Azure Security Center
A monitoring service that provides threat protection/security recommendations across both Azure and on-prem DCs
- Detect and block malware
- Analyze and identify potential attacks
- Just-in-time access control for ports
Azure Security Center Capabilities
- Policy compliance - run policies across management groups, subs, or tenants
- Continuous assessments - assess new/deployed resources to ensure proper configuration
- Tailored recommendations - based on existing workloads w/ instructions on how to implement
- Threat protection - analyze attempted threats thru alerts/impacted resource reports
Azure Sentinel
A security information management (SIEM) and security automated response (SOAR) solution that provides security analytics and threat intelligence across an enterprise.
Azure Sentinel Connectors and Ingrations
- Office 365
- Azure Active Director
- Azure Advanced Threat Protection
- Microsoft Cloud App Security
Azure Key Vault
Stores application secrets in a centralized cloud location in order to securely control access permissions and access logging
Azure Key Vault Storage
- Secrets management.
- Key management.
- Certificate management.
- Storing secrets backed by hardware security modules (HSMs).
Azure Key Vault Integration
• Simplified administration of application secrets.
• Key Vault makes it easier to enroll and renew certificates from public certificate authorities
• Can also scale up/replicate content within regions and use standard certificate management tools.
• Can integrate Key Vault with storage accounts, container registries, event hubs, and many more Azure services,
which can then securely reference the secrets stored in Key Vault.
Azure Dedicated Host
Provides physical servers that host one or more Azure virtual machines that is dedicated to a single organization’s workload.
Benefits
• Hardware isolation at the server level
• Control over maintenance event timing
• Aligned with Azure Hybrid Use Benefits
Defense in Depth
- A layered approach to securing computer systems.
- Provides multiple levels of protection.
- Attacks against one layer are isolated from subsequent layers.
Physical security layer
The first line of defense to protect computing hardware in the datacenter
Identity and access layer
Controls access to infrastructure and change control. The identity and access layer is all about ensuring that identities are secure, access is granted only to what’s needed, and sign-in events and changes are logged.
Perimeter layer
- Uses DDoS protection to filter large-scale attacks before they can cause a denial of service for users.
- At the network perimeter, it’s about protecting from network-based attacks against your resources.
- Identifying attacks, eliminating impact, and alerting are important ways to keep your network secure.
Network layer
- Limits communication between resources through segmentation and access controls.
- At this layer, focus is on limiting the network connectivity across all your resources to allow only what’s required.
- By limiting this communication, you reduce the risk of an attack spreading to other systems in your network.
Compute layer
- Secures access to virtual machines.
- Malware, unpatched systems, and improperly secured systems open your environment to attacks.
- Focus is on ensuring your compute resources are secure and the proper controls are in place
Application layer
- Helps ensure applications are secure and free of security vulnerabilities.
- Helps reduce the number of vulnerabilities introduced in code.
- Every development team should ensure that its applications are secure by default.
Data layer
- Controls access to business and customer data that you need to protect.
- Those who store and control access to data are responsible for ensuring that it’s properly secured.
- Reg requirements dictate the controls and processes required to ensure CIA of the data.
Shared Security
- Migrating from customer controlled to cloud-based datacenters shifts the responsibility for security.
- Security becomes a shared concern between cloud providers and customers.
Network Security Groups
- Filter network traffic to and from Azure resources on Azure Virtual Networks.
- Set inbound and outbound rules to filter by source and destination IP address, port, and protocol.
- Add multiple rules, as needed, within subscription limits.
- Azure applies default, baseline security rules to new NSGs.
- Override default rules with new, higher priority rules.
Azure Firewall
• A stateful, managed Firewall as a Service (FaaS) that grants/denies server access based on originating IP address
to protect network resources.
• Applies inbound and outbound traffic filtering rules
• Built-in high availability
• Unrestricted cloud scalability
• Uses Azure Monitor logging
Azure Application Gateway
Provides a firewall, web app firewall, which provides centralized, inbound protection for web apps
Stateful Firewall
Analyzes the complete context of a network connection, not just an individual packet of network traffic. Azure Firewall features high availability and unrestricted cloud scalability.
Azure Firewall Benefits
• Azure Firewall provides a central location to create, enforce, and log application and network connectivity policies
across subscriptions and virtual networks.
• Uses a static (unchanging) public IP address for your virtual network resources, which enables outside firewalls to
identify traffic coming from your virtual network.
• The service is integrated with Azure Monitor to enable logging and analytics.
Azure DDoS Protection
- Sanitizes unwanted network traffic before it impacts service availability.
- Basic service tier is automatically enabled in Azure.
- Standard service tier adds mitigation capabilities that are tuned to protect Azure Virtual Network resources.
Defense in Depth Order
Physical Security Identity & Access Perimeter Network Compute Application Data
