Microsoft Defender for Cloud

Book description

The definitive practical guide to Microsoft Defender for Cloud Fully covers new components and multi-cloud enhancements!

Microsoft Defender for Cloud offers comprehensive tools for hardening resources, tracking security posture, protecting against attacks, and streamlining security management all in one natively integrated toolset. Now, leading Microsoft security experts Yuri Diogenes and Tom Janetscheck help you apply its robust protection, detection, and response capabilities throughout your operations, protecting workloads running on all your cloud, hybrid, and on-premises platforms.

This guide shows how to make the most of new components, enhancements, and deployment scenarios, as you address todays latest threat vectors. Sharing best practices, expert tips, and optimizations only available from Microsofts Defender for Cloud team, the authors walk through improving everything from policies and governance to incident response and risk management. Whatever your role or experience, theyll help you address new security challenges far more effectively -- and save hours, days, or even weeks.

Two of Microsofts leading cloud security experts show how to:

  • Assess new threat landscapes, the MITRE ATT&CK framework, and the implications of assume-breach

  • Explore Defender for Cloud architecture, use cases, and adoption considerations including multicloud with AWS and GCP

  • Plan for effective governance, successful onboarding, and maximum value

  • Fully visualize complex cloud estates and systematically reduce their attack surfaces

  • Prioritize risks with Secure Score, and leverage at-scale tools to build secure cloud-native apps

  • Establish consistent policy enforcement to avoid drift

  • Use advanced analytics and machine learning to identify attacks based on signals from all cloud workloads

  • Enhance security posture by integrating with the Microsoft Sentinel SIEM/SOAR, Microsoft Purview, and Microsoft Defender for Endpoint

  • Leverage just-in-time VM access and other enhanced security capabilities

About This Book

  • For architects, designers, implementers, SecOps professionals, developers, and security specialists working in Microsoft Azure environments

  • For all IT professionals and decision-makers concerned with securing modern hybrid/multicloud environments, cloud-native apps, and PaaS services

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Pearson’s Commitment to Diversity, Equity, and Inclusion
  5. Contents at a Glance
  6. Contents
  7. Acknowledgments
  8. About the authors
  9. Foreword
  10. Introduction
    1. Who is this book for?
    2. System requirements
    3. Errata, updates & book support
    4. Stay in touch
  11. Chapter 1 The threat landscape
    1. The state of cybercrime
    2. Understanding the cyberkill chain
    3. Cloud threats and security
  12. Chapter 2 Planning Microsoft Defender for Cloud adoption
    1. Deployment scenarios
    2. Understanding Defender for Cloud
    3. Planning adoption
  13. Chapter 3 Onboarding Microsoft Defender for Cloud
    1. Planning your Azure environment for Defender for Cloud
    2. Onboarding VMs from an Azure subscription
    3. Understanding auto-provisioning
    4. Connecting to Amazon Web Services (AWS)
    5. Onboard AWS VMs
    6. How to onboard subscriptions at scale
  14. Chapter 4 Policy management
    1. Introduction to Azure Policy
    2. Understanding Azure Security Benchmark
    3. Fine-tuning policies in Defender for Cloud
    4. Creating custom policies in Microsoft Defender for Cloud
    5. Policy enforcement and governance
    6. Policy deployment and best practices
    7. Regulatory standards and compliance
    8. Creating custom assessments for AWS and GCP
  15. Chapter 5 Strengthening your security posture
    1. Driving security posture improvement using Secure Score
    2. Using APIs and Continuous Export to create reports
    3. Remediating recommendations
    4. Using workflow automation to remediate security recommendations
    5. Security governance and contextual security
  16. Chapter 6 Threat detection
    1. Methods of threat protection
    2. Understanding alerts
    3. Defender for Servers
    4. Defender for App Service
    5. Defender for Storage
    6. Defender for SQL
    7. Defender for Cosmos DB
    8. Defender for Open-Source Relational Databases
    9. Defender for Key Vault
    10. Defender for Resource Manager
    11. Defender for DNS
    12. The cyberkill chain and fusion alerts
    13. Threat intelligence in Defender for Cloud
    14. Responding to alerts
  17. Chapter 7 Better together
    1. Defender for Cloud and Microsoft Sentinel
    2. Defender for Cloud and Microsoft Purview
    3. Defender for Cloud and Microsoft Defender for Endpoint
  18. Chapter 8 Enhanced security capabilities
    1. Just-in-time virtual machine access
    2. File integrity monitoring
    3. Adaptive Application Control
  19. Chapter 9 Accessing Defender for Cloud from APIs
    1. Understanding REST API
    2. Accessing alerts using the Defender for Cloud REST API
    3. Accessing alerts using the Graph Security API
  20. Chapter 10 Deploying Microsoft Defender for Cloud at scale
    1. The three cornerstones of deployment at scale
    2. Best practices for managing Defender for Cloud at scale
    3. How to get started with ARM templates
  21. Appendix Microsoft Defender for DevOps
    1. Shift left
    2. Understanding Defender for DevOps
    3. Connect your source code management system to Defender for Cloud
  22. Index
  23. Code Snippets

Product information

  • Title: Microsoft Defender for Cloud
  • Author(s): Yuri Diogenes, Tom Janetscheck
  • Release date: October 2022
  • Publisher(s): Microsoft Press
  • ISBN: 9780137878468