Azure Security Center Wrap - Issue #4
Hi, all! Welcome back! Welcome to issue #4 of our bi-weekly newsletter for all things Azure Security Center.
Before I hand you off to the various sections below, there's a couple things important to highlight for this issue.
There's two ways for you to get involved this week and help make the product better. Both are in the form of surveys supplied by the product teams. Here they are:
Public Preview Feedback - Azure Workbooks in Security Center- this is a short, 4-question survey to get your recommendations on new Security Workbooks.
Container Security Requirements - your answers here could directly impact the roadmap for Security Center in terms of your priorities when it comes to container security
You are all invested to be here in this community, so this is your chance to be invested in making your product experience the best it can be.
Even if you can't take the time to participate in the surveys - or maybe one or both of the areas surveyed don't apply to you - I'm sure you know someone in your organization that these areas do matter to. Please send these along to them.
Talk again in 2 weeks!
-Rod
Things to Read
Azure Defender integration with TVM – Azure Cloud & AI Domain Blog — cda.ms As part of the October update, Azure Defender is now integrated with Microsoft Threat and Vulnerability Management (TVM) which is now in public preview!
The Adventure of Automating Azure Security Center Part 1 - Microsoft Tech Community — cda.ms I hope this finds you well. I wanted to start a series of automating on Azure Security Center. The goal of this first article is to dive and walk through
Aligning CMMC Controls with your Azure Landing Zone - Microsoft Tech Community — cda.ms If you utilize them all together, Azure Landing Zones, Azure Policy, Azure Security Benchmarks, and the CMMC Level 3 Initiative in Azure Security Center
Kaido Järvemets on LinkedIn: Azure Security Center permissions — cda.ms These are Azure Security Center permissions. If you are planning to implement Azure AD PIM, then it is important to map out different permissions. After...
Do more with Azure Defender for Servers ·
There are many blogs and resources on Azure Defender for Servers, but quite often they only cover the getting started phase and a tour of the most prominent features in the portal. In this article I try to go a bit deeper and showcase two of the “hidden gems” you can get for free by onboarding servers to Azure Defender.
Things to Watch/Listen To
Yuri Diogenes, M.S. Cybersecurity on LinkedIn: #Azure #Security #cspm — cda.ms Here another episode of #Azure #Security Center in the Field Out of Band Edition. In this episode I'm answering some questions that were sent out of band...
Security: The Secret Life of a Security Signal | Well-Architected: The Backstage Tour | Channel 9 — cda.ms
The Secret Life of a Security Signal Presented by: Rod Trent, Cloud Advocate To combat cyber-attacks and protect against urgent threats, Microsoft collects billions of signa
Things to Have
Azure-Security-Center/Workflow automation/Notify-ASCRecommendationsResourceTag at main · Azure/Azure-Security-Center · GitHub — cda.ms This Logic App for Workflow Automations will notify ASC generated recommendations to Azure Resource TAG Owners including Azure Arc resources.
New Things
Vulnerability assessment solutions can now be auto enabled (in preview) — cda.ms
Security Center's auto provisioning page now includes the option to automatically enabled a vulnerability assessment solution to Azure virtual machines and Azure Arc machines on subscriptions protected by Azure Defender for servers.
Microsoft Threat and Vulnerability Management added as vulnerability assessment solution (in preview) — cda.ms
We've extended the integration between Azure Defender for servers and Microsoft Defender for Endpoint, to support a new vulnerability assessment provide for your machines: Microsoft threat and vulnerability management. Use threat and vulnerability management to discover vulnerabilities and misconfigurations in near real time with the integration with Microsoft Defender for Endpoint enabled, and without the need of additional agents or periodic scans. Threat and vulnerability management prioritizes vulnerabilities based on the threat landscape and detections in your organization.
Software inventory filters added to asset inventory (in preview) — cda.ms
The asset inventory page now includes a filter to select machines running specific software - and even specify the versions of interest. Additionally, you can query the software inventory data in Azure Resource Graph Explorer.
Security Center includes two features that help ensure newly created resources are provisioned in a secure manner: enforce and deny — cda.ms
When a recommendation offers these options, you can ensure your security requirements are met whenever someone attempts to create a resource: Deny stops unhealthy resources from being created Enforce automatically remediates non-compliant resources when they're created
Introducing the Network Security Dashboard for Azure Security Center Learn about the new Network Security Dashboard in Azure Security Center.
Related Things
Azure Automation Hybrid Worker Extension for Azure and Arc-enabled servers now in public preview | Azure updates | Microsoft Azure — cda.ms Onboard Azure Automation User Hybrid Runbook Worker based on VM extension platform for Azure Virtual machines and Arc-enabled servers. The extension-based platform leverages Azure Active Directory authentication.
Partner Things
New advanced specialisation highlights Altron Karabina’s expertise in security | ITWeb — cda.ms Altron Karabina is one of only six Microsoft partners in South Africa to have attained the Microsoft Threat Protection advanced specialisation.
News Things
Open Systems Adds New C-Level Executives as Security Services and Managed Detection and Response (MDR) Adoption Grows | News | bakersfield.com — cda.ms Open Systems, the cybersecurity service innovator for future-ready enterprises, today announced the expansion of its executive team with the additions of Michael Davis and Chris Raniere as the company’s Chief Architect and Chief Revenue Officer (CRO), respectively. These industry veterans have a deep understanding of the needs of mid-maturity organizations and how to deliver world-class managed security services. They are joining as adoption of the company’s Microsoft Cloud-native MDR service has grown 200 percent over the last year and continues to gain traction.