Book description
Discover high-value Azure security insights, tips, and operational optimizations
This book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder show how to apply Azure Security Center's full spectrum of features and capabilities to address protection, detection, and response in key operational scenarios. You'll learn how to secure any Azure workload, and optimize virtually all facets of modern security, from policies and identity to incident response and risk management. Whatever your role in Azure security, you'll learn how to save hours, days, or even weeks by solving problems in most efficient, reliable ways possible.
Two of Microsoft's leading cloud security experts show how to:
• Assess the impact of cloud and hybrid environments on security, compliance, operations, data protection, and risk management
• Master a new security paradigm for a world without traditional perimeters
• Gain visibility and control to secure compute, network, storage, and application workloads
• Incorporate Azure Security Center into your security operations center
• Integrate Azure Security Center with Azure AD Identity Protection Center and third-party solutions
• Adapt Azure Security Center's built-in policies and definitions for your organization
• Perform security assessments and implement Azure Security Center recommendations
• Use incident response features to detect, investigate, and address threats
• Create high-fidelity fusion alerts to focus attention on your most urgent security issues
• Implement application whitelisting and just-in-time VM access
• Monitor user behavior and access, and investigate compromised or misused credentials
• Customize and perform operating system security baseline assessments
• Leverage integrated threat intelligence to identify known bad actors
Table of contents
- Cover
- Title Page
- Copyright Page
- Contents
- Acknowledgments
- About the authors
- Foreword
- Introduction
- Chapter 1 The threat landscape
- Chapter 2 Introduction to Azure Security Center
- Chapter 3 Policy management
- Chapter 4 Mitigating security issues
- Chapter 5 Using Security Center for incident response
- Chapter 6 Advanced cloud defense
-
Chapter 7 Security incident and event management (SIEM) integration with Splunk
- Integrating SIEM solutions
-
Splunk integration with Azure Security Center
- Confirming accessible logs in Azure Monitor
- Configuring the subscription for the Splunk SIEM pipe
- Creating and configuring a resource group for the Splunk SIEM pipe
- Setting up an Azure AD application to provide an access control identity
- Creating an Azure key vault
- Copying the app password into Key Vault
- Making an event hub
- Creating a shared access key for event hub access control
- Placing the event hub shared access key in Azure Key Vault
- Hooking up the event hub to Azure Monitor
- Spinning up the virtual machine that hosts the Splunk enterprise VM
- Installing and configuring the Azure Monitor add-on for Splunk
- Chapter 8 Monitoring identity and access
- Chapter 9 Using threat intelligence to identify security issues
- Appendix A Using multiple workspaces in Security Center
- Appendix B Customizing your operating system security baseline assessment
- Index
- Code Snippets
Product information
- Title: Microsoft Azure Security Center, First Edition
- Author(s):
- Release date: June 2018
- Publisher(s): Microsoft Press
- ISBN: 9781509307081
You might also like
book
Microsoft Azure Security Center, 3rd Edition
The definitive practical guide to Azure Security Center, 50%+ rewritten for new features, capabilities, and threats …
book
Microsoft Azure Security Technologies Certification and Beyond
Excel at AZ-500 and implement multi-layered security controls to protect against rapidly evolving threats to Azure …
book
Exam Ref AZ-500 Microsoft Azure Security Technologies
Direct from Microsoft, this Exam Ref is the official study guide for the new Microsoft AZ-500 …
book
Exam Ref AZ-500 Microsoft Azure Security Technologies
Prepare for Microsoft Exam AZ-500: Demonstrate your real-world knowledge of Microsoft Azure security, including tools and …