cybersecurity reference architectureazure key vault azure security center • threat protection...
TRANSCRIPT
![Page 1: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/1.jpg)
![Page 2: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/2.jpg)
Internet of ThingsUnmanaged & Mobile Clients
Sensitive Workloads
Cybersecurity Reference Architecture
Extranet
Azure Key Vault
Azure Security Center• Threat Protection• Threat Detection
System Center Configuration Manager + Intune
Microsoft Azure
On Premises Datacenter(s)
NGFW
Nearly all customer breaches that Microsoft’s Incident Response team investigates involve credential theft 63% of confirmed data breaches involve weak, default, or stolen passwords (Verizon 2016 DBR)
Colocation
$
EPP - Windows Defender
EDR - Windows Defender ATPMacOS
Multi-Factor Authentication
MIM PAMAzure App Gateway
Network Security Groups
Azure AD PIM
Azure Antimalware
Disk & Storage Encryption
SQL Encryption & Firewall
Hello for Business
Windows Info Protection
Enterprise Servers
VPN
VPN
VMs VMs
Certification Authority (PKI)
Incident
Response
Vulnerability
Managemen
t
Enterprise Threat
Detection
AnalyticsManaged
Security Provider OMS
ATA
SIEM
Security Operations
Center (SOC)
Logs & AnalyticsActive Threat Detection
Hunting Teams
Investigation and Recovery
WEF
SIEM Integration
IoT
Identity &
AccessUEBA
Windows 10Windows 10 Security
• Secure Boot• Device Guard• Application Guard• Credential Guard • Windows Hello
Managed Clients
Windows Server 2016 SecurityShielded VMs, Device Guard, Credential Guard, Just Enough Admin, Hyper-V Containers, Nano server, …
Software as a Service
ATA
Privileged Access Workstations (PAWs)
• Device Health Attestation
• Remote Credential Guard
Intune MDM/MAM
Conditional Access
Cloud App Security
Azure Information
Protection (AIP)• Classify• Label• Protect• Report
Office 365 DLP
Endpoint DLP
Structured Data & 3rd party Apps
DDoS attack mitigation
Cla
ssif
icat
ion
Lab
els
ASM
Lockbox
Office 365
Information
Protection
Legacy Windows
Backup and Site Recovery
Shielded VMs
Domain Controllers
Office 365 ATP• Email Gateway• Anti-malware
Hold Your Own Key (HYOK)
ESAEAdmin Forest
PADS
80% + of employees admit using non-approved SaaS apps for work (Stratecast, December 2013)
IPS
Edge DLP
SSL Proxy
Security Development Lifecycle (SDL)
Azure AD Identity Protection
Security Appliances
Last updated March 2017 – latest at http://aka.ms/MCRA
![Page 3: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/3.jpg)
• Azure Security Center
• OMS Security and Compliance
• Azure Key Vault
• Azure Disk Encryption
• Azure Storage Encryption
• Azure Storage Service Encryption
• Azure SQL Transparent Data Encryption
• Azure SQL Cell Level Encryption
• Azure Log Integration
• Azure Active Directory Multi-Factor Authentication
• Azure Active Directory Privileged Identity
Management
![Page 4: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/4.jpg)
!
![Page 5: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/5.jpg)
Hybrid cloud requires a new approach for security
Distributed infrastructure
Need better visibility and control
Rapidly changing cloud resources
Require solutions that keep pace with speed and agility of cloud
Increasingly sophisticated threats
Leverage analytics and threat intelligence to detect threats quickly
![Page 6: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/6.jpg)
Information
IdentityCloud Infrastructure
Private Cloud & On-Premises Infrastructure
Microsoft Threat Detection Deep insight across your environment
Azure Security Center
• Threat Protection• Threat Detection
EDR -Windows Defender ATP
OMS
ATA
Cloud App Security
Office 365 ATP• Email Gateway• Anti-malware
Operations Management
Suite
Azure AD Identity Protection
Advanced Threat
Analytics
SIEM
Security Appliances
![Page 7: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/7.jpg)
![Page 8: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/8.jpg)
Dynamically discover and manage the
security of your hybrid cloud workloads in
a single cloud-based console
![Page 9: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/9.jpg)
Built-in Azure, no setup required
Automatically discover and monitor security of Azure resources
Gain insights for hybrid resources
Easily onboard resources running in other clouds and on-premises
![Page 10: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/10.jpg)
Central policy management
Define a security policy for each subscription in Security Center
Apply across multiple subscriptions using Azure Management Groups
![Page 11: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/11.jpg)
Quickly identify list of notable events that require your attention
Out of the box notable events in dashboard or create custom queries
Search and analyze security data using a flexible query language
Use built-in or custom queries with Log Analytics search
![Page 12: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/12.jpg)
Integrated partners
Connected security solutions running in Azure, e.g. firewalls and antimalware solutions
Microsoft security
Azure Active Directory Information Protection
Advanced Threat Analytics
Many others
Any security solution that supports Common Event Format (CEF)
![Page 13: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/13.jpg)
Enable actionable, adaptive protections
that identify and mitigate risk to reduce
exposure to attacks
![Page 14: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/14.jpg)
Continuous assessment of machines, networks, and Azure services
Hundreds of built-in security assessments, or create your own
Fix vulnerabilities quickly
Prioritized, actionable security recommendations
![Page 15: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/15.jpg)
Lock down ports on virtual machines
Enable just-in-time access to virtual machines
Access automatically granted for limited time
![Page 16: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/16.jpg)
Allow safe applications only
Adaptive whitelisting learns application patterns
Simplified management with recommended whitelists
![Page 17: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/17.jpg)
Use advanced analytics and Microsoft Intelligent
Security Graph to rapidly detect and respond to
evolving cyber threats
![Page 18: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/18.jpg)
Built-in Intelligence and advanced analytics
Powered by Microsoft Intelligent Security Graph
![Page 19: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/19.jpg)
Detect threats across the kill chain
![Page 20: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/20.jpg)
Get prioritized security alerts
Details about detected threats and recommendations
Detect threats across the kill chain
Alerts that conform to kill chain patterns are fused into a single incident
![Page 21: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/21.jpg)
Visualize source of attacks with interactive map
Analyzes data from your computers and firewalls logs
Gain insights through threat reports
Attacker’s known objectives, tactics, and techniques
![Page 22: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/22.jpg)
Quickly assess the scope and impact of an attack
Interactive experience to explore links across alerts, computers and users
Use predefined or ad hoc queries for deeper examination
![Page 23: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/23.jpg)
Automate and orchestrate common security workflows
Create playbooks with integration of Azure Logic Apps
Trigger workflows from any alert to enable conditional actions
![Page 24: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/24.jpg)
Alerts that conform to kill chain patterns are fused into a single incident
![Page 25: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/25.jpg)
Just in time Access
Predictive applicationWhitelisting
![Page 26: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/26.jpg)
Access security data in near real-time from your Security Information and Event Management (SIEM)
Public Preview
Export Logs
Log
Analytics/
SIEM
Azure Diagnostics
Azure
Storage
Rehydrate:
“Forwarded Events”
Flat files (IIS Logs)
CEF formatted logs
Azure Log
Integration
Standard Log Connector
(ArcSigt, Splunk, etc)
Azure APIs
![Page 27: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/27.jpg)
Azure Security Center
Dynamically discover and manage the security of your hybrid cloud workloads in a single cloud-based console
Unified visibility and control
Enable actionable, adaptive protections that identify and mitigate risk to reduce exposure to attacks
Adaptive threat prevention
Use advanced analytics and Microsoft Intelligent Security Graph to rapidly detect and respond to evolving cyber threats
Intelligent detection and response
![Page 28: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/28.jpg)
![Page 29: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/29.jpg)
Security Dashboards
Deliver Rapid Insights into
Security State Across All
Workloads
API
![Page 30: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/30.jpg)
• Cloud App Security
![Page 31: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/31.jpg)
• User chooses apps (unsanctioned, shadow IT)
• User can access resources from anywhere
• Data is shared by user and cloud apps
• IT has limited visibility and protection
• Only sanctioned apps are installed
• Resources accessed via managed devices/networks
• IT had layers of defense protecting internal apps
• IT has a known security perimeter
Life with cloudLife before cloud
On-premises
Storage, corp data Users
![Page 32: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/32.jpg)
Clouddiscovery
Discover all cloud usage in
your organization
Informationprotection
Monitor and control your data
in the cloud
Threat detection
Detect usage anomalies and
security incidents
In-session
controlControl and limit user access
based on session context
DISCOVER INVESTIGATE CONTROL PROTECT
![Page 33: Cybersecurity Reference ArchitectureAzure Key Vault Azure Security Center • Threat Protection •Threat Detection System Center Configuration Manager + Intune Microsoft Azure On](https://reader030.vdocuments.us/reader030/viewer/2022040801/5e389756f55a441bfc109146/html5/thumbnails/33.jpg)
Discovery
• Use traffic logs to discover and analyze which cloud apps are in use
• Manually or automatically upload log files for analysis from your firewalls and proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud app providers
• Connect an app and extend protection by authorizing access to the app. Cloud App Security queries the app for activity logs and scans data, accounts, and cloud content
App connectors
Cloud discoveryProtected
Cloud apps
Cloud traffic
Cloud traffic logs
Firewalls
Proxies
Your organization from any location
API
Cloud App Security