Microsoft Defender for Cloud

Microsoft Defender for Cloud helps prevent, detect, and respond to threats to your Azure resources. It provides a single dashboard that shows you alerts and recommendations.

I will be going into more detail on Microsoft Defender for Cloud later in this chapter.

Microsoft Sentinel

Microsoft Sentinel is a cloud- native solution that is scalable and that provides:

              Security information and event management (SIEM)

             Security orchestration, automation, and response (SOAR)

It provides security analytics and threat intelligence as well as providing attack detection, threat visibility, proactive hunting, and threat response.

I will be going into more detail regarding Microsoft Sentinel later in this chapter.

Storage

This section will discuss some of the tools that are available for storage operations. I will briefly discuss some of these tools and features and what each is capable of.

Azure Role- Based Access Control (Azure RBAC)

Azure RBAC is an authorization system built into Azure Resource Manager that provides access management to Azure resources. It helps you manage who has access to resources and what they can do with those resources. Access is based on the security principles of need to know and least privilege.

Enabling Browser-B ased Clients Using CORS

Cross- Origin Resource Sharing (CORS) is a browser mechanism that allows a server to specify the origins such as domain, scheme, or port, other than its own from which a browser should permit loading resources. The User Agent sends extra headers to ensure that any JavaScript code loaded from a certain domain is allowed to access resources located at another domain.

Encryption at Rest

Encryption at rest is a cybersecurity practice that will encrypt stored data to prevent unauthorized access. There are three Azure storage security features that provide encryption at rest:

Azure Disk Encryption for Linux VMs and Azure Disk Encryption for Windows VMs Allow you to encrypt the operating system and data disks that are used by an IaaS VM.

Client- Side Encryption The cybersecurity practice of encrypting data on the sender’s side prior to being transmitted to a server such as a cloud storage service.

Storage Service Encryption (SSE) Allows you to request that the storage service will automatically encrypt data when writing it to Azure Storage and decrypt it prior to its retrieval.

Encryption in Transit

Encryption in transit is a cybersecurity practice of protecting data when it’s transmitted across networks. With Azure Storage, you can secure data by using transport-l evel encryption, wire encryption, or client- side encryption.

Shared Access Signature (SAS)

A shared access signature (SAS) is a Uniform Resource Identifier (URI) that allows restricted access rights to Azure Storage resources. You can allow a user to access objects in your storage account by setting permissions for a specified period and with a specified set of permissions. You can grant these permissions without having to share your account access keys.

Storage Analytics

For a storage account, Azure Storage Analytics performs logging and provides metrics data. This data can be used to trace requests, analyze trends, and diagnose problems with your storage account. Storage Analytics logs consist of detailed information pertaining to successful and failed requests to a storage service.

Now that I’ve briefly covered some of the tools and features of Azure security, let’s delve more into using Microsoft Sentinel.

Microsoft Sentinel

Microsoft Sentinel was previously known as Azure Sentinel. It is a cloud-n ative solution that is scalable and that provides security information and event management (SIEM) and security orchestration, automation, and response (SOAR). It provides security analytics and threat intelligence as well as attack detection, threat visibility, proactive hunting, and threat response. To get started with Microsoft Sentinel, you need to have an Azure subscription.

Microsoft Sentinel collects data for users, devices, applications, and infrastructure, both on- premises and in multiple clouds. By using Microsoft’s analytics and threat intelligence, you can detect threats and minimize false positives. You can investigate threats using artificial intelligence (AI) to hunt for suspicious activity as well as respond quickly to incidents.

Onboarding Global Prerequisites for Using Microsoft Sentinel

There are a few global prerequisites that must be met in order to onboard Microsoft Sentinel. First, you must have an active Azure subscription. You also need to have a Log Analytics workspace. To ensure that you can use all features and functionality of Microsoft Sentinel, you must raise the retention to 90 days. There are several permissions that must be met in order to work with Microsoft Sentinel. You need to have contributor permissions to the subscription where the Microsoft Sentinel workspace resides, you need either contributor or reader permissions on the resource group that the workspace belongs to, and you may need other permissions in order to connect to specific data sources.

Microsoft Sentinel Pricing

Microsoft Sentinel is billed depending on the volume of data analyzed in Microsoft Sentinel and how much is stored in Azure Monitor Log Analytics workspace. Data can be separated into Analytics Logs and Basic Logs:

       Analytic Logs: Support all data types covering full analytics, alerts, and no query limits. Analytics Logs can be monitored with scheduled alerts and analytics. There are two ways to pay for the Microsoft Sentinel Service: Pay- As- You-G o and Commitment Tiers.

       Pay- As- You- Go: You are billed per gigabyte (GB) for the volume of data used for security analysis in Microsoft Sentinel and stored in the Azure Monitor Log Analytics workspace.

       Commitment Tiers: You are billed on a fixed price depending on your selected tier. You can select different pricing tiers for Microsoft Sentinel and Azure Monitor Log Analytics depending on your specific needs.

       Basic Logs: Typically verbose and contain high- volume and low- security value data without the full capabilities of analytics logs.

To see the entire pricing matrix for Microsoft Sentinel, please check out Microsoft’s website at https://azure.microsoft.com/en- us/pricing/details/ microsoft- sentinel.

To onboard Microsoft Sentinel, you must first enable it and then set up data connectors.

The data connectors will be used to monitor and protect the environment.

Leave a Reply

Your email address will not be published. Required fields are marked *