Mohsen
Azure Cloud Security Components
by
, 01-23-2024 at 03:32 AM (47513 نمایش ها)
Azure Cloud Security Components
Purpose of this article:
The purpose of this article is to mention some of the fundamental security components for Azure Security and how they link together.
Cloud Security Components:
I divide the Cloud security components in 4 main sections (there are more and I just want to focus on these) :
1. Cloud Native Application Protection (CWPP & CSPM)
2. Extended Detection and Response (XDR)
3. Connection to other infrastructure in other cloud providers or on-premises (Azure ARC)
4. An Integrated SIEM and SOAR solution (Azure Sentinel)
1. Cloud Native Application Protection Platform:
CNAPP is a term first coined by Gartner in 2021 to describe an all-in-one platform that unifies security and compliance capabilities to prevent, detect, and respond to cloud security threats. A CNAPP integrates multiple cloud security solutions that have been traditionally siloed in a single user interface, making it easier for organizations to protect their entire cloud application footprint.
1.a. Cloud Workload Protection Platform (CWPP)
CWPPs provide real-time detection and response to threats based on the latest intelligence across all your multicloud workloads, such as virtual machines, containers, Kubernetes, databases, storage accounts, network layers, and app services. CWPPs help security teams conduct speedy investigations into threats and reduce their organization’s attack surface.
Use case example: You can just consider one service, for example, Microsoft Defender for Cloud and see the capabilities and how it can address the gaps in your storage account security by having Artifitial Intelligence(AI) power in background : https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction
1.b. 1.b. Cloud Security Posture Management (CSPM)
CSPM solutions are designed to provide security teams with a connected, prioritized view of potential vulnerabilities and misconfigurations across multicloud and hybrid environments. A CSPM continuously assesses your overall security posture and gives security teams automated alerts and recommendations about critical issues that could expose your organization to data breaches. It has automated compliance management and remediation tools to spot gaps and keep them closed.
2. Microsoft 365 Defender- extended detection and response (XDR)
By acquiring Microsoft Security E5 License , you have access to a lot of security functionality. Microsoft Defender XDR is an XDR platform that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps.
3. Azure Arc: Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model.
4. Azure Sentinel:
Azure Sentinel, now known as Microsoft Sentinel, centralizes your threat collection, detection, response, and investigation efforts. It provides threat intelligence and intelligent security analytic capabilities that facilitate threat visibility, alert detection, threat response, and proactive hunting. Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that uses built-in AI to help analyse large volumes of data across an enterprise. and security orchestration, automation, and response (SOAR) to help us proactively protect your digital estate.
My recommendation is using Microsoft Defender for Cloud and other mentioned products however I do not want the discussion (gaps) be distracted by vendor choosing arguments.
Written by: Mohsen
•CopyRight: This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
•CopyRight Notice: You can use or share this article for free but you have to mention the the writer name ( Written by: Mohsen ) and share the Link: https://forum.golzarion.com/entry.php?b=32