Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management


Leave a comment

#Microsoft Azure Sentinel (Preview) Overview #Azure #Sentinel #Security #Analytics #SIEM

 

Microsoft Azure Sentinel

Microsoft Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

  • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
  • Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

In the following step-by-step guide you get a global overview of Azure Sentinel :

Search for Azure Sentinel in the Azure Portal.

Click on Create

Connect or add your Workspace.

Click on Add Azure Sentinel

Azure Sentinel is added to your workspace.

Azure Sentinel Overview

Security Analytics

Learn here more with Microsoft Azure Monitor analytics queries

Here you can play with Azure Log Analytics 😉

Here you can collect all your Security Cases

Azure Sentinel Build-In Dashboard Solutions

Azure AD Audit Logs

 

Linux Machines Security

When you have your Azure Sentinel Solutions in place with alerting rules and telemetry and analytics is coming to your workspace, Hunting is the next Threat management tool :

Azure sentinel Hunting

Working with Tags and Collaborate with Teammates

Launch Investigations and Bookmark

Working with Azure Notebooks for Azure Sentinel

Welcome to the Azure Sentinel repository! This repository contains out of the box detections, exploration queries, hunting queries, dashboards and playbooks to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats. You can also submit any issues or feature requests as you onboard to Azure Sentinel. For questions and feedback, please contact AzureSentinel@microsoft.com

Azure Sentinel Notebooks on GitHub

 

Get started from here to Configure your Azure Sentinel Environment

Choose your Data Collections for Azure Sentinel Security

Lot of Choice already Build-in for you.

From here you can make your own Azure Sentinel Analytics Alert Rules.

Alert Rules

Create Alert rules with the right mappings, triggers, and scheduling, response automation.

Add your own playbooks for your Security

Unlock the power of AI for security with Machine Learning

Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.

Building your Full Screen Dashboard for Monitoring

More information about Azure Sentinel Intelligent Security :

Start here free with Azure Sentinel Preview

Microsoft azure Sentinel Docs

Microsoft Azure Sentinel on GitHub

Join Microsoft Azure Monitor & Security for Hybrid IT Community

 


Leave a comment

Optimize Security and Compliancy with #Azure Security Center #ASC #Cloud #GDPR

Microsoft Azure Security Center

When you have your Hybrid Cloud Enterprise Design ready in a Microsoft HUB-Spoke model and your Security in place, you can do your optimize on your Azure workloads and keep up-to-date for your compliancy. Microsoft Azure Security Center can support you in Security and Compliancy (GDPR). Here you see my former blogposts about Microsoft Azure HUB-Spoke model architecture and Security by design :

  1. Microsoft Azure Hub-Spoke model by Enterprise Design 1 of 4
  2. Microsoft Azure Policy and BluePrints Overview (Extra Blogpost)
  3. Microsoft Azure Hub-Spoke model by Enterprise Design 2 of 4 “Lift and Shift”
  4. Microsoft Azure Hub-Spoke model by Enterprise Design 3 of 4 Data Migration
  5. Managing and Working with Azure Network Security Groups (NSG) 

Security in software is always on the move and changing in this world, when you think you are ready something has changed already. That’s why I love Microsoft Azure Security Center to keep you posted and giving you advise on Security but also on Compliancy.

From here you see a high-level overview of these new possibilities in Microsoft Azure Security Center :

Security Center Overview

Microsoft Azure Security Center is working with the following navigation menu’s on the left :

  • General
  • Policy & Compliance
  • Resource Security Hygiene
  • Advanced Cloud Defense
  • Threat Protection
  • Automation & Orchestration

Microsoft Azure Secure Score Dashboard

Microsoft Azure Security Center is working with Overall Secure Score. In my Test LAB we have some work to do 😉
The Azure secure score reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities so you can prioritize investigation. Secure score is a tool that helps you assess your workload security posture.
Improve your secure score in Azure Security Center

Azure Security Center Recommendations

Microsoft Azure Security Center gives you advise to make your Security Score higher and you can improve immediately.

Open Subnet without NSG.

From here you can Enable a Network Security Group (NSG) on the Subnet and make your network more secure.

Creating NSG from Azure Security Center.

A subnet with NSG.

Azure Security Center Advise on Disk Encryption

  1. Description on Applying Disk Encryption on your Virtual Machines
  2. General Information, with Impact and Implementation Cost.
  3. Threats, what can happen when you don’t implement the security.
  4. Remediation Steps from Microsoft Azure Security Center
    Like this : Managing security recommendations in Azure Security Center

Security Center – Regulatory Compliance

I really like this feature in Azure Security Policy & Compliancy to help the business with GDPR and keep your Data Save by Security.

PCI DSS 3.2

ISO 27001

So now you can work on your Security and Compliance

SOC TSP

Here you find more information about Microsoft Azure Security Center

Microsoft Azure Security Center Playbooks

Integrate security solutions in Azure Security Center

 

Conclusion :

Security is a on-going process 24 hours -365 days to monitor, analyze, and prevent security issues. Working on Compliancy for your Business and making your own Security policies is important. Microsoft Azure Security Center can support you in this journey. When you Optimize your Azure workloads or make new solutions in Azure, keep it secure with Microsoft Azure Security Center.


Leave a comment

BlueHat v18 Hardening #Hyperv through offensive security research #Security #Bluehatv18 #Bluehat

BlueHat v18 || Hardening Hyper-V through offensive security research

From Microsoft Security Response Center (MSRC) :

“Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Singular machine learning models can be “gamed” leading to unexpected outcomes.”

In this talk, they compare the difficulty of tampering with cloud-based models and client-based models. Then discuss how they develop stacked ensemble models to make machine learning defenses less susceptible to tampering and significantly improve overall protection for customers. They talk about the diversity of base ML models and technical details on how they are optimized to handle different threat scenarios. Lastly, they describe suspected tampering activity they have witnessed using protection telemetry from over half a billion computers, and whether mitigation worked.

BlueHat v18 Content Now Available


Leave a comment

#Microsoft Azure #Security Center Standard for Hybrid Security #Azure #Cloud #SIEM


Azure Security Center Standard includes:

Hybrid security – Get a unified view of security across all of your on-premises and cloud workloads. Apply security policies and continuously assess the security of your hybrid cloud workloads to ensure compliance with security standards. Collect, search, and analyze security data from a variety of sources, including firewalls and other partner solutions.
Advanced threat detection – Use advanced analytics and the Microsoft Intelligent Security Graph to get an edge over evolving cyber-attacks. Leverage built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity. Streamline investigation with interactive tools and contextual threat intelligence.
Access and application controls – Block malware and other unwanted applications by applying whitelisting recommendations adapted to your specific workloads and powered by machine learning. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs, drastically reducing exposure to brute force and other network attacks.

To add On-premises Servers

When your workspace is added :

  1. + Add Computers
  2. Download the right agent for Windows or Linux
  3. When you installed the agent you need the workspace ID and the key to finish the connection.
  4. When your Server doesn’t have a Internet connection you can work with the OMS Gateway.

Connect computers without Internet access using the OMS Gateway

Here you see the 3 machines from On-Premises in Azure Security Center

Security Recommendations

Apply Azure Disk Encryption for example.

Azure Security Center Recommendations

Azure Security Center Overview
I have something to do in my Test LAB 😉

Here you find more Technical docs for Microsoft Azure Security Center 

Microsoft Intelligent Security Graph for Providers

Hope this information about Microsoft Intelligent Azure Security Center will help your Business to stay Secure.


Leave a comment

#Microsoft Azure Security Center Overview #Cloud #Security #HybridCloud #Azure

Microsoft Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

You can select an existing Log Analytics workspace to store data collected by Security Center. To use your existing Log Analytics workspace:
• The workspace must be associated with your selected Azure subscription.
• At a minimum, you must have read permissions to access the workspace.

You can edit the default security policy for each of your Azure subscriptions in Security Center. To modify a security policy, you must be an owner, contributor, or security administrator of the subscription. To configure security policies in Security Center, do the following:
1. Sign in to the Azure portal.
2. On the Security Center dashboard, under General, select Security policy.
3. Select the subscription that you want to enable a security policy for.
4. In the Policy Components section, select Security policy.
This is the default policy that’s assigned by Security Center. You can turn on or off the available security recommendations.
5. When you finish editing, select Save.

Here you find more on Set security policies in Azure Security Center

Some policies need the upgrade Enhanced Security

Contact information for Notifications

Azure Security Center provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and in other clouds. It delivers visibility and control over hybrid cloud workloads, active defenses that reduce your exposure to threats, and intelligent detection to help you keep pace with rapidly evolving cyber attacks.
Pricing tiers
Security Center is offered in two tiers:
The Free tier is automatically enabled on all Azure subscriptions, and provides security policy, continuous security assessment, and actionable security recommendations to help you protect your Azure resources.
The Standard tier extends the capabilities of the Free tier to workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. The Standard tier also adds advanced threat detection capabilities, which uses built-in behavioral analytics and machine learning to identify attacks and zero-day exploits, access and application controls to reduce exposure to network attacks and malware, and more. The Standard tier is free for the first 60 days. Read here more…….

What are OS Security Configurations?
Azure Security Center monitors security configurations using a set of over 150 recommended rules for hardening the OS, including rules related to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, a security recommendation is generated.
Customization of the rules can help organizations to control which configuration options are more appropriate for their environment. This feature enables users to set a customized assessment policy and apply it on all applicable machines in the subscription.

Note
• Currently OS Security Configuration customization is available for Windows Server 2008, 2008R2, 2012, 2012R2 operating systems only.
• The configuration applies to all VMs and computers connected to all workspaces under the selected subscription.
• OS Security Configuration customization is available only on Security Center’s Standard tier.

Download the Baseline configuration JSON file

You can make a Custom Baseline with Visual Studio Code and Upload to Azure

Microsoft Azure Security Center QuickStart :

Configure Security Policy

Managing security recommendations in Azure Security Center

Security health monitoring in Azure Security Center

Managing and responding to security alerts in Azure Security Center

Documentation :

Microsoft Azure Security Center Documentation 

Microsoft Azure Security Center Forum

Planning guide
This guide covers a set of steps and tasks that you can follow to optimize your use of Security Center based on your organization’s security requirements and cloud management model. To take full advantage of Security Center, it is important to understand how different individuals or teams in your organization use the service to meet secure development and operations, monitoring, governance, and incident response needs. The key areas to consider when planning to use Security Center are:

Security Roles and Access Controls
Security Policies and Recommendations
Data Collection and Storage
Ongoing non-Azure resources
Ongoing Security Monitoring
Incident Response

Here you will learn how to plan for each one of those areas and apply those recommendations based on your requirements.

All Events view in Azure Security Center

Upgrade to standard Tier for Hybrid Security

Search with analytics

Queries can be used to search terms, identify trends, analyze patterns, and provide many other insights based on your data.

Have a look and play with Azure Log Analytics.

Getting Started with the Analytics Portal

in this tutorial you will learn to write Azure Log Analytics queries. When completing this tutorial you will know how to:

  • Understand queries’ structure
  • Sort query results
  • Filter query results
  • Specify a time range
  • Select which fields to include in the results
  • Define and use custom fields
  • Aggregate and group results

Getting Started with Queries

Azure Security Center gives you Recommendations

For example to Encrypt your Virtual Machines in Azure with a Link

Integrated Azure security solutions
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:

Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.

More on Integrated Azure Security Solutions

Compute Security Overview

Compute Security and Components view

Networking Security Overview

Storage & Data Security Overview

Identity and Access Overview in Azure Security Center

Application Whitelisting

Just in time virtual machine (VM) access can be used to lock down inbound traffic to your Azure VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.

Attack scenario
Brute force attacks commonly target management ports as a means to gain access to a VM. If successful, an attacker can take control over the VM and establish a foothold into your environment.

One way to reduce exposure to a brute force attack is to limit the amount of time that a port is open. Management ports do not need to be open at all times. They only need to be open while you are connected to the VM, for example to perform management or maintenance tasks. When just in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports so they cannot be targeted by attackers.

More on Just in Time Virtual Machine

Security Alerts

Azure Security Center’s advanced detection capabilities, helps you identify active threats targeting your Microsoft Azure resources and provides you with the insights needed to respond quickly

More on Azure Security Center detection capabilities

Custom Alert Rules

What are custom alert rules in Security Center?

Security Center has a set of predefined security alerts, which are triggered when a threat, or suspicious activity takes place. In some scenarios, you may want to create a custom alert to address specific needs of your environment.

Custom alert rules in Security Center allow you to define new security alerts based on data that is already collected from your environment. You can create queries, and the result of these queries can be used as criteria for the custom rule, and once this criteria is matched, the rule is executed. You can use computers security events, partner’s security solution logs or data ingested using APIs to create your custom queries.

More information about Custom Alert Rules in Azure Security Center

Threat Intelligence

Azure Security Center Playbooks

What is security playbook in Security Center?
Security playbook is a collection of procedures that can be executed from Security Center once a certain playbook is triggered from selected alert. Security playbook can help to automate and orchestrate your response to a specific security alert detected by Security Center. Security Playbooks in Security Center are based on Azure Logic Apps, which means you can use the templates that are provided under the security category in Logic Apps templates, you can modify them based on your needs, or you can create new playbooks using Azure Logic Apps workflow, and using Security Center as your trigger.

More on Azure Security Center Playbook

Hope this Microsoft Azure Security Center Overview will help to make your Hybrid IT more Secure !


Leave a comment

Getting Started with Microsoft #Azure Cloud #Security Center


Microsoft Azure Security

With Microsoft Azure Cloud Services you can make a lot of  resources using for your Business. Think about Storage, Compute, Databases, Networks and
applications. Microsoft Azure Security is there to keep your resources and data as save as possible against cybercrime.

Microsoft Azure Compliance offerings

Learn how to use Azure Security Center to get visibility into and control over the security of your Azure resources

Here you see an example of what Azure Security can do for you in the Cloud :

Overview of Azure Security with Advice for better Protection against Cybercrime.

Here you see Storage and Azure SQL Database need attention !

Azure SQL Database in Security Center

You can act right away by enabling Auditing & Threat Detection

For prevention you can enable Security data collection on the Virtual Machines.

It’s really easy to start with Microsoft Azure Security Center with the Quick Starts :

You can Read the Azure Security Center planning and operations guide here


Microsoft Azure Security Center gives recommendations on your resources in your Azure subscription

It’s a on-going process to keep your security under control and monitoring the alerts for preventing against Cybercrime or leaking data.

Here you find more resources on Microsoft Azure Security :

Microsoft Technical Azure Security Docs

Microsoft Azure Security Blog

Microsoft Azure Security and Compliance Blog on MSDN

Microsoft Security in Operations Management Suit

Microsoft Technical OMS Security Docs

Who to follow on Social media for Azure Security :

@tshinder

@yuridiogenes

Keep your Cloud resources save with Azure Security !