運用 azure security center 深入分析企業混合雲 環境資安問題 · effective iaas...
TRANSCRIPT
© Copyright Fortinet Inc. All rights reserved.
運用 Azure Security Center 深入分析企業混合雲環境資安問題Thomas Huang
Cloud Solution Architect
台北,2018/11/15
Hybrid cloud requires a new approach for security
Distributed infrastructure
Need better visibility and control
Rapidly changing cloud resources
Require solutions that keep pace with speed and agility of cloud
Increasingly sophisticated threats
Leverage analytics and threat intelligence to detect threats quickly
StorageComputeIdentity Networking
Microsoft Managed
Customer Managed
Identity
& Access
Information
Protection
Threat
Protection
Security
Management
Physical
Security
Operational
Security
Infrastructure
Security
Built-in Azure, no setup required
Automatically discover and monitor security of Azure resources
Set Security Policy
Determine which security controls/assessments ASC should apply to your environment
Gain insights for hybrid resources
Easily onboard resources running in other clouds and on-premises
1
Continuous assessment of machines, networks, and Azure services
Hundreds of built-in security assessments, or create your own
Fix vulnerabilities quickly
Prioritized, actionable security recommendations
2
Lock down ports on virtual machines
Enable just-in-time access to virtual machines
Access automatically granted for limited time
3
Allow safe applications only
Adaptive whitelisting learns application patterns
Simplified management with recommended whitelists
4
PORT SCANNINGACTIVITY DETECTED
BRUTE FORCE ACTIVITY DETECTED
SUSPICIOUS PROCESS EXECUTED ON VM
DNS DATA EXFILTRATIONACTIVITY DETECTED
KILL CHAIN INCIDENT GENERATED
Anatomy of real attack-detected by Security Center
Explore detected threats in a visual and interactive way
Interactive experience to explore links across alerts, computers and users
Use predefined or ad hoc queries for deeper examination
6
Automate and orchestrate common security workflows
Create playbooks with integration of Azure Logic Apps
Trigger workflows from any alert to enable conditional actions
7
Centrally manage security across all of your IaaS
deployment
Harden OS, VNet, storage, and SQL configurations and
apply preventive controls
Monitor VM events and network traffic to identify threats and react quickly
To learn more, visit azure.microsoft.com/en-us/services/security-center/
Use Security Center for Azure resources
Start trial for ASC standard to get advanced
threat protection
Onboard on-premises and other cloud
workloads