BRK2122

Use Azure Security Center to prevent,

detect, and respond to threats
Sarah Fender
Principal Program Manager
 “Through 2020, 95 percent of
cloud security failures will be the
customer's fault” – Gartner

Sourc:e Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond,
October 2015, http://www.gartner.com/newsroom/id/3143718
A TRUSTED CLOUD THAT EMPOWERS
PLATFORM CUSTOMERS
Encryption
Security
Secure Networking
Privacy and Control
Identity & Access
Transparency
Partner Solutions
Compliance
Azure Security Center
Cloud security challenges
$
$ $

$
$
$
$ $ $
$
$
$
$ $

Management is Cloud environments are A new approach

increasingly distributed more dynamic is required
Distributed security responsibilities

Ellen Responsible for all aspects of security for the company

Jeff CISO/CIO
Cloud Workload
Owner

Manages a cloud workload

David Judy
and its related resources Sam
(often in a DevOps role) IT Security Security Ops
Security Analyst

Sets company security Monitors and responds to Investigates attacks

policies and ensures security alerts 24/7
compliance
Azure Security Center helps unlock cloud
opportunities

Gain visibility and Enable security at cloud Keep up with cyber

control speed threats
Hardening Cloud Workloads to
Prevent a Breach
Identify and remediate vulnerabilities

Configurable
Security Policy

Built-In and Continuous

Partner Monitoring
Security Solutions

Actionable
Recommendations
Demo: Prevent a Breach

Jeff David
Cloud Workload IT Security
Owner
Sets company security
Manages a cloud workload
policies and ensures
and its related resources
compliance
(often in a DevOps role)
Detecting Threats Early and
Remediating Quickly
Detect known and unknown threats

Threat intelligence Behavioral analytics Anomaly detection

Looks for known malicious actors Looks for known patterns and Uses statistical profiling to build
using Microsoft global threat malicious behaviors historical baselines
intelligence Alerts on deviations that conform
to a potential attack vector

Partners Fusion
Integrates alerts from partner Combines events and alerts from across
solutions, like firewalls and the kill chain to map the attack timeline
antimalware
Detect threats throughout the kill chain

Target and attack Install and exploit Post breach

Inbound brute force RDP, SSH, and
SQL attacks
Application and DDoS attacks
Intrusion detection
Known malware signatures
In-memory malware and exploit
attempts
Suspicious process execution
Lateral movement
Internal reconnaissance
Communication to a known malicious
IP address
Using compromised resources to
mount additional attacks
Ongoing research and innovation

Security
Research

New
Security detection
insights algorithm

Validation
and
tuning
Demo: Detect & Respond

Judy
Sam
Security Ops
Security Analyst

Monitors and responds to Investigates attacks

security alerts 24/7
Analyze, Visualize, & Integrate
Integrate security
health status,
recommendations,
and alerts using
REST APIs
Access security data Azure
Diagnostics
Azure
Storage

in near real-time
from your SIEM –
Azure APIs

security alerts, Azure Log

Integration
activity logs, VM Log

security events Rehydrate:

“Forwarded Events”
Export
Flat files (IIS Logs)Logs Standard Log
Analytics/
SIEM
Connector
CEF formatted logs (ArcSight, Splunk, etc)
Gain insight into
the security state
of subscriptions in
Power BI
Why Azure Security Center

Integrated approach Intelligence and expertise Speed, scale, and savings

Hybrid cloud workload protection
Azure Security Center &Microsoft Operations
OMS Security
Management Suite
Security built-in to Azure Security built-in to OMS
Asset discovery and ongoing security assessment Collection of security data from virtually any
(antimalware, system updates, encryption, virtual source (Azure or AWS, Windows Server or Linux,
network configurations) VMware or OpenStack)

Actionable security recommendations Insight into security status (antimalware, system

updates)
Security policy for IT governance
Correlations to detect malicious activities and
Integrated management and monitoring search for rapid investigation
of partner security solutions
Integrates operational and security
Threat detection using advanced analytics management

Threat detection using advanced analytics

Free IT Pro resources
To advance your career in cloud technology

Plan your Cloud role mapping

Microsoft IT Pro Career Center
career path www.microsoft.com/itprocareercenter
Expert advice on skills needed

Self-paced
Microsoft curriculum by cloud role
Get started IT Pro Cloud Essentials
with Azure www.microsoft.com/itprocloudessentials
$300 Azure credits and extended trials

Pluralsight 3 month subscription (10 courses)

Demos and Microsoft Mechanics
how-to videos www.microsoft.com/mechanics
Phone support incident

Weekly short videos and insights from Microsoft’s leaders and engineers
Connect with peers Microsoft Tech Community
and experts Connect with community of peers and Microsoft experts
https://techcommunity.microsoft.com
Free IT Pro resources
To advance your career in cloud technology
Plan your IT Pro Career Center
career path http://www.microsoft.com/itprocareercenter
Get started IT Pro Cloud Essentials
with Azure https://www.microsoft.com/itprocloudessentials
Demos and Microsoft Mechanics
how-to videos https://www.microsoft.com/mechanics
Connect with Ask questions, get answers, exchange ideas
peers and experts https://techcommunity.microsoft.com
Get started with Azure Solutions today
Azure Solutions http://azure.com/solutions
Azure monthly Join live or watch on-demand
webinar series http://aka.ms/AzureMonthlyWebinar
Please evaluate this session
Your feedback is important to us!

From your PC or Tablet visit MyIgnite at

http://myignite.microsoft.com

From your phone download and use the Ignite

Mobile App by scanning the QR code above or
visiting https://aka.ms/ignite.mobileapp
Don’t miss these sessions:
THR2039: Gain visibility and control over the security of your cloud
infrastructure
Monday 5:40pm - 6:00pm, Tuesday 4:05 - 4:25, Thursday 9:05 - 9:25, Microsoft Theatre 1
Get control over your datacenter with security monitoring using Operations
Management Suite
Tuesday 12:30pm - 1:45pm, B405 - B407
Assess security posture of your datacenter in under one hour using
Operations Management Suite
Wednesday 10:45am - 12:00pm, C112
Mitigate datacenter security threats with guided investigation using
Operations Management Suite and Azure Security Center
Thursday 11:30am - 12:15pm, C114