Cybercrime is happening all around us. If you haven’t been affected, it’s not a question of “if” but “when.” Organized crime syndicates or script kiddie hackers employ sophisticated tools to generate profit or cause reputational damage. Nation–state actors leverage hacking to further political or economic agendas. The threats we see today are not new, but the level of sophistication has reached new heights.
“The World Economic Forum estimates the economic value destroyed by cybercrime attacks at $3 trillion.”
In 2016, US businesses lost $1.8 million on average to spear-phishing attacks. Given these threats, we have compiled a few recent announcements from Microsoft on how they’re helping customers take an intelligent approach to preventing, detecting and responding to such events.
Microsoft’s Azure Sentinel Security Information and Event Management (SIEM) is now commercially available
SIEM provides real–time analysis of security alerts generated by applications or network hardware. Just recently, Microsoft took its SIEM, Azure Sentinel, out of public preview and into General Availability (GA). SIEM products have been in the market for a long time now. But even now, SecOps teams find it difficult to prioritize threats and show a clear call to action. Moreover, a shortfall of 3.5 million security professionals by 2021 will further increase these challenges.
Below are a few ways Azure Sentinel helps with cloud-native security operations:
Collects data across your enterprise
The Azure Sentinel SIEM collects security data through built-in connectors, native integration with Microsoft products and standard industry log formats like Common Event Format (CEF) or Syslog. It’s also possible to import Microsoft 365 data for free and combine it with other security data for analytics. Azure sentinel connects to other popular solutions like Palo Alto Networks, F5, Symantec, Fortinet and many more.
AI to analyze and detect threats quickly
It would be impossible for a normal human to sift through daily security alerts and make the correlation from different products. Azure Sentinel’s scalable machine learning algorithm helps you quickly connect the dots. Combining this data with other solutions helps you better understand the kind of behavioral data that provides visibility into an entire attack sequence.
Automate common tasks and threat response
With Azure Sentinel, the need to keep solving the same problems disappears. Built-in automation with custom playbooks solves repetitive tasks and responds to threats quickly.
Azure Bastion available in Preview
Many organizations struggle to secure the connection to their Virtual Machines (VMs) on virtual networks (VNets) from the outside. Azure Bastion is a fully managed Platform as a Service (PaaS) offering that provides secure and seamless Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to your VMs directly through Azure portal.
Limit Public Exposure of Virtual Machine IPs
Access all VMs within a VNet through a single hardened point. Exposing the Bastion host as primary exposed public access helps lockdown of public internet exposure and limits threats such as port-scanning and other types of malware targeting your VMs.
Connect to VMs over SSL
Connect VMs in your VNet over SSL, port 443, directly in Azure portal. The RDP/ SSH connectivity helps you to connect from any device, any platform and at any time. This needs no additional agent to run inside your virtual machines.
A fully managed service
As a PaaS service, Azure Bastion is fully managed which means it has autoscale and hardened features. It provides an integrated, automated way to manually deploy and manage jump servers to shield your VMs.
“The industry median time to detect an attacker on a victim’s network is 140+ days.”
Security Stack Partner Ecosystem
Cipher Trust Cloud Key Manager solution by Thales is now available on Azure Stack Marketplace. This works with Azure and Azure stack “Bring Your Own Key” (BYOK) APIs to enable key control. The solution creates Azure compatible keys from the Vormetric Data Security Manager that can offer up to FIPS 140-2 level 3 protection. Customers can upload, manage, and revoke keys, as needed, to and from Azure Key Vaults running in Azure Stack or Azure. 6
Azure delivers multiple layers of security, from the secure foundation in its physical data centers to its operational practices to engineering processes that follow industry-standard Mitre guidelines. Additionally, customers get to choose from numerous self-serve security services that work for both Azure and on-prem workloads. Microsoft employs more than 3,500+ cybersecurity professionals and spends $1 billion annually on security.
Just like anything else on the cloud, security also operates on a shared responsibility model between the cloud provider and the customer. At the same time, a cloud provider’s built-in security tools may not protect you from all the threats faced by your organization. Softchoice can help you identify such vulnerabilities and craft a vendor-agnostic plan to defend your kingdom.
Looking for more insights on cloud security and Azure? Check out our Microsoft Azure Resources Hub.