24
Descargar para leer sin conexión
Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
Cloud security is a shared responsibility
Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
Securing Azure Environments
One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
Demo Security Center Overview
Policy & compliance
Policy & Compliance
Policy & Compliance
Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
Demo Compliance & Policy
Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
What is a custom alert?
Custom alert example
Creating Custom Security Alerts Lets See Demo
Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template
Our Supporters #askgab19#gabblr19 Use the HASHTAG

Recomendados

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 

Recomendados

Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
Lalit Rawat
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
Karl Ots
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021
Matt Soseman
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
Lorenzo Barbieri
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
Alert Logic
 
Azure security basics
Azure security basicsAzure security basics
Azure security basics
Stas Lebedenko
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
Allen Brokken
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
Bruno Capuano
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
Alert Logic
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Azure security
Azure securityAzure security
Azure security
Lalit Rawat
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
Karl Ots
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
Aidan Finn
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
Vishwas Manral
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
Himani Singh
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
Zabeel Institute
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
Cheah Eng Soon
 
Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
Abdul Khan
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
Moshe Ferber
 

Más contenido relacionado

La actualidad más candente

Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 

La actualidad más candente (20)

Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 
Best Practices in Cloud Security
Best Practices in Cloud SecurityBest Practices in Cloud Security
Best Practices in Cloud Security
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Azure security
Azure securityAzure security
Azure security
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018Azure security architecture / FAUG JKL 15.2.2018
Azure security architecture / FAUG JKL 15.2.2018
 
Trust No-One Architecture For Services And Data
Trust No-One Architecture For Services And DataTrust No-One Architecture For Services And Data
Trust No-One Architecture For Services And Data
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
CSA SV Threat detection and prediction
CSA SV Threat detection and predictionCSA SV Threat detection and prediction
CSA SV Threat detection and prediction
 
Securing virtual workload and cloud
Securing virtual workload and cloudSecuring virtual workload and cloud
Securing virtual workload and cloud
 
What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security What is Microsoft Azure Security?-Microsoft Azure security
What is Microsoft Azure Security?-Microsoft Azure security
 
Azure Penetration Testing
Azure Penetration TestingAzure Penetration Testing
Azure Penetration Testing
 

Similar a Tour to Azure Security Center

AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
Amazon Web Services
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdf
Zen Bit Tech
 

Similar a Tour to Azure Security Center (20)

Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azure
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa ToromanO365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
O365Con18 - Red Team vs Blue Team - Sasha Kranjac & Mustafa Toroman
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Microservices using .Net core
Microservices using .Net coreMicroservices using .Net core
Microservices using .Net core
 
Azure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDKAzure Community Tour 2019 - AZUGDK
Azure Community Tour 2019 - AZUGDK
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Cloud Security.pptx
Cloud Security.pptxCloud Security.pptx
Cloud Security.pptx
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend Micro
 
Service for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdfService for Storing Secrets on Microsoft Azure.pdf
Service for Storing Secrets on Microsoft Azure.pdf
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Building a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data CenterBuilding a Secure and Compliant Azure Virtual Data Center
Building a Secure and Compliant Azure Virtual Data Center
 
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft AzureArchitectNow - Designing Cloud-Native apps in Microsoft Azure
ArchitectNow - Designing Cloud-Native apps in Microsoft Azure
 
A tale of two clouds
A tale of two cloudsA tale of two clouds
A tale of two clouds
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Tour to Azure Security Center

  • 1. Let’s Secure Your Modern Workplace: A Tour to Azure Security Center. By-Lalit Rawat / Mitul Rana
  • 2. Who We Are … .. . Lalit Rawat DXC Technology Azure Master of the Month Azure Architect / MCT/ Blogger /Azure Talk Community Moderator Mitul Rana Trelleborg AB Platform Specialist / Speaker / Blogger Community Speaker Community Leader
  • 3. Cloud momentum continues to accelerate ..... .... ... .. . 1KPMG: 2014 Cloud Survey Report, Elevating business in the cloud, December 10, 2014 2IDC: IDC Market Spotlight, Cloud Definitions and Opportunity, April 2015 “The question is no longer: ‘How do I move to the cloud?’ Instead, it’s ‘Now that I’m in the cloud, how do I make sure I’ve optimized my investment and risk exposure?”1 “By 2020 clouds will stop being referred to as ‘public’ and ‘private’. It will simply be the way business is done and IT is provisioned.”²
  • 4. But cloud security concerns persist Management is increasingly distributed Cloud environments are more dynamic Attackers continue to innovate
  • 5. Cloud security is a shared responsibility
  • 6. Responsibility zones Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System Physical hosts Physical network Physical datacenter PaaSIaaS SaaS On- prem Always retained by customer Varies by service type Transfers to Microsoft
  • 8. One place to rule it all Azure Security Center Microsoft cloud workload protection platform to address the unique security requirements of Azure workloads and data center architectures that span on-premises and public cloud environments.
  • 9. Securing Compute workloads Data governance & rights management Client endpoints Account access & management Identity & directory infrastructure Application Network controls Virtual Operating System IaaS DATP for Servers, EPP, Updates, config checks, JIT VM access, AAC NSG active & configured, WAF & NGFW, Network map, !SSL usage >>Not covered by Security Center<< Identity recommendations, integration with AAD Identity protection MFA and Access hygiene recommendations Not in scope for Security Center (use WDATP) File Integrity Monitoring, Data classification, Encrypted @ rest
  • 10. Network Security • Virtual Network Service Endpoints • DDoS Protection • Network Security Groups • NSG Service Tags • NSG Application Security Groups • NSG Augmented Rules • Global Virtual Network Peering • Azure DNS Private Zones • Site-to-Site VPN • Point-to-Site VPN • ExpressRoute • Azure Virtual Networks • Virtual Network Appliances • Azure Load Balancer • Azure Load Balancer HA Ports • Azure Application Gateway • Azure Firewall • Azure Web Application Firewalls • Service Endpoints Monitoring and Logging • Azure Log Analytics • Azure Monitor • Network Watcher • VS AppCenter Mobile Analytics Compliance Program • Microsoft Trust Center • Service Trust Platform • Compliance Manager • Azure IP Advantage (legal) Identity and Access Management • Azure Active Directory • Azure Active Directory B2C • Azure Active Directory Domain Services • Azure Active Directory MFA • Conditional Access • Azure Active Directory Identity Protection • Azure Active Directory Privileged Identity Management • Azure Active Directory App Proxy • Azure Active Directory Connect • Azure RBAC • Azure Active Directory Access Reviews • Azure Active Directory Managed Service Identity Security Docs Site • Azure Security Information Site on Azure.com DDoS Mitigation • Azure DDoS Protection • Azure Traffic Manager • Autoscaling • Azure CDN • Azure Load Balancers • Fabric level edge protection Infrastructure Security • Comes with Azure Data Centers • Azure Advanced Threat Protection • Confidential Computing Pen Testing • Per AUP • Per TOS • No contact required Data Loss Prevention • Cloud App Discovery • Azure Information Protection Encryption • Azure Key Vault • Azure client-side encryption library • Azure Storage Service Encryption • Azure Disk Encryption • SQL Transparent Data Encryption • SQL Always Encrypted • SQL Cell/Column Level Encryption • Azure CosmosDB encrypt by default • Azure Data Lake encrypt by default • VPN protocol encryption (ssl/ipsec) • SMB 3.0 wire encryption Configuration and Management • Azure Security Center • Azure Resource Manager • ARM Management Groups • Azure Policy • Azure Blueprints • Azure Automation • Azure Advisor • Azure API Gateway Azure Security Services and Capabilities
  • 15. Azure Security Policy 1. Browse Policy Definitions 2. Create Initiative Definitions 3. Scope the Initiative Definition 4. View Policy evaluation results
  • 17. Adaptive application controls Application control helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your VMs and Computers.
  • 18. File Integrity monitoring File Integrity Monitoring (FIM), also known as change monitoring, validates files and registries integrity of operating system, application software, and others for changes that might indicate an attack.
  • 19. What is a custom alert?
  • 22. Azure Trust Center ▪ Compliance Manger ▪ Audits Reports ▪ Privacy ▪ Transparency ▪ GDPR Compliance ▪ Compliance Offering Trust Center
  • 23. Resources Resource Link Comment Securing Azure reference http://aka.ms/myasis Definitive reference guide Azure security best practices https://azure.microsoft.com/resources/se curity-best-practices-for-azure- solutions/ In-depth guidance for securing specific Azure workloads Creating compliant workloads https://servicetrust.microsoft.com/ViewP age/BlueprintOverview FedRAMP, NIST SP800, FFIEC, and more Getting started with Security Center https://docs.microsoft.com/en- us/azure/security-center/security-center- get-started Security playbook ASCPlaybooks Simulate & hunt threats, WAF playbooks & more Azure templates for attack simulation https://ASCPlaybooksSQLi https://ASCPlaybooksVAttack https://ASCPlaybooksXSS https://ASCPlaybooksDDos SQL injection, Virus, cross-site scripting, and DDoS playbooks Credit: Avyan consulting Security Center and Powershell samples https://github.com/tianderturpijn/ASC Common operations and ARM template