Professional Documents
Culture Documents
Azure Security Final Presentation
Azure Security Final Presentation
Mohammed Ibrahim
Cloud Solutions Architect
Mohammed Ibrahim
About the speaker Cloud Solutions Architect – Apps &
Infra
Agenda Introductions to Security
Challenges facing most organization
Azure AD security features
Introduction to Microsoft Defender for cloud
Azure Networking Security
Q& A
Break
Live Demo
Smart cities
Vehicles
Sensors
Energy systems
Marketplaces
Equipment Partners
Expanding digital
t estate
Security Operations Team
Citizens
Customers
Supply chains
On-premises
Attacks traverse laterally Security tools are increasingly It’s harder than ever to
across silos and perimeters complex, and poorly integrated find the signal in the noise
into the DevOps cycle
Centralized visibility
and control
Security by design,
Security and efficiency, Automation to
always up-to-date from development to do more with less
security response
©Microsoft Corporation Azure
Modernize and save money–Forrester TEI studies available
Identity Unified security VM & cloud native Certificate Data masking Private
protection management asset protection management & erasure connections
IoT Security
Microsoft + Partners
©Microsoft Corporation Azure
Azure security technology and services
Protect Azure and your entire multi-cloud environment with built-in security, powered by AI
Identity and access management Threat protection Apps & data security Network security
Azure Active Directory Microsoft Sentinel Azure confidential computing Azure Firewall
Your universal platform to manage Intelligent security analytics for your Protect your data and code while in Cloud-native firewall to protect
and secure all your users and data entire enterprise use in the cloud Azure virtual networks
Microsoft Defender for Cloud Microsoft Defender for Cloud Azure dedicated HSM Azure Front Door
Security posture management for Built-in threat protection for Your hardware security module (HSM) Fast, reliable and secure cloud
your multicloud environments multicloud and hybrid workloads in the cloud CDN with threat protection
Azure Bastion
Private and fully managed RDP
and SSH access to your VMs
Ransomware kits
$66 upfront
(or 30% of the profit / affiliate model)
Compromised PCs/devices
PC: $0.13 to $0.89
Mobile: $0.82 to $2.78
Denial of service
$766.67 per month
©Microsoft Corporation Azure
Technolog
y
Azure built-in controls
Defense in depth
Employees
SaaS apps
Frontline workers
Azure Active
Directory
Cloud-hosted apps
Customers
HR user Active
data Directory
©Microsoft Corporation Azure
Role-based access controls
Extend fine-grained access management to cloud resources
Custom
Support Ticket Reader
• Ensure policies are met with alerts, audit reports and access reviews
Windows
Real time Require
Evaluation Cloud SaaS apps
MFA
Engine and APIs
Geo-location
Physical and
virtual location Effective
Corporate network Policies policy Force
Password
reset
88% >80% #1
of organizations no of corporate data is Protecting and
longer have confidence “dark” – it’s not governing sensitive
to detect and prevent classified, protected or data is biggest
loss of sensitive data¹ governed² concern in complying
with regulations
Across
Galactic Empire Confidential – You cannot copy, Galactic Empire Confidential – You cannot copy,
print or export this information in unprotected print or export this information in unprotected
form to droids of any class. form to droids of any class.
Publishing
License +
keys
Microsoft Confidential
Technolog
y
Azure built-in controls
Defense in depth
• Improve your secure score and overall +7% +2% +1% +3% +2%
security posture in minutes
Defense in depth
XDR
©Microsoft Corporation Azure
Gain insights across your
SIEM
entire enterprise
First cloud-native SIEM on a major cloud
Multi-cloud Microsoft Sentinel Partnerships
Cloud native, any data, any entity
platform, with over 9,000 customers
Attack surface
intelligence
On-prem
Azure Arc
Security posture
Secure score Asset management Regulatory compliance
& compliance
Automation &
Automation SIEM integration Export
management at scale
©Microsoft Corporation Azure
Technolog
y
Azure built-in controls
Defense in depth
”
to provide scalable, secure environments for our services.
Signal puts users first, and Azure helps us stay at the forefront
of data protection with confidential computing.
Protect against
Jim O'Leary
VP of Engineering
Malicious Hackers Third parties
privileged admins exploiting bugs in accessing data without
or insiders the Hypervisor/OS customer consent
Defense in depth
A logical isolation of An isolated and highly Enforce and control Create and enforce
environment for all secure environment to network traffic security connectivity policies
resources run your virtual rules that allow or deny using application and
machines and inbound/outbound network level filtering
applications traffic rules
Secure your network infrastructure and application delivery
Reduce risk of security breach by 30 percent
1 2 3 4 5
Azure global Adaptive Attack analytics DDoS Rapid SLA guarantee and
network tuning and metrics Response (DRR) cost protection
Azure DDoS
Web Application 1
Adaptive
Azure Firewall Azure WAF Tuning Web Application 2
Engine
Centralized logging
Archive logs to a storage account, stream events to Azure to on-prem
your Event Hub, or send them to Log Analytics or Security traffic filtering
SQLi/XSS attack
Cloud native protection
Highly available, scalable, customizable, easy to deploy and WAF
Azure App
manage. Pay only for what you use Service
Valid request
Best Practice OWASP Top 10
Build apps robust to common threats by default.
Azure Kubernetes
Crawler/Scraper L7 LB Service
Microsoft Threat Intelligence
Protect apps against bad actors / bots using our vast threat
intelligence dataset
On-Premises
Newly added good/bad/unknown classifications to WAF at
Edge Application Gateway & WAF