AZ-900 Episode 26 | Azure Security Center

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Azure Fundamentals Episode 26 is here. This time we cover Azure Security Center, and we talk about typical usage scenarios for this service.

📺 Video: https://youtu.be/tyztKP9rszU

🌐 Site: https://marczak.io/az-900/#ep26

🧠 Practice Test https://marczak.io/az-900/episode-26/practice-test

👍︎︎ 1 👤︎︎ u/AdamMarczakIO 📅︎︎ Oct 20 2020 🗫︎ replies

Hey man I just want to thank you for all your work on gathering all this material in one resource. I passed my AZ900 last Friday with your site

👍︎︎ 1 👤︎︎ u/alwaystool8 📅︎︎ Oct 20 2020 🗫︎ replies

Captions

hey guys this is adam and in this episode of azure fundamentals we'll cover what is azure security center and how does that service help us protect our azure resources stay tuned [Music] in this episode we'll talk about azure security center and what are the usage scenarios for this service so let's dive right into it in azure security center is responsible for continuously scanning your azure services whether those are platform as a service or infrastructure as a service services security center continuously scans those services and helps you protect your azure environment additionally security center provides you with recommendations so that your administrators and developers can act immediately and protect their environments on their own one cool feature of security center is that while it protects azure services you can also install agents on your on-premise virtual machines to extend the functionality of security center to protect your hybrid environments and if this reminds you of something it's probably azure advisor we've talked about how azure advisor scans your environments and provide you with a lot of recommendations including security recommendations it is worth noting that those security recommendations are actually provided by security center itself so you can review your recommendations directly in security center or you can act and review them in azure advisor inside of the azure portal you can access security center using one of multiple ways the one i prefer the most is using search at the top so you just type sec to find security center and when i open this i will immediately be presented with an overview panel that shows the most important information about my subscription and the protection of the current resources residing in those subscriptions as you see there are currently two azure subscriptions that i have i have 13 active recommendations and three security hours that i should review below that we can see secure score secure score gives you a high level overview of the overall status of your environment so it gives you a virtual points for how secure your environment is the higher the score the more secure your environment is and you should aim as high as possible on the right hand side you have insights insights is a panel that provides you with the most impactful recommendations so the ones that you should probably look at first if we scroll down we will see azure defender panel which is a paid version of azure security center providing with additional capabilities like alerts threat detection vulnerability assessments just-in-time access and many more going further we can see a regulatory compliance panel which gives us recommendations based on the popular compliance standards on the market so you can protect your environments even further and at the bottom we can find last panel which is called inventory this panel gives you a high level overview of your azure resources and their protection status on the left hand side you can also review details of those panels by going to recommendations tab you can see the current recommendation and your secure score for your environment and if you scroll a little bit down you will see what are the current recommendations which by default are sorted based on a potential score increase so the most impactful recommendations will always be at the top in this case as you can see enable mfa which is multi-factor authentication this recommendation tells me that if i will enable mfa for my owner account i will get 18 percent increased score which is about 10 extra points for my secure score and the next recommendation on our list is remediate vulnerabilities in here a vulnerability assessment should be enabled for our virtual machines i can select quick fix to take an immediate action and protect my azure resources i can quickly select my virtual machines and hit remediate to install vulnerability assessment for those virtual machines i can select whether i want to use recommended one or configured a third party assessment if i'm happy with my selection i can select remediate for resources and that's really it in just couple of minutes our virtual machine resources will be protected and the freshness interval will tell us about how often is this recommendations reviewed so we should expect some updates in the next 24 hours so let's go back to security center to review what else does security center provide next panel is called security alerts this panel allows me to review security others generated by security center let's take the last one for example i can see that on 13th there were security alert regarding my web virtual machine in here i can see the details of this particular security alert including the severity severity will tell me how impactful is this alert and how worried should i be in here we can see there were 277 attempts to log into this virtual machine so someone was trying to brute force and try to log into my virtual machines through a remote desktop protocol in this case they use administrator account 35 times 11 times admin account and some other popular names for admin accounts so in simple terms they were just trying to guess your password that's why choosing the right password is critical from your system security standpoint you can also review the attacker's ip if you want you can very easily block it or instead go to take an action tab where you will be presented with set of recommendations to mitigate this thread or prevent future attacks based on the most popular recommendations from microsoft in security center if we go back to security center we can also review inventory tab which gives us the overall health status of our protected resources on our azure subscriptions and also in our on-premise environments if we decided to install security center agents this is just another way of looking at our recommendations from the perspective of specific azure and on-premise resources going further we can review security score so this is the panel which gives us the high level overview of the protection for azure resources and subscriptions additionally you have this regulatory compliance tab where you can see how compliant you are with the most common standards you can review each standard in a separate tab and see what are the recommendations that you should take for your azure environment to match those specific regulatory compliance requirements and azure defender is this paid option which gives you additional security options for your azure environments this is for both infrastructure as a service but also platform as a service here you have those security alerts you have some extra vulnerability assessments for your vms just in time virtual machine access which allows you to lock down your virtual machine and only open the connectivity ports when needed when requested by the user and if i open this panel i can see the status of the currently configured virtual machines in my environment one server called serverwork currently has configured just in time access but in node configure tab i can see all the servers that currently don't have it like the web server which currently has severity impact of high because this is a publicly exposed server with a remote desktop enabled therefore if i want to protect the server i simply select the checkbox next to a web server select enable just in time on one vm select which ports and if i'm happy with the selection hit save and in just couple of seconds just in time access will be enabled for this vm so let's go to web virtual machine from the search bar and open the virtual machine panel in this panel let's select connect and select remote desktop protocol you might notice new section here called source ip and request access this section allows you to request access to this virtual machine through just-in-time access only when you need it you can select few options like selecting only your ip or all configure ips and select request access after just a couple of seconds you will be granted an access and you'll be able to use remote desktop connection to connect to this virtual machine you can download the remote desktop connection file and connect like that or just like we use the remote desktop connection manager and connect like we did in our previous sessions and there should be no surprise here we were able to successfully connect to our server using just in time access i can go back to azure security center one cool thing to note about security centers that if you go to any virtual machines like the one that we access right now called web you can also find security recommendations inside of the security tab on the left hand side those security recommendations again come from azure security center except they are now filtered to this particular web server you can also review those recommendations in advisor recommendations or by going directly to azure advisor and inside of the azure advisor if you go to security those are the exact same recommendations that we've seen in azure security center so azure security center is our centralized a unified security management service for both infrastructure and platform services it is worth noting that it is natively embedded in azure services and it's integrated with azure advisor so you can have this unified experience to see recommendations for your entire azure environment including security there are currently two tiers available for security center first one is free this is often also called azure defender of so disabled azure defender the free version of azure security center is included with all other services and it provides you with continuous assessment security score and some actionable security recommendations so if you are using azure without paying anything you already will get some of the security recommendations for your environment and it doesn't matter if you're using a trial version of azure you still will get access to security center but if the security for environment is very important then you also have paid version which simply is enabled azure defender gives you additional capabilities like hybrid security threat protection hours some extra vulnerability scanning for your virtual machines just in time access for the virtual machines etc etc so there's quite a lot of features that you get from azure defender the pricing there is also pretty flexible because you pay per resource that you enable so you can cherry pick the resources that you want to protect with azure security center and only pay for those all the materials for this episode can be found under episode 26 on my website and we're done with azure security center in the next episode we'll talk about azure key vault one of the best services when it comes to securing our application credentials so make sure not to miss this one out if you like my work support the channel by subscribing liking and commenting if you want to follow to the next episode simply hit icon on the side or follow the playlist and i definitely want to see you there see ya

Info

Channel: Adam Marczak - Azure for Everyone

Views: 59,231

Rating: undefined out of 5

Keywords: Azure Fundamentals, Full Course, az 900, azure, security center

Id: tyztKP9rszU

Channel Id: undefined

Length: 11min 12sec (672 seconds)

Published: Tue Oct 20 2020