Microsoft Azure Security Center, 3rd Edition

Book description

The definitive practical guide to Azure Security Center, 50%+ rewritten for new features, capabilities, and threats

Extensively revised for updates through spring 2021 this guide will help you safeguard cloud and hybrid environments at scale. Two Azure Security Center insiders help you apply Microsofts powerful new components and capabilities to improve protection, detection, and response in key operational scenarios. Youll learn how to secure any workload, respond to new threat vectors, and address issues ranging from policies to risk management.

This edition contains new coverage of all Azure Defender plans for cloud workload protection, security posture management with Secure Score, advanced automation, multi-cloud support, integration with Azure Sentinel, APIs, and more. Throughout, youll find expert insights, tips, tricks, and optimizations straight from Microsofts ASC team. Theyll help you solve cloud security problems far more effectivelyand save hours, days, or even weeks.

Two of Microsofts leading cloud security experts show how to:

Understand todays threat landscape, cloud weaponization, cyber kill chains, and the need to assume breach

Integrate Azure Security Center to centralize and improve cloud security, even if you use multiple cloud providers

Leverage major Azure Policy improvements to deploy, remediate, and protect at scale

Use Secure Score to prioritize actions for hardening each workload

Enable Azure Defender plans for different workloads, including Storage, KeyVault, App Service, Kubernetes and more

Monitor IoT solutions, detect threats, and investigate suspicious activities on IoT devices

Reduce attack surfaces via just-in-time VM access, file integrity monitoring, and other techniques

Route Azure Defender alerts to Azure Sentinel or a third-party SIEM for correlation and action

Access alerts via HTTP, using ASCs REST API and the Microsoft Graph Security API

Reliably deploy resources at scale, using JSON-based ARM templates

About This Book

For architects, designers, implementers, operations professionals, developers, and security specialists working in Microsoft Azure cloud or hybrid environments

For all IT professionals and decisionmakers concerned with the security of Azure environments

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Contents at a Glance
  5. Contents
  6. Acknowledgments
  7. About the authors
  8. Foreword
  9. Introduction
    1. Who is this book for?
    2. System requirements
    3. Download the code files
    4. Errata, updates & book support
    5. Stay in touch
  10. Chapter 1. The threat landscape
    1. Understanding cybercrime
    2. Understanding the cyber kill chain
    3. Cloud threats and security
    4. Azure Security
  11. Chapter 2. Introduction to Azure Security Center
    1. Deployment scenarios
    2. Understanding Security Center
    3. Planning adoption
    4. Onboarding resources
    5. Inventory
  12. Chapter 3. Policy management
    1. Introduction to Azure Policy
    2. Security Center policies
    3. Creating custom policies in Azure Security Center
    4. Policy enforcement and governance
    5. Policy deployment and best practices
    6. Regulatory standards and compliance
  13. Chapter 4. Strengthening your security posture
    1. Driving security posture improvement using Secure Score
    2. Create Secure Score automations with APIs and continuous export
    3. Addressing recommendations
    4. Using workflow automation to remediate security recommendations
  14. Chapter 5. Azure Defender
    1. Introduction to Azure Defender
    2. Methods of threat detection
    3. Understanding alerts
    4. Azure Defender for Servers
    5. Azure Defender for Containers
    6. Azure Defender for App Service
    7. Azure Defender for Storage
    8. Azure Defender for SQL
    9. Azure Defender for Key Vault
    10. Azure Defender for Azure Resource Manager (ARM)
    11. Azure Defender for DNS
    12. The cyber kill chain and fusion alerts
  15. Chapter 6. Azure Defender for IoT
    1. Understanding Azure Defender for IoT
    2. Configuring Azure Defender for IoT
    3. Azure Defender for IoT and CyberX
  16. Chapter 7. Reducing the attack surface
    1. Just-in-time virtual machine access
    2. File integrity monitoring
    3. Adaptive Application Control
  17. Chapter 8. SIEM integration
    1. Streaming logs to a SIEM solution
    2. Azure Sentinel
    3. Integration with Azure Sentinel
    4. Integration with other SIEM
  18. Chapter 9. Accessing security alerts from API
    1. Understanding REST API
    2. Accessing alerts using the Security Center REST API
    3. Accessing alerts using the Graph Security API
  19. Chapter 10. Deploying Azure Security Center at scale
    1. The importance of management at scale
    2. The three cornerstones
    3. Best practices for managing Security Center at scale
    4. How to get started with ARM templates
  20. Index
  21. Code Snippets

Product information

  • Title: Microsoft Azure Security Center, 3rd Edition
  • Author(s): Yuri Diogenes, Tom Janetscheck
  • Release date: May 2021
  • Publisher(s): Microsoft Press
  • ISBN: 9780137343461