Cyber Security on Azure: An IT Professional’s Guide to Microsoft Azure Security Center

Marshall Copeland

Contents at a Glance

■Part I: All Businesses
■Chapter 1: Cybersecurity: How Security Vulnerabilities Affect Your Business
■Chapter 2: Azure Security Center Cost Model
■Part II: Cloud Security Operations
■Chapter 3: Getting Started with Azure Security Center
■Chapter 4: Azure Security Center Configuration
■Chapter 5: Azure Security Center Scenarios
■Chapter 6: Azure Security Center Extensions 
■Appendix A: Troubleshooting and Cyber-Reference
■Appendix B: Know Your Enemy
■Appendix C: Security Frameworks

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 2.00 USD
 217 p
 File Size
 12,351 KB
 File Type
 PDF format
 ISBN-13 (pbk) 
 ISBN-13 (electronic) 
 2017 by Marshall Copeland  

About the Author
Marshall Copeland is a security architect focusing on cloud cybersecurity
services, multifactor authentication (MFA), cryptography, hybrid
cloud network security, and federated services integration. Marshall
obtained his master’s of information assurance degree (MSIA) from
Dakota State University and currently supports Fortune 50 companies
with his security planning and deployment expertise. He previously
worked at Microsoft Corporation and Level 3 Communications; he has
been a security speaker at Microsoft Global Azure Bootcamp, Microsoft
Management Summit, and Microsoft TechReady, and he regularly attends
advanced cybersecurity training from industry-recognized professionals.
Marshall is an active member in the Austin Texas, security community
supporting organizations such as ISSA and OWASP, and he is the founder
of, a site designed to help new IT and transitioning IT
professionals prepare for security careers. Marshall cowrote Microsoft
Azure: Planning, Deploying, and Managing Your Data Center in the Cloud
and Microsoft Office 365 Administration Inside Out.

About the Technical Reviewer
Newton Sheikh is a consultant for cloud and distributed computing with
a focus on Microsoft Azure. He is a .NET developer and a security expert
for infrastructure services running on the cloud. Newton has been writing
code on .NET and for the Web for five years. His interests are mathematics
and algorithms.
Newton enjoys coding, designing, and architecturing solutions for the
Web and the cloud. With a keen interest in game design, he has worked on
multiple platforms, including XNA, Android, and iOS. He loves to try new,
lightweight, and powerful game engines.
Most recently, he has taken up photography as a hobby and loves to
carry his camera on his travels.

First, thank you to Gwenan Spearing, Laura Berendson, and Nancy Chen at Apress for their support in
completing this book. Thank you to the fantastic technical editor, who made sure this book provides a good depth of technical detail and a greater level of accuracy.
Thank you to Microsoft Corporation and the Microsoft Azure team for creating a fantastic global
cloud solution and to the Azure Security Center product team. Thank you to the companies that provide
cybersecurity data resources such as the Microsoft Security Intelligence Report (released twice a year
since 2006), National Vulnerability Database, Verizon Data Breach Investigations Report, IBM-sponsored Ponemon Cost of Data Breach Study, Cisco Annual Security Report, FireEye M-Trends 2017 Annual Security Report, and Georgia Tech Emerging Cyber Threats Report.

Table of Contents
About the Author ........................... xi
About the Technical Reviewer ...................... xiii
Acknowledgments .........................xv
Introduction ..................xvii
■■Part I: All Business
■■Chapter 1: Cybersecurity: How Security Vulnerabilities Affect Your Business ..... 3
Executive Summary ............................... 4
Understanding Attackers’ Motivation .................. 8
Remain Current Through Security Facts ......... 11
Microsoft Security Intelligence Report ............12
Verizon 2017 Data Breach Investigations Report ........ 14
Verizon 2016 Data Breach Investigations Report ..... 16
IBM-Sponsored Ponemon Cost of Data Breach Study ...... 20
Other Annual Security Reports ....22
Steps for a Secure Cloud .... 25
Azure Cloud Networking, Encryption, Data Storage ..... 26
Identity Multifactor Authentication .....26
Software Is a Key Vulnerability ....26
OWASP Top Ten Project .....26
Finding Cloud Blind Spots to Improve Your Network Security Knowledge .... 27
NVD Use with ITIL/Change Management Patching .... 28
Security Responsibility Model ........29
Summary ....... 31
■■Chapter 2: Azure Security Center Cost Model .. 33
Shared Cost Model ........ 34
License Cost of Security Center ....... 37
Azure Cost of Data Storage ........ 39
Quantitative Risk Assessments and Cost-Benefit Analysis ........ 39
Other Considerations (Security Sensitive) ..... 44
Azure Active Directory ....45
Azure Support Plans .......46
Application Gateway .......46
Enterprise Security Architecture ..... 48
Ransomware Lessons Learned ... 50
Summary ......... 52
■■Part II: Cloud Security Operations
■■Chapter 3: Getting Started with Azure Security Center .... 55
Cloud Security Challenges ... 56
Security Center Overview ..... 57
Security Center Placement ..... 58
Preventing an Azure Infrastructure Breach ... 60
Basic Review of Cybersecurity Practices .....61
Establishing or Improving a Cybersecurity Program .....61
Azure Virtual Networking Example ......62
Select an Azure Subscription ....... 64
Navigating Microsoft Azure ....71
Summary ...... 73
■■Chapter 4: Azure Security Center Configuration ....75
Azure Infrastructure Design .... 76
Azure Security Center Pricing Tier .... 83
Standard Tier Advantages ... 85
Advanced Threat Detection ....85
Anomaly Detection .......86
Crash Analysis .....86
Threat Intelligence ......86
Behavioral Analysis ........87
Using Security Center ... 96
Summary ..... 104
■■Chapter 5: Azure Security Center Scenarios ..... 105
Security Health Monitoring ...... 106
Security Recommendations Procedures ...... 109
Prevention Blade ........117
Network Security Groups ....119
Summary ..... 130
■■Chapter 6: Azure Security Center Extensions ...... 131
Security Center Updates ..... 131
Detection and Security Alerts ..... 133
Recommendations ... 142
Next-Generation Firewalls .. 152
Vulnerability Assessment Integration ... 157
Summary .... 164
■■Appendix A: Troubleshooting and Cyber-Reference ... 165
Azure Security Center Diagnostics Troubleshooting ...... 165
Cyber-Reference .... 174
What’s in a Name ......175
Glossary ..... 175
Definitions ........175
Security, Identity, and Cryptography ....176
Attack Method .....177
■■Appendix B: Know Your Enemy .... 179
Professional Education .... 180
Security Risk Landscape ..... 183
Understanding Cybersecurity Attack Details ..... 188
Now to the Why and How Cyber-Attacks Are Achieved .... 189
■■Appendix C: Security Frameworks ... 195
Security Awareness Models ... 195
NIST 800-50 .......195
NIST 800-14 .....196
European Model ........197
Summary .......197
Analysis of Security Strategies and Frameworks ...... 198
Zachman Framework ...198
Sherwood Applied Business Security Architecture (SABSA) ....... 199
The Open Group Architectural Framework (TOGAF) .... 200
Summary ...... 200
Index ....... 203

e-books shop

Cybersecurity for a Cloud Infrastructure
Information technology (IT) is integrated into the fabric of a business, and without business there is
no requirement for IT. In fact, there should not be IT processes without mirror business processes; the
processes are interwoven to support the solid financial growth and sustainability of the business. The same is true for security beyond the traditional IT focus. Cybersecurity specifically pushes security beyond IT processes, procedures, governance, infrastructure design, and authentication. Cybersecurity protection, intrusion detection, intrusion prevention, and cyber-incident response all must also be integrated into the business fabric.
This book is a result of multiple customers of mine requesting guidance and best practices for
cybersecurity as they move into the cloud. Security-focused businesses have invested in on-premises,
layered security to protect their networks, systems, users, and customer data, and now as these businesses move into the cloud, they need to follow a hybrid, layered security approach. This book answers questions such as the following: What security options are available in the cloud for virtual networks, and how can they be audited? As you move virtual machines into cloud virtual subnets, how do you enable intrusion detection? Do you need to ask the board of directors for a budget increase to hire cybersecurity experts?
IT has invested heavily in security standards for the business in a local datacenter; can you extend those
standards and knowledge base to the cloud? The answer to each of these questions is a resounding yes, with Microsoft Azure Security Center.
This book was written for the following types of people:
• Chief information officers (CIOs) and chief information security officers (CISOs)
• IT subject-matter experts (SMEs)
• Cybersecurity teams For CIOs/CISOs, the information in this book builds up trust when moving to the cloud, as follows:
• Trust in your team’s ability to provide detection and protection against cyber-attacks in the cloud
• Trust that security risks are identified and reduced as business services are migrated to the cloud
• Trust that your customers’ data is safe (sometimes safer) in the cloud than on the premises
This book also contains specific information about the total cost of Azure Security Center, cloud storage, and Azure subscriptions in comparison to other solutions. Other financial-related considerations discussed include time and materials for installation, updates, and intrusion detection when evaluating intrusion prevention services (IPSs) and intrusion detection services (IDSs) for use in a hybrid cloud solution from the cybersecurity market.
For IT SMEs, this book provides guided, step-by-step exercises for configuring and using Azure Security Center; it also provides examples of the types of cybersecurity attacks a particular feature is used to protect against. As an SME, you have deep knowledge of virtualization, networking, and infrastructure and can use the information in this book to ramp up quickly on cybersecurity in the cloud. In this book, you’ll learn the boundaries of cybersecurity so you can extend cybersecurity requirements as part of your business and become integrated in the security business process.
For cybersecurity teams, this book improves your security posture by guiding you through the
mitigation of cyber-risk as corporate “targets” move into the cloud. Besides helping you identify security issues, the book provides how-to steps to achieve best-in-class cloud security. This book also gives you new cybersecurity best practices for daily, weekly, and monthly processes to integrate with your other IT and security daily processes that are currently required to comply with National Institute of Standards and Technology (NIST) guidelines. This book guides cybersecurity team members to use cloud computing by addressing the shared responsibility model for cybersecurity that is required in order to maintain compliancy with PCI-DSS, ISO 27001/2, and other mandates.
Microsoft Azure Security Center, generally available in many Azure regions, offers security monitoring
and management for a cloud infrastructure. Using Azure Security Center, you are able to do the following:
• Maintain a holistic view of the cloud resource’s security state
• Control cloud security using business policies
• Review and use automated recommendations
• Monitor security configurations and take corrective action
• Deploy integrated security solutions
• Trend Micro, Barracuda, F5
• Cisco, Fortinet, Check Point
• Receive alerts based on real threats detected, not false positives, using advanced
analytics such as machine learning and behavioral profiling stemming from global
threat intelligence assets that span millions of daily security log events
You can stay current with Azure changes by subscribing to updates at and reading about the changes that affect your company. Stay up to speed with cybersecurity
notifications, such as the WannaCry ransomware, at
Loading... Protection Status