ALL YOU NEED TO KNOW ABOUT SECURITY POSTURE MANAGEMENT WITH AZURE

1. CLOUD SECURITY IN A NUTSHELL

Cloud security is the protection of data, applications, and infrastructures in cloud computing. While many understand the advantages of the cloud against on-premises infrastructure, they feel also threatened by eventual security threats. Hence, in this article we discuss cloud security and cybersecurity challenge. Furthermore we give some actionable insights on how you can protect yourself.

In many aspects cloud security is not hugely different from the traditional IT security. They are both impacted by cybersecurity challenges. While some angles are different, in both contexts security is all about:

? knowing the current state of security,

? getting alerts immediately if anything unusual happens,

? and handling unexpected events.

According to Gartner, cloud is a convenient solution to address the top three priorities of companies in today’s IT environment: ? optimize IT costs, ? support and secure a remote workforce, ? and ensure resiliency In fact, recent Gartner survey data indicates that 70% of organizations using cloud services today plan to increase their cloud spending. As enterprises increase investments in mobility, collaboration, and other remote working technologies and infrastructure, Gartner expects growth in public cloud to be sustained through 2024.

More on the Gartner study: https://www.gartner.com/en/newsroom/press-releases/2020-11-17- gartner-forecasts-worldwide-public-cloud-end-user-spending-to-grow-18-percent-in-2021

2. CYBERSECURITY CHALLENGES

Working remotely is becoming more common these days. As a result, security becomes a crucial issue that poses a great challenge to businesses. Cybercrime, however, is constant. We’ve seen that cybercriminals continue — and sometimes escalate — their activity in times of rapid change. Defending against cybercriminals is a complex, ever evolving, and never-ending challenge.

? Rapidly changing workloads & insecure configurations – Rapidly changing workloads is both a strength and a challenge of the cloud. On the one hand, end users are empowered to do more. On the other, how do you make sure that the everchanging services people are using and creating are up to your security standards and follow security best practices? It’s critical to continuously monitor your workloads, tracking new ones and insecure configurations.

? Increasingly sophisticated attacks – At DexMach, we also witness increasingly sophisticated attacks wherever you run your workloads. You must secure your public cloud workloads, which are an Internet-facing workload that can leave you even more vulnerable if you don’t follow security best practices.

? Visibility into security and compliance – The number of security alerts far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. Having end-to-end visibility into your security and compliance, and staying up-to-date with the latest attacks is a constant challenge. It makes it impossible to stay in place while the world of security is an ever-changing front (1)

1 – https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction

3. ANSWERS TO THE CURRENT TRENDS

Modern security operations (SecOps) are focused on managing organizational risk from active attacks by rapidly detecting and remediating them. Without security controls in place, 68% of breaches take months or longer to discover.

As the threat landscape is becoming more complex with increasing sophistication of attacks and wider attack surfaces, security teams struggle to manage this environment with multiple solutions that are often not integrated.

We need an intelligent, automated, integrated security to close the gaps, providing visibility and proactive response across the organization.

Microsoft offers a unique approach that empowers security professionals with both theme and extended detection and response tools from a single vendor. Conclusively, the defenders get the best of both worlds, end-to-end visibility across all resources and intelligent alerts built with a deep understanding of individual resources and filtered with AI. And all this with transparent and competitive pricing where you pay only for the resources you use.

The main pillars of Microsoft’s approach are the Microsoft Defender, Azure Defender and Azure Security Center. While Azure Security Center and Azure Defender are for cloud security posture management, Microsoft Defender provides the endpoint protection. In this whitepaper we will elaborate mainly on Azure Defender.

4. HOW CAN YOU PROTECT YOURSELF - MEASURE YOUR SECURITY SCORE

Partner up with the experts in cloud security so that they can provide you with clear, actionable insights. Microsoft has been positioned as highest in the ability to execute endpoint protection and to provide an end-to-end view amongst all providers. DexMach, as an awarded Microsoft partner, has a customer obsessed approach, just as Microsoft. Mapping customers’ environment and ambition, and translating them into a clear roadmap is our strong suit. We believe in empowering our customers by providing control through powerful knowledge transfer, simplified cloud management and insights on their security state.

If you would like to discover your current security score, fill out the well-architected questionnaire:

Or you can directly opt for our 3 days’ workshop to map your security environment and test it in your environment:

To get you started, we would like to highlight some actionable learnings from Microsoft’s Digital Defense Report focusing on the cloud platform.

? Adopt a Zero Trust mindset

? Know your perimeter

? Adopt multifactor authentication, limit access with least privilege & go passwordless

? Modernize VPN architectures and keep patching apps and systems

? Manage configuration changes

? Implement a secure software development lifecycle

? Monitor cross-cloud security

? Limit access with least privilege

? Use tools that leverage machine learning to increase fidelity and reduce alert fatigue

? Manage the convergence of OT and IT

? Invest in user training (and keep training)

? Adopt a Zero Trust mindset

Read more on these and other actionable learnings here: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWxPuf

MICROSOFT AS A LEADER IN THE 2021 ENDPOINT PROTECTION PLATFORMS

Microsoft is developing its solutions in close cooperation with its most important stakeholders: its customers and partners. As a result, Microsoft delivers one of the best endpoint security solutions on the market today for all devices and platforms. Moreover, it has been recognized by Gartner as one of the leaders in the 2021 Endpoint Protection Platforms Magic Quadrant, positioned highest in the ability to execute.

Read more about this in detail: https://www.microsoft.com/security/blog/2021/05/11/gartnernames-microsoft-a-leader-in-the-2021-endpoint-protection-platforms-magic-quadrant

AZURE SECURITY CENTER REDUCES SECURITY COST AND DELIVERS ENHANCED ROI

Azure Security Center is a critical tool to secure our multi-cloud workloads in the new world of remote work. A Forrester Consulting study on the financial impact of Azure Security Center has just revealed some interesting results: ? delivers 219 percent return on investment (ROI) over three years ? delivers a payback of less than six months ? reduces the risk of a cloud security breach by up to 25 percent ? reduces time to threat mitigation by 50 percent ? reduces the cost of third-party security tools and services from consolidation by over $200,000 annually. You can read here about this study more in details: https://www.microsoft.com/security/blog/2021/02/18/forrester-consulting-tei-study-azure-security-center-delivers-219-percent-roi-over-3-years-and-a-payback-of-less-than-6-months/

AZURE DEFENDER FOR ADVANCED THREAT PROTECTION WITH SIMPLE SECURITY OVERVIEW

Azure Defender?protects Azure and hybrid environments and ensures your cloud infrastructure resources are protected from common threats such as brute-forcing virtual machines, or attacking storage or SQL injection, or even mitigating threats against containers, the key management service or IoT devices.???Azure Defender delivers protection for all these resources from directly within the Azure experience. Moreover, it extends protection to on-premises and multi-cloud virtual machines and SQL databases using Azure Arc. Customers already using Azure Security Center are already using Azure Defender capabilities.?

Its goal is to simplify the experience for defenders with a central operational dashboard. Then, with the help of this central dashboard, users can easily see which resources are protected and get alert status across all resources.?In addition, Microsoft has continued to enhance the threat protection capabilities with extended detection and response. Now available for SQL onpremises and enhancements to container threat protection. Azure Defender is also protecting non-Azure resources, doing so via the multi-cloud on-boarding in Azure Security Center and Azure Arc.?In Azure Defender you can choose amongst different plans, foe example, Azure Defender for App Service and Azure Defender for Kubernetes.

TEHCNICAL DEEP-DIVE: MICROSOFT DEFENDER, AZURE DEFENDER, AND AZURE SECURITY CENTER

EXTENDED DETECTION AND RESPONSE (XDR) TOOLS

A huge leap forward for security operations effectiveness and efficiency comes from the introduction of Extended Detection and Response (XDR) tools, a trend that started with endpoint detection and response (EDR) tools like defender for endpoint (formerly Defender ATP)). These XDR tools provide deep visibility into specific asset types and provide enhanced detection, response, and recovery capabilities, notably high-quality alerts that have low false positive rates. These high-quality alerts allow analysts and hunters to spend more time on mitigating real risk (the enjoyable part of the job) and less time chasing false positives and writing/maintaining queries. XDR tools like Microsoft 365 Defender and Azure Defender provide these efficiencies by focusing on individual asset types (endpoint operating systems, identity systems, cloud productivity applications, storage services, databases, etc.) and incorporating:

? Asset-specific data sources like endpoint in-memory scans and snippets of relevant network traffic on domain controllers

? Deep knowledge of asset-specific attacks (pass-the-*, endpoint AV evasion, etc.)

? Threat intelligence – Context derived from 8+ trillion signals per day

? Machine learning (ML) and behavioral analytics (UEBA) tuned specifically to those asset types and attacks

THE DIFFERENCE BETWEEN MICROSOFT’S THREE SECURITY PRODUCTS

Now let’s drill down into the difference between Microsoft’s three security products - Microsoft Defender, Azure Defender and Azure Security Center. As we mentioned already, Azure Security Center and Azure Defender are for cloud security posture management, and Microsoft Defender provides the endpoint protection. With Microsoft Defender, we have complimentary XDR capabilities that have a detailed understanding of the Microsoft 365 and Microsoft Azure, apply AI and automation at the resource level and filter out the most important alerts to surface in the SIEM. Azure Security Center provides the base layer of your security posture management, and Azure Defender provides advanced workload protection for selected resource types.

AZURE SECURITY CENTER

Azure Security Center monitors your security configuration and the health of your workloads, and provides recommendations to strengthen your security posture and your secure score. It will automatically discover and onboard Azure resources, including PaaS services in Azure (Service Fabric, SQL Database etc). And you can include non-Azure resources via the Log Analytics agent and Azure Arc. It includes a network map highlighting recommendations with high or medium severity. Azure Security Center comes free with all Azure subscriptions.

More on Azure Security Center: https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction

AZURE DEFENDER

Azure Defender on the other hand, is an extra layer of security that is not built-in the Azure descriptions. It provides additional security alerts and advanced threat detection, certain types of resources can also be monitored. Features include:

? Security alerts: detail the suspicious process executed, start time and MITRE ATT&CK tactic

? Vulnerability assessment: show if any vulnerabilities have been identified in the software running on your VM (including its operating system), highlighting the highest priorities, and the latest available patches.

? Just in time access - enables you to lock down standard inbound management ports (such as port 3389) and easily open them when requested by an appropriate user, to their connection only (or IP range), for a limited period of time.

? Adaptive application controls: provides an intelligent and automated allow list of known-safe applications for your VM. You’ll get security alerts if any other applications are run that are not on the allow list.

Source: https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-betweenazure-security-center-azure/ba-p/215518

Azure Defender, is a built-in tool that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Integrated with Security Center, Azure Defender protects your hybrid data, cloud native services and servers from threats; and integrates with your existing security workflows like your SIEM solution and Microsoft’s vast threat intelligence to streamline threat mitigation.

? Protect Azure services

? Protect hybrid workloads

? Streamline security with AI and automation

? Detect and block advanced malware and threats for Linux and Windows servers on any cloud

? Protect cloud-native services from threats

? Protect data services against malicious attacks

? Protect your managed and unmanaged IoT / OT devices with continuous asset discovery, vulnerability management and threat monitoring

When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment:

? Azure Defender for servers

? Azure Defender for App Service

? Azure Defender for Storage

? Azure Defender for SQL

? Azure Defender for Kubernetes

? Azure Defender for container registries

? Azure Defender for Key Vault

? Azure Defender for Resource Manager

? Azure Defender for DNS

? Azure Defender for open-source relational databases

If you ready to level up your security, do not hesitate to reach out to us. We were Microsoft partner of the year in 2020, finalist in 2021 and we are an Azure Expert MSP partner. Also, we earned numerous Microsoft Advanced Specializations, amongst others threat protection, and identity and access management. But besides the theory, we have quite some happy customers and years of field experience earned through those real-life projects.?

ACTION PLAN

1. Discover your current security score in 10 minutes with our free tool

2. Have a chat with our experts to discuss your possibilities

3. Map & test your security environment

?