Azure Security Center

• Monitoring service that provides threat protection across all services
  • both in Azure, and on-premises.
• Gives security recommendations based on your configurations, resources, and networks.
  • Part of https://www.cisecurity.org/cis-benchmarks/
• Automatic security assessments through continuous monitoring to identify potential vulnerabilities before they can be exploited.
• Just-in-time access control for ports through Azure Defender
• Analyzes & identifies identify potential inbound attacks
  • then helps to investigate threats and any post-breach activity that might have occurred.
• Control apps
  • Only the apps you validate are allowed to execute.
  • Uses machine learning to detect and block malware from being installed on services
• Helps with compliance through continous assesments & recommendations.

Tiers

Free

• Available as part of any Azure subscription
• Limited to assessments and recommendations of Azure resources only.

Azure Defender

• Formerly known as Azure security center standard edition
• Provides a full suite of security-related services including
  • continuous monitoring
  • threat detection
  • just-in-time access control for ports
• $15 per node per month, 30-day free trial available
• ❗ To upgrade to the Standard tier, you must be assigned the role of Subscription Owner, Subscription Contributor, or Security Admin.

Use-cases

Incident response

• 💡Have an incident response plan in place before an attack occurs.

Incident response stages

• You can use Security Center during the detect, assess, and diagnose stages.

Detect

• Review the first indication of an event investigation.
• E.g. you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised.

Assess

• Perform the initial assessment to obtain more information about the suspicious activity.
• E.g. obtain more information about the security alert.

Diagnose

• Conduct a technical investigation and identify containment, mitigation, and workaround strategies.
• E.g., follow the remediation steps described by Security Center in that particular security alert.

Recommendations to enhance security

Security policy

• Set of controls that are recommended for resources within that specified subscription or resource group
• You can reduce the chances of a significant security event by configuring a security policy

Recommendations

• Based on security policies for potential vulnerabilities.
• Guide you through the process of configuring the needed security controls.
• E.g. if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required.