Microsoft Azure Security Center, 2nd Edition

Book description

NOW FULLY UPDATED: high-value Azure Security Center insights, tips, and operational solutions


Reflecting updates through mid-2019, this book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder help you apply Azure Security Center's robust protection, detection, and response capabilities in key operational scenarios. You'll walk through securing any Azure workload, and optimizing key facets of modern security, from policies and identity to incident response and risk management. Brand-new coverage includes single-click remediation, IoT, improved container security, Azure Sentinel, and more. Whatever your security role, you'll learn how to save hours, days, or even weeks by solving problems in the most efficient and reliable ways possible.


Two of Microsoft's leading cloud security experts show how to:


  • Implement a comprehensive new security paradigm designed specifically for cloud and hybrid environments
  • Gain visibility and control to secure all key workloads
  • Incorporate Azure Security Center into your security operations center, and integrate Azure AD Identity Protection Center and third-party solutions
  • Adapt Azure Security Center's built-in policies and definitions for your organization
  • Perform security assessments, and implement Azure Security Center recommendations fast with single-click remediation
  • Use incident response features to detect, investigate, and address threats
  • Create high-fidelity fusion alerts to focus attention on your most urgent security issues
  • Implement application whitelisting and just-in-time VM access
  • Assess IoT device security with the Azure IoT Hub managed service
  • Monitor user behavior and access, and investigate compromised or misused credentials
  • Integrate Microsoft's new Azure Sentinel Security Information and Event Management (SIEM) platform
  • Customize and perform operating system security baseline assessments

 About This Book


  • For cloud architects, designers, implementers, operations professionals, and security specialists working in Microsoft Azure cloud or hybrid environments
  • For all IT professionals and decision-makers concerned with the security of Azure environments

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Acknowledgments
  5. About the Authors
  6. Foreword
  7. Introduction
  8. Chapter 1 The threat landscape
    1. Understanding cybercrime
    2. Understanding the cyber kill chain
    3. Cloud threats and security
    4. Azure Security
  9. Chapter 2 Introduction to Azure Security Center
    1. Deployment scenarios
    2. Understanding Azure Security Center
    3. Planning adoption
    4. Onboarding resources
  10. Chapter 3 Policy Management
    1. Integration with Azure Policy
    2. Fine-tuning security policies
  11. Chapter 4 Strengthen your security posture
    1. Secure Score
    2. Compute and apps recommendations
    3. Networking recommendations
    4. Data and storage
    5. Identity and access
    6. App services
    7. Containers
    8. Virtual machine scale sets
  12. Chapter 5 Advanced cloud defense
    1. Just-in-Time Virtual Machine Access
    2. File integrity monitoring
    3. Application whitelisting (adaptive application controls)
  13. Chapter 6 Threat detection
    1. Methods of threat detection
    2. Understanding alerts
    3. Detection scenarios
    4. The cyber kill chain and fusion alerts
    5. Automating response with playbooks
  14. Chapter 7 Protect your IoT Solution with Azure Security Center
    1. Understanding Security Center for IoT solution
    2. Configuring Security Center for IoT
    3. Monitoring alerts
    4. Investigating a suspicious activity
  15. Chapter 8 SIEM integration
    1. Streaming logs to a SIEM solution
    2. Azure Sentinel
    3. Integration with Azure Sentinel
    4. Integration with Splunk
  16. Chapter 9 Integration with other Microsoft Solutions
    1. Increasing threat detection scope
    2. Integration with Windows Server Defender ATP
    3. Integration with Microsoft Cloud App Security
    4. Integration SQL ATP
    5. Integration with ATP for Azure Storage
  17. Chapter 10 Accessing security alerts from API
    1. Understanding REST API
    2. Accessing alerts using Security Center REST API
    3. Accessing alerts using the Security Graph API
    4. Using the Security Graph API
  18. Appendix A Managing Security Center at scale
    1. The importance of management at scale
    2. The three cornerstones
  19. Index
  20. Code Snippets

Product information

  • Title: Microsoft Azure Security Center, 2nd Edition
  • Author(s): Tom Shinder, Yuri Diogenes
  • Release date: September 2019
  • Publisher(s): Microsoft Press
  • ISBN: 9780135752050