Please enable JavaScript.
Coggle requires JavaScript to display documents.
Protect against security threats on Azure (1) - Coggle Diagram
Protect against security threats on Azure (1)
SIEM - Security information and event management
Azure Sentinel
is Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis.
Capabilities
Collect cloud data at scale
Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds.
Detect previously undetected threats
Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence.
Investigate threats with artificial intelligence
Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft.
Respond to incidents rapidly
Utilize built-in orchestration and automation of common tasks.
Connect your data sources
Connect Microsoft solutions
Connect other services and solutions
Connect industry-standard data sources
Like REST
Detect threats
Built in analytics
use templates designed by Microsoft's team of security experts and analysts based on known threats, common attack vectors, and escalation chains for suspicious activity.
Custom analytics
are rules that you create to search for specific criteria within your environment
Investigate and respond
With the investigation graph, the company can review information from entities directly connected to the alert and see common exploration queries to help guide the investigation.
The company will also use
Azure Monitor Workbooks
to
automate responses to threats.
When the alert is triggered, open a ticket in the IT ticketing system.
Send a message to the security operations channel in Microsoft Teams
or Slack to make sure the security analysts are aware of the incident.
Send all of the information in the alert to the senior network admin and to the security admin.
The email message includes two user option buttons: Block or Ignore.
When an admin chooses
Block
, the IP address is blocked in the firewall and the user is disabled in Azure Active Directory.
When an admin chooses
Ignore
, the alert is closed in Azure Sentinel and the incident is closed in the IT ticketing system.
Azure Key
Azure Key Vault is a centralized cloud service for storing an application's secrets in a single, central location.
Characteristics
Manage secrets
You can use Key Vault to securely store and tightly control access to tokens,
passwords, certificates, API keys, and other secrets.
Manage encryption keys
You can use Key Vault as a key management solution. Key Vault makes it easier to create
and control the encryption keys that are used to encrypt your data.
Manage SSL/TLS certificates
Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer /
Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources.
Store secrets backed by hardware security modules (HSMs)
These secrets and keys can be protected either by software
or by FIPS 140-2 Level 2 validated HSMs.
benefits
Simplified administration of application secrets
Access monitoring and access control
Securely stored secrets and keys
Centralized application secrets
Integration with other Azure services
Azure Dedicated Host
provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Benefits
Gives you visibility into, and control over, the server infrastructure that's running your Azure VMs.
Helps address compliance requirements by deploying your workloads on an isolated server.
Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host.
Availability considerations for Dedicated Host
or high availability, you can provision multiple hosts in a host group and deploy your virtual machines across this group.
Pricing considerations
You're charged per dedicated host, independent of how many virtual machines you deploy to it. The host price is based on the VM family, type (hardware size), and region.