Organizations often struggle to understand and gain visibility of their security postures on premises -- add in the cloud and the problem grows exponentially. As more processes migrate off-site and as more applications are provisioned from scratch in the cloud, enterprises are unfortunately losing the much-needed visibility to maintain security and control over their workloads.
To understand your enterprise's security posture on premises, in the cloud and across hybrid environments, it is critical to conduct a security assessment. One tool -- Microsoft Azure Security Center – can help assess your enterprise's current posture, find security vulnerabilities and provide recommendations to remediate those vulnerabilities before they become exploited.
Yuri Diogenes, co-author of Microsoft Azure Security Center, Second Edition, knows about security assessments and cloud security. A senior program manager at Microsoft, Diogenes has been working with Azure since it was a beta program inside the company.
Here, Diogenes discusses some of the features that make Azure Security Center critical to enterprise security assessments and what makes the book different from the typical technical guides found online.
How can Azure Security Center be used for security assessments?
Yuri Diogenes: Azure Security Center has some services and assessments as part of its free tier. These initial assessments include secure recommendations and best practices. The core capabilities for the assessments are already available, so why not use them? It's free! Customers use it to see their security posture. As customers start to evolve on their journey to the cloud, they will be able to visualize through Azure Security Center that it's not only about prevention, but it's also about detection.
It's important to do your homework and make sure everything is secure. But, then, you must look at the other aspect: 'OK, now that everything is locked, I want to make sure I have an alarm if someone tries to get in' -- that's where detection comes in. The second piece of Azure Security Center, where we have threat detection, is the paid tier.
How do Azure Security Center recommendations work?
Diogenes: Recommendations are based on each workload. If it's an Azure Storage account, we're going to have different recommendations than if it's a virtual machine. Each workload has a set of recommendations on how to secure and remediate. After the assessment, we will say, 'OK, in order for you to secure this workload, you need to execute the following steps.' Of course, those steps are manual, but you can also implement automation to remediate it.
We have a new feature called 1-click fix. From the UI, you can select a resource, click on the button and remediate it right away. You don't need to go through multiple steps; you just click on the button, and then the remediation is applied. But this feature is very new and not yet available on every single recommendation.
Are there particular problem areas you see enterprises regularly encountering as they move to the cloud?
Diogenes: The most challenging thing -- probably because it has the largest footprint -- is IaaS. There are many situations where customers provision new VMs and leave them wide open to the internet. But you're exposing all those ports to the internet, making the VM an easy target. Lately, we've seen RDP [remote desktop protocol] brute-force attacks against virtual machines. Chances are that VM, at some point in time, might get compromised because of the brute-force attack constantly done against the machine. If you don't have a threat detection system in place, you will have no visibility that someone is trying to attack -- it's very silent.
Azure Security Center will help with detection in this scenario -- it will detect the RDP attack and prevent it using the just-in-time VM access feature, which reduces the attack surface and blocks access to RDP on machines, only allowing access in specific scenarios.
What makes this book stand out from online documentation?
Diogenes: We have end-to-end coverage of the entire scenario in the book. We're not focusing on 'this button does this, this button does that' -- we are talking about scenarios and how to cover major use cases. This book tells the entire story.
One of the unique things about the book is its sidebars -- sections in the book where we invited feature owners to explain something unique in his perspective, in their own words about the feature. We brought product groups and development folks to the book to share some of their insights. There are a lot of unique aspects of the book.
This is the second edition. How much changed from the first book?
Diogenes: We made changes in every single chapter -- some were minor refreshes, like updating some statistics, but others really changed. The software's UI changed a lot from last year to this year. We updated the screenshots to show the new experience and how to navigate through them.
Have you started working on the third edition?
Diogenes: Maybe mid-next year! But one of the reasons people are still buying the first edition and will enjoy the second edition is because a lot of the things we describe are still applicable from the rationale perspective. How customers approach problems, those things don't change. The problems change, but how you plan, how you design -- those things are the same.
About the author
Yuri Diogenes has a Master of Science in cybersecurity intelligence and forensics investigation from UTICA College and is a senior program manager for the Microsoft CxE Security team, where he primarily helps customers onboard and deploy Azure Security Center as part of their security operations and incident response. Yuri has been working for Microsoft since 2006 in different positions; he spent five years as a senior support escalation engineer for the CSS Forefront Edge team. From 2011 to 2017, he worked for the content development team where he also helped create the Azure Security Center content experience since its launch in 2016. Yuri has published a total of 21 books, mostly covering information security and Microsoft technologies. Yuri also holds an MBA and many IT and security industry certifications, such as CISSP, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Cloud Essentials Certified, Mobility+, Network+, CASP, CyberSec First Responder, MCSE and MCTS. You can follow Yuri on Twitter at @yuridiogenes or read his articles at his personal blog: http://aka.ms/yuridio.