Security management capabilities of Azure

  3 minute read  

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/

Cloud security posture management

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/2-describe-cloud-security-posture-management

  • CPSM

  • Improves cloud security managment

  • Assesses systems and automatically alerts when a vulnerability is found

  • CSPM uses tools such as

    • Zero trust access control
      • considers the active threat during access control decisions
    • Real-time risk scoring
      • Visibility into top risks
    • Threat and vulnerability management (TVM)
      • Holistic view of the organization attack surface
      • Integrated into operations and engineering decision-making
    • Discover sharing risks
      • Understand data exposure of intellectual property on sanctioned and un-sanctioned clouds
    • Threat modeling systems and architecture
      • Used alongside other specific applications

  • Main goal is to continuously report on and improve the security posture

Microsoft Defender for cloud

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/3-describe-defender-cloud

  • Previously known as Azure Defender
  • Tool for Cloud Security Posture Management (CSPM) and Cloud Worklod Protection (CWP)
  • Defends workloads in Azure, hybrid and other cloud platforms
  • Three vital offerings
    • Continuously assess
      • Know your CSPM, identify and track vulnerabilities
    • Secure
      • Harden all connected resources and services
    • Defend
      • Detect and resolve threats

CSPM

  • Provides
    • Visibility
    • Hardening guidance

Secure score and hardening recommendations

  • Central feature is the secure score
  • An aggregation of all the resources and subscriptions
  • The higher the score the lower the identified risk
  • Includes recommendations based on misconfigurations and weaknesses

Network map

  • A topology map from a resource/network perspective
  • Enables you to identify network bases risks more easily

CWP

  • Provides
    • Detect threats
    • Resolve threats

Defender plans

  • Plans are specific to the workload type
  • Plan can be enabled separately
  • Plans are:
    • Servers
      • Windows and Linux VM
    • App Service
      • App service
    • Storage
      • Azure storage account
    • SQL
      • Databases
    • Kubernetes
      • Environment hardening, workload protection and run-time protection
    • Container registries
      • ARM based registries
    • key vault
      • Azure Key Vault
    • Resource Manager
      • Resource management operations
    • DNS
      • Azure DNS
    • Open-Source relational protections
      • Open-source relational database

Secure score in Microsoft Defender for Cloud

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/4-describe-explore-azure-secure-score

An aggregation of all the resources and subscriptions

  • The higher the score the lower the identified risk

How is secure score calculated?

  • Every control has a maximum score value
  • To achieve a full score every recommendation in each control must be fulfilled

Example

A control called ‘Apply system updates’ has a maximum score of 6. If there are 50 resources then you divide the maximum score of 6 by the total number of resources which is 50 and get 0.12 points per resource

Max score - 0.12 x 50 total resources = 6 - Shows the maximum score if all resources were healthy

  • Current score
    • 0.12 x 42 healthy resources = 5.04
    • Shows that out of a total of 6 we have scored 5.04 with healthy resources
  • Potential increase
    • 0.12 x 8 unhealthy resources = 0.96
    • Shows the difference between the total score of 6 minus the healthy resources score of 5.04

Improve your score

  • Remediate recommendations

Enhanced security of Microsoft Defender for Cloud

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/5-describe-enhanced-security-defender-cloud

Microsoft Defender is offered in two modes

  • Without enhanced features
    • Free
    • Enabled on all subscriptions
    • Provides the secure score and related features
  • With enhanced features
    • At cost
    • Extends Defender to workloads on-premises and in other clouds

Enhanced feature list

  • Microsoft Defender for Endpoint
    • Servers
  • Vulnerability scanning
    • VMs
    • Container registries
  • Multi-cloud
    • AWS
    • GCP
  • Hybrid-security
    • On-premises
    • Cloud
  • Threat protection alerts
    • Monitor networks
    • VMs
    • Cloud services
  • Track compliance based on standards
    • Analyze risk factors
    • Based on Azure Security Benchmark
    • Includes other industry standards and benchmarks
  • Access and application controls
    • Block malware
    • Machine learning powered recommendations adapted to your specific workloads
    • Create allowlists and blocklists
    • JIT
    • Controlled access to management ports on Azure VMs
    • Reduces exposure to brute force and other network attacks

Security baselines for Azure

https://docs.microsoft.com/en-us/learn/modules/describe-security-management-capabilities-of-azure/6-baselines-for-azure

  • Best practices for establishing security baselines in Azure
  • Collaboration between Microsoft and CIS (Center for Internet Security)
  • Helps provide security for most common-use cases

The Azure security benchmark (ASB)

  • Categorized by the control to which they belong
  • Cloud-centric control areas
  • Includes
    • Network security
    • Identity
    • Access control
    • Data protection
    • Data recovery
    • Incident response
Last modified July 21, 2024: update (e2ae86c)