Describe security management capabilities of Azure Flashcards
Cloud security posture management (CSPM)
- As companies transition from on-premises to the cloud, it becomes challenging to ensure full protection of data, assets, and resources due to the evolving nature of cloud-based systems.
- CSPM is a class of tools designed to enhance cloud security management by assessing systems, identifying vulnerabilities, and alerting security staff.
- CSPM leverages tools and services within the cloud environment to monitor and prioritize security enhancements and features.
- It incorporates zero-trust access control, real-time risk scoring, threat and vulnerability management (TVM), risk discovery, technical policy enforcement, and threat modelling.
- The goal of CSPM is to continuously report on and improve the organization’s security posture, disrupting potential attackers’ return on investment.
- CSPM can involve multiple teams within an organization, including threat intelligence, IT, compliance and risk management, business leaders, security architecture and operations, and audit teams.
- By utilizing CSPM, organizations can assess their cloud environment, receive automatic vulnerability alerts, and improve overall cloud security management.
Microsoft Defender for Cloud
- Microsoft Defender for Cloud is a tool for security posture management and threat protection that strengthens the security of cloud resources.
- It provides protection for workloads running in Azure, hybrid environments, and other cloud platforms.
- Microsoft Defender for Cloud addresses three essential needs in managing resource and workload security: continuous assessment, securing connected resources and services, and defending against threats.
- Continuous assessment helps you understand your security posture, track vulnerabilities, and stay informed about potential risks.
- The tool helps secure all connected resources and services by implementing necessary security measures and hardening configurations.
- Microsoft Defender for Cloud is designed to detect and resolve threats targeting your resources, workloads, and services.
- The tool encompasses cloud security posture management and cloud workload protection, covering a wide range of features to meet these security requirements.
Cloud security posture management (CSPM)
Visibility and Hardening
In Microsoft Defender for Cloud, the posture management features provide:
Visibility - to help you understand your current security situation
Hardening guidance - to help you efficiently and effectively improve your security
- Microsoft Defender for Cloud provides visibility into your organization’s security posture through the secure score feature.
- Secure score aggregates findings from continuous assessments to provide a single score indicating the current security situation.
- The higher the secure score, the lower the identified risk level for your resources, subscriptions, and organization.
- Microsoft Defender for Cloud offers hardening recommendations based on identified security misconfigurations and weaknesses.
- Recommendations are categorized into security controls, which represent logical groups of related security recommendations.
- Each security control addresses specific vulnerable attack surfaces and provides actionable steps for improvement.
- Remediation of all recommendations within a control is necessary to improve the secure score for a particular resource.
- Use the provided security recommendations to enhance the security posture of your Azure, hybrid, and multicloud resources.
- Implementing the recommended changes helps strengthen the overall security of your organization’s environment.
Cloud workload protection (CWP)
The second pillar of cloud security is cloud workload protection.
Through cloud workload protection capabilities, Microsoft Defender for Cloud is able to detect and resolve threats to resources, workloads, and services.
Cloud workload protections are delivered through integrated Microsoft Defender plans, specific to the types of resources in your subscriptions and provide enhanced security features for your workloads.
Microsoft Defender for Cloud modes
- Microsoft Defender for Cloud is available in two modes: Free and Enhanced Security Features.
- The Free mode is automatically enabled on all Azure subscriptions and provides essential security features.
- Free mode includes secure score, security policy, continuous security assessment, and actionable security recommendations for Azure resources.
- Enhanced Security Features extend the capabilities of Microsoft Defender for Cloud to workloads in Azure, hybrid environments, and other cloud platforms.
- With enhanced security, you gain unified security management and threat protection across your workloads.
- Cloud workload protections are delivered through integrated Microsoft Defender plans tailored to different types of resources.
- Enhanced security features provide additional layers of protection for your workloads beyond the free mode.
- Enabling enhanced security helps ensure comprehensive security for your organization’s resources and workloads.
Microsoft Defender plans
- Microsoft Defender for Cloud offers advanced intelligent protections for different types of resources.
- Workload protections are provided through specific Microsoft Defender plans.
The available Microsoft Defender for Cloud plans include:
- Microsoft Defender for servers
- Microsoft Defender for App Service
- Microsoft Defender for Storage
- Microsoft Defender for SQL
- Microsoft Defender for Kubernetes
- Microsoft Defender for container registries
- Microsoft Defender for Key Vault
- Microsoft Defender for Resource Manager
- Microsoft Defender for DNS
- Microsoft Defender for open-source relational protections
- Each plan focuses on securing a specific aspect of your environment, such as servers, applications, storage, databases, Kubernetes, and more.
- You can enable and run multiple Microsoft Defender plans simultaneously to provide comprehensive defence.
- These plans enhance the security of your compute, data, and service layers, delivering advanced threat detection and protection.
Enhanced security features
- Enhanced security features are provided through specific Microsoft Defender plans for different types of resources.
- Some of the enhanced security features include:
- Comprehensive endpoint detection and response (EDR) with Microsoft Defender for servers.
- Vulnerability scanning for virtual machines, container registries, and SQL resources.
- Multicloud security for protecting resources and workloads on AWS and GCP.
- Hybrid security for a unified view of security across on-premises and cloud workloads.
- Threat protection alerts and contextual threat intelligence.
- Compliance tracking with industry standards and regulatory benchmarks.
- Access and application controls, including malware blocking and just-in-time access.
- These features enhance the security of your environment, protect against threats, and help ensure compliance.
- Each feature may be associated with specific Defender plans based on the workload type.
- Additional benefits include threat protection for connected resources and container security features, among others.
Microsoft cloud security benchmark (MCSB)
- The MCSB provides prescriptive best practices and recommendations to improve the security of workloads, data, and services on Azure and multicloud environments.
- It is available on GitHub as an Excel spreadsheet.
- Key components of the MCSB include:
- ID: Each line item has a unique identifier.
- Control domain: High-level descriptions of features or activities to be addressed, spanning network security, data protection, identity management, and more.
- Mapping to industry frameworks: Recommendations align with industry frameworks like CIS, NIST, and PCI DSS, facilitating security and compliance.
- Recommendation: Specific functionality associated with a control domain, each with its own identifier and description.
- Security principle: Explains the purpose of the control at a technology-agnostic level.
- Azure and AWS guidance: Provides technical details on implementing controls in Azure and AWS.
- MCSB assists organizations in assessing risk factors and following best practices.
- Microsoft Defender for Cloud uses the MCSB to assess an organization’s hybrid cloud environment against controls and best practices.
- Controls in the MCSB cover areas such as network security, identity and access control, data protection, incident response, and more.
- Microsoft Defender for Cloud includes a regulatory compliance dashboard that aligns with the MCSB, providing visibility into compliance status.
Security baselines for Azure
- Security baselines are standardized documents for Azure product offerings that provide optimal security configurations and capabilities.
- They help strengthen security through improved tooling, tracking, and security features.
- Service baselines are currently available only for Azure.
- Security baselines apply guidance from the Microsoft cloud security benchmark (MCSB) to specific Azure services.
- Content in a security baseline is grouped by the control domains defined by the MCSB.
- Each security baseline includes information such as Control ID, Security Features, Feature Description, Supported status, Enabled by Default status, Configuration Responsibility, Configuration Guidance, Microsoft Defender for Cloud monitoring note (if applicable), and Reference links.
- Security baselines provide actionable guidance for implementing configurations based on MCSB recommendations.
- Microsoft Defender for Cloud monitoring information may be included in the security baseline.
- The security baseline for Azure Key Vault is an example that demonstrates the type of information provided in a security baseline.
Microsoft Defender for Cloud covers two broad pillars of cloud security. Which pillar provides visibility to help you understand your current security situation and provides hardening recommendations?
A. Cloud security posture management (CSPM).
B. Cloud workload protection (CWP)
C. Microsoft Cloud security benchmark.
A. Cloud security posture management (CSPM).
The CSPM pillar of Microsoft Defender for Cloud provides visibility and to help you understand your current security situation and provides hardening recommendations.
An organization wants to add vulnerability scanning for its Azure resources to view, investigate, and remediate the findings directly within Microsoft Defender for Cloud. What functionality of Microsoft Defender for Cloud would they need to consider?
A. Secure score and recommendations functionality that is part of the CSPM pillar of Microsoft Defender for Cloud.
B. The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Microsoft Defender for Cloud.
C. Security Benchmarks.
B. The enhanced functionality that is provided through the Microsoft Defender plans and is part of the CWP pillar of Microsoft Defender for Cloud.
Microsoft Defender plans provide enhanced security features for your workloads, including vulnerability scanning.
Your organization wants to improve their security best practices, which option best describes the benefit of using security baselines in Azure?
A. Security baselines for Azure apply guidance from the Microsoft cloud security benchmark (or previous benchmarks) to the specific service for which it’s defined and provide organizations a consistent experience when securing their environment.
B. Security baselines continually assess your resources, subscriptions, and organization for security issues and then aggregates all the findings into a single score so that you can tell, at a glance, your current security situation.
C. Security baselines in Azure automate the remediation process.
A. Security baselines for Azure apply guidance from the Microsoft cloud security benchmark (or previous benchmarks) to the specific service for which it’s defined and provide organizations a consistent experience when securing their environment.
Security baselines for Azure apply guidance from the Microsoft cloud security benchmark (or previous benchmarks) to the specific service for which it’s defined and provide organizations a consistent experience when securing their environment.