Module 4aa - Security and Network Security - Protect Against Security Threats - Security Center and Secure Score Flashcards
What is Azure Security Center?
A monitoring service that provide visibility into your security posture for all services in Azure AND On-Prem. It centralizes all security concerns into one view
What are some capabilities of Azure Security Center?
- Monitor security settings across Cloud AND On-Prem
- Auto-apply required security settings to newly provisioned resources
- Security recommendations
- Continuously monitor Resources
- Security assessments to identify potential vulnerabilities before they can be exploited
- Detect and analyze potential inbound attacks and investigate threats + any post-breach activity (requests from black-listed IPs for example)
How can Machine Learning be used by the Security Center?
You can use Machine Learning to detect and block malware from being installed on VMs and other resources
Security Center can measure compliance against the specific Security Controls of any governance Policies or regulatory compliance Policies that are assigned to Resources (T/F)
True. Security center will list all the assigned compliances both governance and regulatory and show the total controls passing compliance/total controls PER Compliance assigned
Remember….Policy Assignments are what Security Center Recommendations are based on…
What does the Resource Security Hygiene section show? How are Recommendations categorized?
Shows the health of your Resources from a “Security && Priority” perspective, categorizing remediation recommendations by Low/Medium/High
What are Security Controls?
Groups of related security recommendations.
What four (4) ways does Security Center protect against threats?
- JIT VM Access
- Adaptive App Controls
- Adaptive Network Hardening
- File Integrity Monitoring
General Knowledge: What is your Security Posture?
An aggregate of all cybersecurity policies and controls, and how well you can predict, prevent, and respond to security threats…
Your RBAC, Security-based Policies, what security-based resources you have provisioned at each layer of Defense in Depth, etc. and how well they protect and prevent breaches
What’s the Secure Score and what’s it based on?
A measurement of an organization’s Security Posture.
Based on the percentage of Security Controls your organization satisfies
How do you grow your Secure Score?
Remediating all the recommendations for a SINGLE Resource within a Security Control
Each Control listed (under Security Center > Recommendations) has a sub list of all remediation items that will satisfy the the Control
How does a Secure Score help improve your organization?
It’s a KPI 👍
- It serves as a KPI on the current state of the entire org’s Security Posture
- Improves Posture discoverability, visibility, guidance and control
- Allows for comparison with benchmarks and other established KPIs
“Preview” Recommendations are also included in your Secure Score (T/F)?
False. Only the current built-in recommendations impact your score.
Pro-Tip: Remediate previews anyway. If they become fully released/built-in, they you’ll already have built your compliance around them
What are two (2) ways to customize your Security Controls/Recommendations?
- Disable Policies (can’t make Recommendation when there’s nothing to recommend lol)
- Exempt specific Resources from a Recommendation
What are two (2) ways to create an Exemption for a Recommendation and how are they shown in Security Center?
Exempt a Resource - The individual Resource will show up in Security Center as “Exempt” from the Recommendation
Exempt a Subscription or Management Group - When you create this kind of exemption, you select a justification for it, which is then applied to all Recommendations for the Subscription or Mgmt Group
What does Just-In-Time VM Access block and allow?
It can BLOCK traffic to specific network ports on a VM and can allow traffic for a specified time (upon admin approval)