Describe security management capabilities of Azure Flashcards
Microsoft Defender for Cloud
Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications from various cyber threats and vulnerabilities.
-DevSecOps: Helps you to incorporate good security practices early during the software development process. You can protect your code management environments and your code pipelines, and get insights into your development environment security posture from a single location.
-Cloud Security Posture Management (CSPM): assesses your systems and automatically alerts security staff in your IT department when a vulnerability is found.
-Cloud Workload Protection Platform (CWPP): Surface workload-specific recommendations that lead you to the right security controls to protect your workloads. (servers, containers, storage, databases, etc)
Microsoft Defender for Cloud, through its DevSecOps, CSPM, and CWPP capabilities, enables organizations to manage the security of their resources and workloads in the cloud and on-premises and improve their overall security posture.
How security policies and initiatives improve the cloud security posture
Microsoft Defender for Cloud enables organizations to manage the security of their resources and workloads in the cloud and on-premises and improve their overall security posture. It does this by using policy definitions and security initiatives
-An Azure Policy definition, created in Azure policy, is a rule about specific security conditions that you want controlled. (built-in or custom)
-A security initiative is a collection of Azure Policy definitions, or rules, grouped together towards a specific goal.
-To implement policy definitions or initiatives, you assign them to any scope of resources.
Microsoft Cloud Security Benchmark (MCSB)
MCSB Is a Microsoft-authored set of guidelines for security and compliance that provides best practices and recommendations to help improve the security of workloads, data, and services on Azure and your multicloud environment.
-Built-in security initiative that is automatically assigned when you enable Microsoft Defender for Cloud on your subscription.
-The MCSB provides many columns of data: ID, Control Domain, Mapping to industry frameworks, Recommendation, Azure Guidance, AWS Guidance.
Microsoft Defender for Cloud continuously assesses an organization’s hybrid cloud environment to analyze the risk factors according to the controls and best practices in the Microsoft cloud security benchmark.
-The regulatory compliance dashboard in Microsoft Defender for Cloud reflects the status of your compliance with the MCSB and any other standards that you’ve applied to your subscriptions.
Security Recommendations are the result of assessing your resources against the relevant policies and identifying resources that aren’t meeting your defined requirements.
Cloud Security Posture Management (CSPM)
CSPM provides you with hardening guidance that helps you efficiently and effectively improve your security. CSPM also gives you visibility into your current security situation.
-Secure score: Provides visibility to your current security posture. Defender for Cloud continually assesses your cross-cloud resources for security issues. It then aggregates all the findings into a single score. (the higher the score, the lower the identified risk level.)
-MCSB is automatically applied to your environments and generates all the built-in recommendations that are part of this default initiative.
-Recommendations are grouped into security controls. Each control is a logical group of related security recommendations, and reflects your vulnerable attack surfaces.
-Your score only improves when you remediate all of the recommendations for a single resource within a control.
-Foundational CSPM: Defender for Cloud offers foundational multicloud CSPM capabilities for free.
-Defender Cloud Security Posture Management (CSPM) plan: The optional, paid Defender for Cloud Secure Posture Management plan provides additional, advanced security posture features.
Enhanced security of Microsoft Defender for Cloud
Cloud workload protections are delivered through integrated Microsoft Defender plans, specific to the types of resources in your subscriptions and provide enhanced security features for your workloads.
Microsoft Defender for servers , Microsoft Defender for App Service
Microsoft Defender for Storage, Microsoft Defender for SQL
Microsoft Defender for Kubernetes, Microsoft Defender for container registries
Microsoft Defender for Key Vault, Microsoft Defender for Resource Manager
Microsoft Defender for DNS, Microsoft Defender for open-source relational protections
Microsoft Defender plans specific to the types of resources in your subscriptions provide enhanced security features for your workloads.
-Comprehensive endpoint detection and response
-Vulnerability scanning for virtual machines, container registries, and SQL resources
-Multicloud security
-Hybrid security
-Threat protection alerts
-Track compliance with a range of standards
-Access and application controls
DevOps Security Management
Defender for DevOps, a service available in Defender for Cloud, empowers security teams to manage DevOps security across multi-pipeline environments. Uses a central console to empower security teams with the ability to protect applications and resources from code to cloud across multi-pipeline environments, such as GitHub and Azure DevOps.
-Unified visibility into DevOps security postur
-Strengthen cloud resource configurations throughout the development lifecycle
-Prioritize remediation of critical issues in code
Defender for DevOps allows you to manage your connected DevOps environments and provides your security teams with a high level overview of discovered issues that may exist within them, through the Defender for DevOps console.
-Helps unify, strengthen and manage multi-pipeline DevOps security.
