Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protect Azure IaaS deployments using Azure Security Center

Published byLewis Curtis Modified over 6 years ago

Similar presentations

Presentation on theme: "Protect Azure IaaS deployments using Azure Security Center"— Presentation transcript:

1 Protect Azure IaaS deployments using Azure Security Center
7/16/2018 1:57 PM BRK2396 Protect Azure IaaS deployments using Azure Security Center Sarah Fender Principal Program Manager Adwait Joshi (AJ) Sr. Product Marketing Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Cloud security is a shared responsibility
7/16/2018 1:57 PM Cloud security is a shared responsibility MICROSOFT’S COMMITMENT SHARED RESPONSIBILITY Securing and managing the cloud foundation Securing and managing your cloud resources Virtual machines, networks & services Physical assets Datacenter operations Applications Cloud infrastructure Data VARIES ACROSS IAAS, PAAS, SAAS © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Protecting IaaS workloads includes virtual machines and more
Azure VM protections are the focus, but the scope is increasing Workloads contain VMs and servers, but also the supporting networks and services Cloud is being used to describe modern workloads wherever they reside

4 7/16/2018 1:57 PM Workload Protection Strategies Anti-malware Effective IaaS workload protection strategies target unique requirements of modern, hybrid cloud Intrusion Prevention/EDR Data Encryption Application Control/Whitelisting Compliance Baseline Monitoring Network Segmentation/Protection Hardening, configuration & vulnerability management Access control, Log management 4 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Key challenges for protecting IaaS workloads
7/16/2018 1:57 PM Key challenges for protecting IaaS workloads VISBILITY & CONTROL Management complexity Rapidly evolving threats © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 How Microsoft helps protect IaaS workloads
Customer Managed INTEGRATED PARTNER PROTECTIONS Azure Security Center Identity & Access Information Protection Threat Protection Security Management BUILT-IN CONTROLS SECURE FOUNDATION Physical Security Infrastructure Security Operational Security Microsoft Managed

7 10 ways Azure Security Center helps protect IaaS deployments
7/16/2018 1:57 PM 10 ways Azure Security Center helps protect IaaS deployments © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Monitor security state of cloud resources
7/16/2018 1:57 PM 1 Monitor security state of cloud resources Built-in Azure, no setup required Automatically discover and monitor security of Azure resources Gain insights for hybrid resources Easily onboard resources running in other clouds and on-premises © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Ensure secure VM configurations
7/16/2018 1:57 PM 2 Ensure secure VM configurations Harden Virtual Machines System update status Antimalware protection OS and web server config Fix vulnerabilities quickly Prioritized, actionable security recommendations © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Encrypt disks and data 3 Use Network Security Groups
7/16/2018 1:57 PM 3 Encrypt disks and data Use Network Security Groups Apply NSG rules to con Storage Azure SQL Database © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Control network traffic
7/16/2018 1:57 PM 4 Control network traffic Use Network Security Groups Apply NSG rules for inbound and outbound traffic Add Built-In and Partner Firewalls Protect web applications with web application firewalls Deploy Next Generation firewalls © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 7/16/2018 1:57 PM 5 Collect security data Analyze and search security logs from many sources Connected security solutions running in Azure, eg firewalls and antimalware solutions Azure Active Directory Information Protection and Advanced Threat Analytics Any security solution that support Common Event Format (CEF) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Pop Quiz: What is the most common attack targeting IaaS VMs?

16 Brute force attacks commonly target open management ports
RDP SSH 100,00 attacks/month On average Azure VMs are the subject to 100,000 brute force attacks targeting management ports, most commonly RDP and SSH ports Easy access Access to VMs requires only local admin credentials, which are easier targets for brute attacks than more carefully managed domain accounts Always open While access to management ports is only required sporadically, these ports are often left open for convenience or by accident

17 Limit exposure to brute force attacks
7/16/2018 1:57 PM 6 Limit exposure to brute force attacks Lock down management ports on virtual machines Enable just-in-time access to virtual machines Access automatically granted for limited time © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Malware is rampant and rapidly evolving
BUILT ON CLOUD LOG ANALYTICS PLATFORM Always evolving Malware is constantly changing - you can no longer rely on antimalware software to detect and remove malicious code from running on your machines Hard to block Application controls can be very effective at blocking malware and unwanted applications, but management of whitelists can be labor-intensive and error prone

19 Block malware and unwanted applications
7/16/2018 1:57 PM 7 Block malware and unwanted applications Allow safe applications only Adaptive whitelisting learns application patterns Simplified management with recommended whitelists © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Use advanced analytics to detect threats quickly
7/16/2018 1:57 PM 8 Use advanced analytics to detect threats quickly Get prioritized security alerts Details about detected threats and recommendations Detect threats across the kill chain Alerts that conform to kill chain patterns are fused into a single incident © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Use advanced analytics to detect threats quickly
7/16/2018 1:57 PM Use advanced analytics to detect threats quickly © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Anatomy of real attack-detected by Security Center
PORT SCANNING ACTIVITY DETECTED BRUTE FORCE ACTIVITY DETECTED SUSPICIOUS PROCESS EXECUTED ON VM DNS DATA EXFILTRATION ACTIVITY DETECTED KILL CHAIN INCIDENT GENERATED Command & Control Reconnaissance Weaponization Data Breach Installation Incident response Attacker port scans to look for potential victims Attacker launches a brute force attack on targets and breaches exposed interfaces Attacker installs custom malware on the VM Malware contacts its command and control and sends the data over the DNS protocol The VM owner receives the information and shuts down the VM Attacker compiles a list of targets with open interfaces Attacker injects blind SQL commands into the Virtual Machine (VM) Malware activates and scans the VM for confidential information and data Security incident is generated, information is compiled and sent to the VM owner

24 Quickly assess the scope and impact of attack
7/16/2018 1:57 PM 9 Quickly assess the scope and impact of attack Simplify security operations and investigations Interactive experience to explore links across alerts, computers and users Use predefined or ad hoc queries for deeper examination © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Automate threat response
7/16/2018 1:57 PM 10 Automate threat response Automate and orchestrate common security workflows Create playbooks with integration of Azure Logic Apps Trigger workflows from any alert to enable conditional actions © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 7/16/2018 1:57 PM Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 7/16/2018 1:57 PM Azure Security Center helps unify security management and protects hybrid cloud workloads Gain visibility and control Prevent threats with adaptive controls Enable intelligent detection and response Centrally manage security across all of your IaaS deployment Harden OS, VNet, storage, and SQL configurations and apply preventive controls Monitor VM events and network traffic to identify threats and react quickly © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 7/16/2018 1:57 PM Take actions today Use Security Center for Azure resources Start trial for ASC standard to get advanced threat protection Onboard on-premises and other cloud workloads To learn more, visit azure.microsoft.com/en-us/services/security-center/ © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Related Sessions Tuesday
7/16/2018 1:57 PM Related Sessions Tuesday BRK3201- Simplify hybrid cloud protection with Azure Security Center Wednesday BRK3139-Respond quickly to threats with next generation security operations and investigation BRK3212- Cloud attacks illustrated-How unique insights from Microsoft help you defend against cloud attacks Thursday BRK2210-Everything you need to know about Microsoft Azure security BRK3210-Defense against the dark (cloud) arts: Azure security deep dive © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Please evaluate this session
Tech Ready 15 7/16/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 7/16/2018 1:57 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Protect Azure IaaS deployments using Azure Security Center"

Similar presentations

Laura E. Hunter Principal Program Manager October 2016

Laura E. Hunter Principal Program Manager October 2016
Hybrid Management and Security

Hybrid Management and Security
Successfully migrate existing databases to Azure SQL Database

Successfully migrate existing databases to Azure SQL Database
Deploy and get started with Microsoft Advanced Threat Analytics

Deploy and get started with Microsoft Advanced Threat Analytics
Enterprise Security in Practice

Enterprise Security in Practice
“Introduction to Azure Security Center”

“Introduction to Azure Security Center”
From IT Pros to IT Heroes - with Azure DevTest Labs

From IT Pros to IT Heroes - with Azure DevTest Labs
5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.

5/21/2018 9:40 PM BRK3021 Learn about modern infrastructure roles in RDS: Next generation Windows desktop & app virtualization Clark Nicholson - Principal.
Creating Enterprise Grade BI Models with Azure Analysis Services

Creating Enterprise Grade BI Models with Azure Analysis Services
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
How To Deliver Apps Faster And Secure Them The Microsoft Way

How To Deliver Apps Faster And Secure Them The Microsoft Way
Hybrid Management and Security

Hybrid Management and Security
Microsoft Operations Management Suite Insight and Analytics

Microsoft Operations Management Suite Insight and Analytics
Simplifying Hybrid Cloud Protection with Azure Security Center

Simplifying Hybrid Cloud Protection with Azure Security Center
Azure Information Protection Strategy and Roadmap

Azure Information Protection Strategy and Roadmap
Configure and Manage Your Hybrid Cloud Environment at Scale

Configure and Manage Your Hybrid Cloud Environment at Scale
6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Rottem @AmitaiTechie Senior Program Manager,

6/10/2018 5:07 PM THR2218 Deploying Windows Defender AV and more with Intune and Configuration Manager Amitai Senior Program Manager,
THR3052 Tips and tricks: Build, deploy, and manage web apps powered by containers Ahmed Elnably Program Manager II @ Microsoft @elnably ahmed.elnably@microsoft.com.

THR3052 Tips and tricks: Build, deploy, and manage web apps powered by containers Ahmed Elnably Program Manager
SaaS Application Deep Dive

SaaS Application Deep Dive
Use Azure Security Center to prevent, detect, and respond to threats

Use Azure Security Center to prevent, detect, and respond to threats

Similar presentations

Ads by Google