Azure Security Center / Microsoft Defender for Cloud

• Azure security center and Azure defender is now called Microsoft Defender for Cloud.
• This is like a portal within the Azure portal.
• Defender for Cloud is a tool for security position management and threat protection.
• It protects and strengthens the security positions of your cloud resources.
• Defender for Cloud protects workloads running in Azure, hybrid, and other cloud platforms.
• Defender for Cloud provides the tools that, track your security situation, protect against cyber-attacks, and streamline security management.
• Defender for cloud provides
  • Continuous Assessment:
    • It gives you a Secure Score which will tell you the current security situation of your Azure Cloud Resources.
    • The higher the score, the lower the risk level.
  • Security Recommendations:
    • You are given some recommendations according to the priority.
    • It also gives you the steps to fix those issues.
    • For so many issues/recommendations, the azure cloud gives you a “Fix” button to automatically fix the issue.
  • Security Alerts:
    • When advanced security is enabled, Defender for Cloud detects threats to your resources and workloads.
    • These threats appear in the Azure Portal and Defender for cloud Portal.
    • Alerts can also be sent to individual people in the organization via email.
  • Policy and Compliance Matrix:
    • Policy and compliance are monitored by Azure, and the result is shown in the Security portal.
  • Integration with other cloud service providers:
    • You can get security information from other cloud providers, such as AWS and Google Cloud Platform, directly into Azure Security Center using security information and event management or SIEM tool.
    • This provides a single point for any multi-cloud security information.

How to effectively use Defender for Cloud?

You generally follow a 3-step process.

• Define Policies:
  • First, you need to define security policies that Azure can use to monitor your infrastructure.
  • A security policy is a set of rules that Azure can use to evaluate if your configuration of a service is valid.
  • Security Center comes with some predefined policies, but you will need to set up your own, too.
• Protect Resources:
  • Second, you must actively protect your resources.
  • While Security Center limits your exposure to threats, you still must actively monitor the policies and outcomes.
• Response:
  • And then third, if, or rather when, because it will likely happen, a security incident occurs, you must respond to it.
  • Security alerts will be raised by Security Center, and you will have to triage them.
  • You can then investigate any of the alerts and adjust your Azure implementation accordingly.
  • After all, what's the point of a security center if you don't pay attention to the alerts it raises?

Regulatory Compliance

• Azure Security Center helps streamline the process for meeting regulatory compliance requirements using the regulatory compliance dashboard.
• Azure Security Center keeps track of your regulatory compliance when it comes to cloud computing, which means then you don't have to.
• This also includes any policies you set up to manage the Azure subscription.
• Each part of Azure is assessed for you and in relation to the regulatory standards.

Resource Security Hygiene

• Hygiene, in this case, refers to how your resources are configured in relation to security best practices.
• For example, if you don't have disk encryption enabled on your virtual machine, this will be considered high risk, and your hygiene becomes quite stinky.
• The Azure Security Center will then recommend fixes such as encrypting the disk to improve your hygiene.