Latest Posts

Azure Security Center / Microsoft Defender for Cloud


Azure Security Center / Microsoft Defender for Cloud

  • Azure security center and Azure defender is now called Microsoft Defender for Cloud.
  • This is like a portal within the Azure portal.
  • Defender for Cloud is a tool for security position management and threat protection.
  • It protects and strengthens the security positions of your cloud resources.
  • Defender for Cloud protects workloads running in Azure, hybrid, and other cloud platforms.
  • Defender for Cloud provides the tools that, track your security situation, protect against cyber-attacks, and streamline security management.
  • Defender for cloud provides
    • Continuous Assessment:
      • It gives you a Secure Score which will tell you the current security situation of your Azure Cloud Resources.
      • The higher the score, the lower the risk level.
    • Security Recommendations:
      • You are given some recommendations according to the priority.
      • It also gives you the steps to fix those issues.
      • For so many issues/recommendations, the azure cloud gives you a “Fix” button to automatically fix the issue.
    • Security Alerts:
      • When advanced security is enabled, Defender for Cloud detects threats to your resources and workloads.
      • These threats appear in the Azure Portal and Defender for cloud Portal.
      • Alerts can also be sent to individual people in the organization via email.
    • Policy and Compliance Matrix:
      • Policy and compliance are monitored by Azure, and the result is shown in the Security portal.
    • Integration with other cloud service providers:
      • You can get security information from other cloud providers, such as AWS and Google Cloud Platform, directly into Azure Security Center using security information and event management or SIEM tool.
      • This provides a single point for any multi-cloud security information.

How to effectively use Defender for Cloud?

You generally follow a 3-step process.

  • Define Policies:
    • First, you need to define security policies that Azure can use to monitor your infrastructure.
    • A security policy is a set of rules that Azure can use to evaluate if your configuration of a service is valid.
    • Security Center comes with some predefined policies, but you will need to set up your own, too.
  • Protect Resources:
    • Second, you must actively protect your resources.
    • While Security Center limits your exposure to threats, you still must actively monitor the policies and outcomes.
  • Response:
    • And then third, if, or rather when, because it will likely happen, a security incident occurs, you must respond to it.
    • Security alerts will be raised by Security Center, and you will have to triage them.
    • You can then investigate any of the alerts and adjust your Azure implementation accordingly.
    • After all, what's the point of a security center if you don't pay attention to the alerts it raises?

Regulatory Compliance

  • Azure Security Center helps streamline the process for meeting regulatory compliance requirements using the regulatory compliance dashboard.
  • Azure Security Center keeps track of your regulatory compliance when it comes to cloud computing, which means then you don't have to.
  • This also includes any policies you set up to manage the Azure subscription.
  • Each part of Azure is assessed for you and in relation to the regulatory standards.

Resource Security Hygiene

  • Hygiene, in this case, refers to how your resources are configured in relation to security best practices.
  • For example, if you don't have disk encryption enabled on your virtual machine, this will be considered high risk, and your hygiene becomes quite stinky.
  • The Azure Security Center will then recommend fixes such as encrypting the disk to improve your hygiene.

We value your Feedback:

Page URL:

Name:

 

Email:

 
 

Suggestion:

 

Microsoft Defender for Cloud
© 2024 Code SharePoint