Protect Azure IaaS deployments using Azure Security Center

Slides:

Advertisements

Similar presentations

Laura E. Hunter Principal Program Manager October 2016

Advertisements

Hybrid Management and Security

Successfully migrate existing databases to Azure SQL Database

Deploy and get started with Microsoft Advanced Threat Analytics

Enterprise Security in Practice

“Introduction to Azure Security Center”

From IT Pros to IT Heroes - with Azure DevTest Labs

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

Creating Enterprise Grade BI Models with Azure Analysis Services

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

How To Deliver Apps Faster And Secure Them The Microsoft Way

Hybrid Management and Security

Microsoft Operations Management Suite Insight and Analytics

Simplifying Hybrid Cloud Protection with Azure Security Center

Azure Information Protection Strategy and Roadmap

Configure and Manage Your Hybrid Cloud Environment at Scale

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,

THR3052 Tips and tricks: Build, deploy, and manage web apps powered by containers Ahmed Elnably Program Manager

SaaS Application Deep Dive

Use Azure Security Center to prevent, detect, and respond to threats

Azure Cloud Shell Magic of Modern Command-line Management

Developing Hybrid Apps on Microsoft Azure Stack

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

Lessons learned from moving to Microsoft Azure

Optimizing Microsoft OneDrive for the enterprise

Microsoft Azure P wer Lunch

The power of common identity across any cloud

Virtual Machine Diagnostics in Microsoft Azure

Protect sensitive information with Office 365 DLP

Building an effective ATA solution

Microsoft Ignite /31/ :08 AM

8/6/ :17 AM THR2214 Hybrid Cloud Activated A customer case study optimizing on-premises & Azure performance and cost Mor Cohen-Tal Senior Product.

Understanding Windows Analytics Update Compliance

Excel and Power BI Better Together Democratization of data

Workflow Orchestration with Adobe I/O

The utility belt for managing security and compliance in Office 365

Find, try and get line-of-business apps on Microsoft AppSource

Automated Response with Windows Defender ATP

Best Practices for Securing Hybrid Clouds

9/12/2018 7:18 AM THR1081 Don’t be the first victim of new malware Turn Windows Defender AV Cloud Protection on! Amitai Senior Program.

Azure Security in four steps

Automate all things! Microsoft Azure continuous deployment

Understanding best practices in classifying sensitive data

9/18/ :06 AM BRK2212 Gain visibility into Network performance and availability with Network monitoring solutions in Azure Vijay Tinnanur Abhishek.

Prevent Costly Data Leaks from Microsoft Office 365

Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy

Laura A. Robinson July 10, June 30, /15/2018 4:19 PM

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Ed oms team OMS: Log Analytics Ed oms team.

11/22/2018 1:43 PM THR3005 How to provide business insight from your data using Azure Analysis Services Peter Myers Bitwise Solutions © Microsoft Corporation.

Mobile Center and VSTS: Better together for your Mobile DevOps

12/5/2018 2:50 AM How to secure your front door with real-time risk assessments of your logons Jan Ketil Skanke COO and Principal Cloud Architect CloudWay.

Microsoft Virtual Academy

Introduction to ASP.NET Core 1.0

12/10/ :45 AM BRK3087 Azure SQL Database: The world's first intelligent cloud database service Ron Matchoro & Veljko Vasic : SQL Product Team Frans.

1/2/2019 5:18 PM THR3016 Customer stories: Plan and orchestrate large resource deployments on Azure infrastructure Igal Figlin Principal PM Manager – Azure.

What’s new in the Fall Creators Update for Windows Defender ATP

Overview: Dynamics 365 for Project Service Automation

2/24/2019 7:49 PM BRK2198 Four new Azure management experiences to run your business critical applications Dushyant Gill | Jan Kalis.

Understand your Azure cloud assets dependencies with BMC Discovery

Surviving identity management in a hybrid world

When Bad Things Happen to Good Applications

Getting the most out of Azure resources with Azure Advisor

“Hey Mom, I’ll Fix Your Computer”

4/21/2019 7:09 AM THR2098 Unlock New Opportunities with Nintex Hawkeye Process Intelligence and Workflow Analytics Sr. Product.

Ask the Experts: Windows 10 deployment and servicing

Passwordless Service Accounts

Diagnostics and troubleshooting in Azure App Service Support Center

Optimizing your content for search and discovery

Microsoft Data Insights Summit

Presentation transcript:

Protect Azure IaaS deployments using Azure Security Center 7/16/2018 1:57 PM BRK2396 Protect Azure IaaS deployments using Azure Security Center Sarah Fender Principal Program Manager Adwait Joshi (AJ) Sr. Product Marketing Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cloud security is a shared responsibility 7/16/2018 1:57 PM Cloud security is a shared responsibility MICROSOFT’S COMMITMENT SHARED RESPONSIBILITY Securing and managing the cloud foundation Securing and managing your cloud resources Virtual machines, networks & services Physical assets Datacenter operations Applications Cloud infrastructure Data VARIES ACROSS IAAS, PAAS, SAAS © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Protecting IaaS workloads includes virtual machines and more Azure VM protections are the focus, but the scope is increasing Workloads contain VMs and servers, but also the supporting networks and services Cloud is being used to describe modern workloads wherever they reside

7/16/2018 1:57 PM Workload Protection Strategies Anti-malware Effective IaaS workload protection strategies target unique requirements of modern, hybrid cloud Intrusion Prevention/EDR Data Encryption Application Control/Whitelisting Compliance Baseline Monitoring Network Segmentation/Protection Hardening, configuration & vulnerability management Access control, Log management 4 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Key challenges for protecting IaaS workloads 7/16/2018 1:57 PM Key challenges for protecting IaaS workloads VISBILITY & CONTROL Management complexity Rapidly evolving threats © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How Microsoft helps protect IaaS workloads Customer Managed INTEGRATED PARTNER PROTECTIONS Azure Security Center Identity & Access Information Protection Threat Protection Security Management BUILT-IN CONTROLS SECURE FOUNDATION Physical Security Infrastructure Security Operational Security Microsoft Managed

10 ways Azure Security Center helps protect IaaS deployments 7/16/2018 1:57 PM 10 ways Azure Security Center helps protect IaaS deployments © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Monitor security state of cloud resources 7/16/2018 1:57 PM 1 Monitor security state of cloud resources Built-in Azure, no setup required Automatically discover and monitor security of Azure resources Gain insights for hybrid resources Easily onboard resources running in other clouds and on-premises © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Ensure secure VM configurations 7/16/2018 1:57 PM 2 Ensure secure VM configurations Harden Virtual Machines System update status Antimalware protection OS and web server config Fix vulnerabilities quickly Prioritized, actionable security recommendations © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Encrypt disks and data 3 Use Network Security Groups 7/16/2018 1:57 PM 3 Encrypt disks and data Use Network Security Groups Apply NSG rules to con Storage Azure SQL Database © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Control network traffic 7/16/2018 1:57 PM 4 Control network traffic Use Network Security Groups Apply NSG rules for inbound and outbound traffic Add Built-In and Partner Firewalls Protect web applications with web application firewalls Deploy Next Generation firewalls © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM 5 Collect security data Analyze and search security logs from many sources Connected security solutions running in Azure, eg firewalls and antimalware solutions Azure Active Directory Information Protection and Advanced Threat Analytics Any security solution that support Common Event Format (CEF) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Pop Quiz: What is the most common attack targeting IaaS VMs?

Brute force attacks commonly target open management ports RDP SSH 100,00 attacks/month On average Azure VMs are the subject to 100,000 brute force attacks targeting management ports, most commonly RDP and SSH ports Easy access Access to VMs requires only local admin credentials, which are easier targets for brute attacks than more carefully managed domain accounts Always open While access to management ports is only required sporadically, these ports are often left open for convenience or by accident

Limit exposure to brute force attacks 7/16/2018 1:57 PM 6 Limit exposure to brute force attacks Lock down management ports on virtual machines Enable just-in-time access to virtual machines Access automatically granted for limited time © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Malware is rampant and rapidly evolving BUILT ON CLOUD LOG ANALYTICS PLATFORM Always evolving Malware is constantly changing - you can no longer rely on antimalware software to detect and remove malicious code from running on your machines Hard to block Application controls can be very effective at blocking malware and unwanted applications, but management of whitelists can be labor-intensive and error prone

Block malware and unwanted applications 7/16/2018 1:57 PM 7 Block malware and unwanted applications Allow safe applications only Adaptive whitelisting learns application patterns Simplified management with recommended whitelists © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Use advanced analytics to detect threats quickly 7/16/2018 1:57 PM 8 Use advanced analytics to detect threats quickly Get prioritized security alerts Details about detected threats and recommendations Detect threats across the kill chain Alerts that conform to kill chain patterns are fused into a single incident © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Use advanced analytics to detect threats quickly 7/16/2018 1:57 PM Use advanced analytics to detect threats quickly © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Anatomy of real attack-detected by Security Center PORT SCANNING ACTIVITY DETECTED BRUTE FORCE ACTIVITY DETECTED SUSPICIOUS PROCESS EXECUTED ON VM DNS DATA EXFILTRATION ACTIVITY DETECTED KILL CHAIN INCIDENT GENERATED Command & Control Reconnaissance Weaponization Data Breach Installation Incident response Attacker port scans to look for potential victims Attacker launches a brute force attack on targets and breaches exposed interfaces Attacker installs custom malware on the VM Malware contacts its command and control and sends the data over the DNS protocol The VM owner receives the information and shuts down the VM Attacker compiles a list of targets with open interfaces Attacker injects blind SQL commands into the Virtual Machine (VM) Malware activates and scans the VM for confidential information and data Security incident is generated, information is compiled and sent to the VM owner

Quickly assess the scope and impact of attack 7/16/2018 1:57 PM 9 Quickly assess the scope and impact of attack Simplify security operations and investigations Interactive experience to explore links across alerts, computers and users Use predefined or ad hoc queries for deeper examination © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Automate threat response 7/16/2018 1:57 PM 10 Automate threat response Automate and orchestrate common security workflows Create playbooks with integration of Azure Logic Apps Trigger workflows from any alert to enable conditional actions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Azure Security Center helps unify security management and protects hybrid cloud workloads Gain visibility and control Prevent threats with adaptive controls Enable intelligent detection and response Centrally manage security across all of your IaaS deployment Harden OS, VNet, storage, and SQL configurations and apply preventive controls Monitor VM events and network traffic to identify threats and react quickly © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM Take actions today Use Security Center for Azure resources Start trial for ASC standard to get advanced threat protection Onboard on-premises and other cloud workloads To learn more, visit azure.microsoft.com/en-us/services/security-center/ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Related Sessions Tuesday 7/16/2018 1:57 PM Related Sessions Tuesday BRK3201- Simplify hybrid cloud protection with Azure Security Center Wednesday BRK3139-Respond quickly to threats with next generation security operations and investigation BRK3212- Cloud attacks illustrated-How unique insights from Microsoft help you defend against cloud attacks Thursday BRK2210-Everything you need to know about Microsoft Azure security BRK3210-Defense against the dark (cloud) arts: Azure security deep dive © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 7/16/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7/16/2018 1:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.