do you want to know about what is Microsoft Sentinel.pdf
amilsaifi5
36 views
73 slides
Jun 08, 2024
Slide 1 of 73
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
About This Presentation
This is About Microsoft security
Slide Content
Security
Security
Activity Logs–Here you get information onall of the control plane activities.
Azure Resource logs–Here you can get insights on the operations performed on the resource itself.
Azure Active Directoryreports–Here you can get information on the sign-in activity and other aspects when it
comes to Azure Active Directory.
Activity Logs–Here you get information onall of the control plane activities.
Azure Resource logs–Here you can get insights on the operations performed on the resource itself.
Azure Active Directoryreports–Here you can get information on the sign-in activity and other aspects when it
comes to Azure Active Directory.
Security
Virtual Machines –You can get thelogs from the underlying Windows and Linux virtual machines.
Azure StorageAnalytics –This can provide insightsonto the requests made to storage accounts.
Network Security Group flow–You can get information about the inbound and outbound flows via the Network
Security Groups.
Virtual Machines –You can get thelogs from the underlying Windows and Linux virtual machines.
Azure StorageAnalytics –This can provide insightsonto the requests made to storage accounts.
Network Security Group flow–You can get information about the inbound and outbound flows via the Network
Security Groups.
Microsoft Sentinel
Threat protection
Threat protection
This is a cloud service that provides a solution for SEIM ( Security Information Event Management) and SOAR (
Security Orchestration Automated Response)
Microsoft Sentinel
This provides a solution that helps in the following
Collection of data –Here you can collect data across all users, devices, applications and your infrastructure. The
infrastructure could be located on-premise and on the cloud.
It helps to detect undetected threats.
Security Orchestration Automated Response)
Microsoft Sentinel
This provides a solution that helps in the following
Collection of data –Here you can collect data across all users, devices, applications and your infrastructure. The
infrastructure could be located on-premise and on the cloud.
It helps to detect undetected threats.
It helps to hunt for suspicious activities at scale.
Microsoft Sentinel
It helps to respond to incident rapidly.
Once you start using Microsoft Sentinel, you can start collecting data using a variety of connectors.
You have connectors for a variety of Microsoft products and other third-party products as well.
You can then use in-built workbooks to get more insights on the collected data.
Microsoft Sentinel
It helps to respond to incident rapidly.
Once you start using Microsoft Sentinel, you can start collecting data using a variety of connectors.
You have connectors for a variety of Microsoft products and other third-party products as well.
You can then use in-built workbooks to get more insights on the collected data.
Visibility
32K
Microsoft Sentinel
Microsoft Sentinel
AnalyticsHunting Incidents
Automation
Microsoft Sentinel
32K
Microsoft Sentinel
Microsoft Sentinel
AnalyticsHunting Incidents
Automation
Microsoft Sentinel
Workbooks
Security
Here you can visualize andmonitor the data.
You can use the in-builtworkbooks available in Microsoft Sentinel.
You can createyour own workbooks.
Here you can visualize andmonitor the data.
You can use the in-builtworkbooks available in Microsoft Sentinel.
You can createyour own workbooks.
Sentinel
1 3
4
2
In addition to being a SIEM
Solution (SecurityInformation and
Event Management), its also a
SOAR Solution(Security
Orchestration, Automation and
Response)
Microsoft Sentinel Automation
c
You can useAutomation
rules that help to centrally manage the automation of how incidents are managed.
A playbook is a collection of response and remediation actions. This can be used to orchestrate your threat response.
Playbooks make use of Azure LogicApps as a
workflow solution.
Security
SOAR Solution
Rules
Playbook
Logic Apps
4
2
In addition to being a SIEM
Solution (SecurityInformation and
Event Management), its also a
SOAR Solution(Security
Orchestration, Automation and
Response)
Microsoft Sentinel Automation
c
You can useAutomation
rules that help to centrally manage the automation of how incidents are managed.
A playbook is a collection of response and remediation actions. This can be used to orchestrate your threat response.
Playbooks make use of Azure LogicApps as a
workflow solution.
Security
SOAR Solution
Rules
Playbook
Logic Apps
Vulnerability
With Microsoft Defender forCloud plans, you can deploy a vulnerability
assessment solution to your virtual machines.
Vulnerability
c
Vulnerability
You can deploy Microsoft Defender for Endpointwhich is supported for Azure
virtual machines and Azure Arc-enabled machines.
This helps to discovervulnerabilities and misconfigurations in real time. Here
there is no need of agents or periodic scans.
assessment solution to your virtual machines.
Vulnerability
c
Vulnerability
You can deploy Microsoft Defender for Endpointwhich is supported for Azure
virtual machines and Azure Arc-enabled machines.
This helps to discovervulnerabilities and misconfigurations in real time. Here
there is no need of agents or periodic scans.
With Microsoft Defender forCloud plans, you can also opt to deploy the
Qualys scanner.
Vulnerability
c
Vulnerability
Here you don’t need a separate Qualys license oraccount.
This is also supportedon Azure virtualmachines and Azure Arc-enable
servers.
Qualys scanner.
Vulnerability
c
Vulnerability
Here you don’t need a separate Qualys license oraccount.
This is also supportedon Azure virtualmachines and Azure Arc-enable
servers.
An extension to the Azure virtual machine will bedeployed when you opt to
deploy the vulnerability assessment solution.
Vulnerability
c
Vulnerability
The scanningbegins automatically as soon as the extension is installed
successfully when it comes to the Qualys scanner.
For the Qualys scanner, the scan is thenrun every 12 hours.
deploy the vulnerability assessment solution.
Vulnerability
c
Vulnerability
The scanningbegins automatically as soon as the extension is installed
successfully when it comes to the Qualys scanner.
For the Qualys scanner, the scan is thenrun every 12 hours.
Workload
1 3
4
2
Examines operating system
files, Windowsregistries,
application software, Linux
system files.
File Integrity Monitoring
c
The Log Analyticsagent
sends data reporting the state of items on the machine.
You can also mention which
files and folders to monitor.
You can alsoconnect your
machines in your AWS cloud environments.
Workload Protection
Detectchanges
Change Tracking
Files
Cloud
4
2
Examines operating system
files, Windowsregistries,
application software, Linux
system files.
File Integrity Monitoring
c
The Log Analyticsagent
sends data reporting the state of items on the machine.
You can also mention which
files and folders to monitor.
You can alsoconnect your
machines in your AWS cloud environments.
Workload Protection
Detectchanges
Change Tracking
Files
Cloud
1 3
4
2
This is an intelligent and
automatedsolution that
can be used to define an
allow list of known-safe
applications.
Adaptive Application Controls
c
This then helpsto identify
any sort of potential malware, outdated or unauthorized applications.
Applications can be segregated into groups if they run the similar types of applications.
You can definerules to
configure how applications are managed when it comes
to Adaptiveapplication
controls.
Workload Protection
Applications
Identify
Groups
Rules
4
2
This is an intelligent and
automatedsolution that
can be used to define an
allow list of known-safe
applications.
Adaptive Application Controls
c
This then helpsto identify
any sort of potential malware, outdated or unauthorized applications.
Applications can be segregated into groups if they run the similar types of applications.
You can definerules to
configure how applications are managed when it comes
to Adaptiveapplication
controls.
Workload Protection
Applications
Identify
Groups
Rules
1 3
4
2
It helps to harden the
Network Security Group
rules.
Network hardening
c
It usesinternal machine
learning algorithms to provide indicators on how to harden the Network
Security Groups.
Some of the requirements
to enable this feature on
VM’s –Microsoft Defender
for servers, 30 days of
traffic data.
You get alertsif traffic
flowing via the resource is
not within the defined IP
range.
Workload Protection
Network Security Groups
Identification
Requirement
Alerts
4
2
It helps to harden the
Network Security Group
rules.
Network hardening
c
It usesinternal machine
learning algorithms to provide indicators on how to harden the Network
Security Groups.
Some of the requirements
to enable this feature on
VM’s –Microsoft Defender
for servers, 30 days of
traffic data.
You get alertsif traffic
flowing via the resource is
not within the defined IP
range.
Workload Protection
Network Security Groups
Identification
Requirement
Alerts
Entitlement
Entitlement
Helps to efficiently manage access to groups,
applications and SharePoint Online Sites.
Here the access can be granted for internal
and external users.
c
Entitlement management
Helps to efficiently manage access to groups,
applications and SharePoint Online Sites.
Here the access can be granted for internal
and external users.
c
Entitlement management
1 3
4
2
Membership to an Azure AD
Security Group
Access Package
c
Membership to Microsoft
365 Groups and Teams
Assignment to Azure AD
Enterprise applications
Membership to SharePoint
Online Sites
This is a bundle of all resources which the user would need access to
Entitlement management
4
2
Membership to an Azure AD
Security Group
Access Package
c
Membership to Microsoft
365 Groups and Teams
Assignment to Azure AD
Enterprise applications
Membership to SharePoint
Online Sites
This is a bundle of all resources which the user would need access to
Entitlement management
1 3
4
2
Required for members who
request for an access
package
Access Package
c
Required for members who
approve requests for an
access package
Required for members who
review assignments for an
access package
Required for members who
have direct assignment to
an access package
License requirement –Azure AD Premium P2 licenses
Entitlement management
4
2
Required for members who
request for an access
package
Access Package
c
Required for members who
approve requests for an
access package
Required for members who
review assignments for an
access package
Required for members who
have direct assignment to
an access package
License requirement –Azure AD Premium P2 licenses
Entitlement management
Identity
Identity
Has the ability to automatically detect
and remediate identity-based risks
LEARN NOW
c
Identity Protection
Uses its own threat intelligence to understand identity-based risks
Has the ability to automatically detect
and remediate identity-based risks
LEARN NOW
c
Identity Protection
Uses its own threat intelligence to understand identity-based risks
Anonymous IP Address
Anonymous IP address – The
user is not signing in from a
typical IP address
Leaked credentials
This detects if the users'
credentials have been leaked
Risks
The different risks
c
User-risk
Sign-in
risk
Sign-in
risk
Sign-in
risk
Sign-in
risk
Sign-in
riskAtypical travel
Here sign- ins are happening
from different geographic
locations
Malware
Here the user’s device could
be infected with a malware
Password spray
Someone is trying out
different passwords
Unfamiliar sign-in properties
Not the typical behavior the
user sign ins
Identity Protection
Anonymous IP address – The
user is not signing in from a
typical IP address
Leaked credentials
This detects if the users'
credentials have been leaked
Risks
The different risks
c
User-risk
Sign-in
risk
Sign-in
risk
Sign-in
risk
Sign-in
risk
Sign-in
riskAtypical travel
Here sign- ins are happening
from different geographic
locations
Malware
Here the user’s device could
be infected with a malware
Password spray
Someone is trying out
different passwords
Unfamiliar sign-in properties
Not the typical behavior the
user sign ins
Identity Protection
Privileged
Control and manage
access to key resources.
Here you can control
access to resources in
Azure AD, Azure and
Microsoft 365.
Here you can ensure
that a user only gets
access when required.
1
2
3
Control
Scope
Requirement
Privileged
c
Privileged Identity Management
access to key resources.
Here you can control
access to resources in
Azure AD, Azure and
Microsoft 365.
Here you can ensure
that a user only gets
access when required.
1
2
3
Control
Scope
Requirement
Privileged
c
Privileged Identity Management
Timebound
Multi- Factor
Authentication
Approval
Just-in-time
Here you can provide privileged
access to resources whenever they
are required
Just-in-time
You can mention start and end dates
for the access.
Time-bound
Increased level of authentication to
activate a role.
Multi-Factor Authentication
You can ensure approval is required
for any role.
Approval
Privileged Identity Management
c
Privileged Identity Management
Multi- Factor
Authentication
Approval
Just-in-time
Here you can provide privileged
access to resources whenever they
are required
Just-in-time
You can mention start and end dates
for the access.
Time-bound
Increased level of authentication to
activate a role.
Multi-Factor Authentication
You can ensure approval is required
for any role.
Approval
Privileged Identity Management
c
Privileged Identity Management
License
You need to have Azure AD Premium P2
licenses
LEARN NOW
c
Privileged Identity Management
You need to have Azure AD Premium P2
licenses
LEARN NOW
c
Privileged Identity Management
Conditional
1 3
4
2
Here you can defineconditions
based on which you want to give
access to users for a resource.
Azure AD Conditional Access
c
You can make use of different signals for the conditions–User and their
location, device they are
logging from, the
Application , real-time risk.
Based on the conditionyou
can decide whether the
user should be allowed
access , blocked access or
they require the user of
MFA.
These rules are enforced
after the first- factor
authentication is complete.
Security
Conditions
Signals
Access
Enforced
4
2
Here you can defineconditions
based on which you want to give
access to users for a resource.
Azure AD Conditional Access
c
You can make use of different signals for the conditions–User and their
location, device they are
logging from, the
Application , real-time risk.
Based on the conditionyou
can decide whether the
user should be allowed
access , blocked access or
they require the user of
MFA.
These rules are enforced
after the first- factor
authentication is complete.
Security
Conditions
Signals
Access
Enforced
Security
This feature requires the use of Azure AD Premium P1 license.
To make use of Risk-based policies from withinIdentity Protection, you need to have Azure AD Premium P2
licenses in place.
This feature requires the use of Azure AD Premium P1 license.
To make use of Risk-based policies from withinIdentity Protection, you need to have Azure AD Premium P2
licenses in place.
Azure
1 3
4
2
This provides a business-to-
customer identityas a service.
Azure Active Directory B2C
c
Here customerscan sign-
into applications using their
social identities, enterprise ,
or local account identities.
Normallyused when
business want to
authenticate their end users
to their web/mobile
applications.
Uses the standards when it
comes to authentication
protocols –OpenID
Connect, OAuth 2.0.
Security
Service
Sign-in
Purpose
Standards
4
2
This provides a business-to-
customer identityas a service.
Azure Active Directory B2C
c
Here customerscan sign-
into applications using their
social identities, enterprise ,
or local account identities.
Normallyused when
business want to
authenticate their end users
to their web/mobile
applications.
Uses the standards when it
comes to authentication
protocols –OpenID
Connect, OAuth 2.0.
Security
Service
Sign-in
Purpose
Standards
Microsoft
1 3
4
2
This is a CloudSecurity Posture and
Cloud Workload Protection
Platform. You can monitor Azure
resources, Amazon Web services
resources and on-premises
resource.
Microsoft Defender for Cloud
c
Itcontinually assesses the
security posture of your resources. It generates a secure score based on the
assessment.
You get recommendations
on howto improve the
security of your resources.
It can also detectand
resolve threats to resources
and services.
Security
Purpose
Secure Score
Recommendations
Threats
4
2
This is a CloudSecurity Posture and
Cloud Workload Protection
Platform. You can monitor Azure
resources, Amazon Web services
resources and on-premises
resource.
Microsoft Defender for Cloud
c
Itcontinually assesses the
security posture of your resources. It generates a secure score based on the
assessment.
You get recommendations
on howto improve the
security of your resources.
It can also detectand
resolve threats to resources
and services.
Security
Purpose
Secure Score
Recommendations
Threats
Security
When it comes to Azure virtual machines, this service will automatically deploy the Log Analytics agent to the
virtual machines.
The agent will continuously send information the workspace. And then Microsoft Defender for Cloud will analyze
the data.
For on-premises servers,Microsoft Defender for Cloud will make use of the Azure Arc service.
If you have connectedyour Amazon Web services account to an Azure subscription, you can protect resources in
that account as well.
When it comes to Azure virtual machines, this service will automatically deploy the Log Analytics agent to the
virtual machines.
The agent will continuously send information the workspace. And then Microsoft Defender for Cloud will analyze
the data.
For on-premises servers,Microsoft Defender for Cloud will make use of the Azure Arc service.
If you have connectedyour Amazon Web services account to an Azure subscription, you can protect resources in
that account as well.
Security
It always good to have a benchmark or baseline to see how the security of your resources align with that
benchmark.
Microsoft has the Azure Securitybenchmark that provides the best practices and recommendations for securing
workloads.
The benchmark coversdifferent domains such as Network security, Identity Management, Data protection.
If you have connectedyour Amazon Web services account to an Azure subscription, you can protect resources in
that account as well.
It always good to have a benchmark or baseline to see how the security of your resources align with that
benchmark.
Microsoft has the Azure Securitybenchmark that provides the best practices and recommendations for securing
workloads.
The benchmark coversdifferent domains such as Network security, Identity Management, Data protection.
If you have connectedyour Amazon Web services account to an Azure subscription, you can protect resources in
that account as well.
Security
There is the free plan that is enabled for all Azure subscriptions.
Here you get the secure score, be able to apply the security policyand get basic recommendations.
There is the free plan that is enabled for all Azure subscriptions.
Here you get the secure score, be able to apply the security policyand get basic recommendations.
Security
And then you have the Enhanced or Paid version. You can use a 30-day free trial.
This gives your furtherprotection to your resources.
You get MicrosoftDefender for Endpoint – This provides endpoint detection and response (EDR).
You can carry out vulnerability assessment for virtual machines, SQL resources and container registries.
You canprotect your resources in Amazon Web Services and Google Cloud Platform.
And then you have the Enhanced or Paid version. You can use a 30-day free trial.
This gives your furtherprotection to your resources.
You get MicrosoftDefender for Endpoint – This provides endpoint detection and response (EDR).
You can carry out vulnerability assessment for virtual machines, SQL resources and container registries.
You canprotect your resources in Amazon Web Services and Google Cloud Platform.
Microsoft
Security
Microsoft Defender for servers can help protect your Windows and Linux machines in Azure, AWS, GCP and on-
premises.
You get two optionswhen it comes to plans. There is Defender for Servers Plan 2 that gives a lot features.
Here you get features such as Integrated vulnerability assessments,threat detection etc.
Microsoft Defender for servers can help protect your Windows and Linux machines in Azure, AWS, GCP and on-
premises.
You get two optionswhen it comes to plans. There is Defender for Servers Plan 2 that gives a lot features.
Here you get features such as Integrated vulnerability assessments,threat detection etc.
Security
Auto-provisioning feature
Here MicrosoftDefender for Cloud willautomatically install an agent on the Azure virtual machines.
The agent willsend data to a log analytics workspace.
The data collected in the workspace will provide visibility into missing updates, any sort of misconfiguredOS
security settings, look at the endpoint protection status.
Auto-provisioning feature
Here MicrosoftDefender for Cloud willautomatically install an agent on the Azure virtual machines.
The agent willsend data to a log analytics workspace.
The data collected in the workspace will provide visibility into missing updates, any sort of misconfiguredOS
security settings, look at the endpoint protection status.
Regulatory
1 3
4
2
Here MicrosoftDefender for Cloud
will compare the configuration of
your resources against industry
standards, regulations and
benchmarks.
Regulatory Compliance
c
By default, an Azure subscriptionwill have the
Azure Security Benchmark assigned.
You have other standards available as well. You can make
use of the standards but you need to have the Defender for Cloud enhanced security features.
You can assignthe different
standards to the dashboard.
Security
Compliance
Benchmark
Standards
Dashboard
4
2
Here MicrosoftDefender for Cloud
will compare the configuration of
your resources against industry
standards, regulations and
benchmarks.
Regulatory Compliance
c
By default, an Azure subscriptionwill have the
Azure Security Benchmark assigned.
You have other standards available as well. You can make
use of the standards but you need to have the Defender for Cloud enhanced security features.
You can assignthe different
standards to the dashboard.
Security
Compliance
Benchmark
Standards
Dashboard
Microsoft Defender for containers
You have Microsoft Defender for containers.
Security
This can perform a vulnerability scan of images in Azure Container registry.
When a new image is pushed to the registry, a scan will be performed.
Also, weekly scans of any images pulled in the last 30 days are also conducted.
Security
This can perform a vulnerability scan of images in Azure Container registry.
When a new image is pushed to the registry, a scan will be performed.
Also, weekly scans of any images pulled in the last 30 days are also conducted.
You also get threat protection for your Azure Kubernetes clusters.
Security
Here the Defender agent performs analysis of Kubernetes audit logs.
This can detect activities such as creation of high-privileged roles or the creation of sensitive mounts.
Security
Here the Defender agent performs analysis of Kubernetes audit logs.
This can detect activities such as creation of high-privileged roles or the creation of sensitive mounts.
Azure Blueprints
1 3
4
2
Role assignments –If you
need specific roles to be
assigned.
Azure Blueprints
c
Azure Blueprints
Policy assignments –This is
if you need specific policies
to be applied.
Resource groups –If you
need certain resource
groups to be in place.
Azure Resource Manager
templates –If there are
resources that need to be
deployed.
4
2
Role assignments –If you
need specific roles to be
assigned.
Azure Blueprints
c
Azure Blueprints
Policy assignments –This is
if you need specific policies
to be applied.
Resource groups –If you
need certain resource
groups to be in place.
Azure Resource Manager
templates –If there are
resources that need to be
deployed.
Definition–Here you define the Blueprint itself. The Blueprint needs to be saved to either a management group
or a subscription.
Azure Blueprints
When you save the Blueprint to a management group, the Blueprint can be assigned to any subscription which is
part of the management group.
To save the Blueprint definition, you need to have Contributor access to either the management group or the
subscription.
or a subscription.
Azure Blueprints
When you save the Blueprint to a management group, the Blueprint can be assigned to any subscription which is
part of the management group.
To save the Blueprint definition, you need to have Contributor access to either the management group or the
subscription.
Publishing–Once the Blueprint is defined, you can publish it. Here you can assign a version number for the
Blueprint.
Azure Blueprints
Assignment–Here the Blueprint is then assigned to a subscription.
You can protect resources deployed via the Blueprint resource locks.
Here even if there is a user with the Owner role, still the user will not be able to remove the lock.
You can only remove the lock by unassigning the blueprint.
Blueprint.
Azure Blueprints
Assignment–Here the Blueprint is then assigned to a subscription.
You can protect resources deployed via the Blueprint resource locks.
Here even if there is a user with the Owner role, still the user will not be able to remove the lock.
You can only remove the lock by unassigning the blueprint.
Protecting
Security
Domain Controllers should be protected with Trusted Platform Module chips.
The volumes on the domain controller servers need to be protected via BitLockerDrive Encryption.
Domain Controllersshould allow connections only from authorized users and systems.
This can be impl ementedvia the use of Group Policy Objects.
Domain Controllers should be protected with Trusted Platform Module chips.
The volumes on the domain controller servers need to be protected via BitLockerDrive Encryption.
Domain Controllersshould allow connections only from authorized users and systems.
This can be impl ementedvia the use of Group Policy Objects.
Security
Manage the updates for the domain controllers.
Microsoft Defender for Identitycan be used to monitor domain controllers.
MicrosoftDefender for Identity can capture the network traffic , correlate with Windows events and analyze for
any threats.
Manage the updates for the domain controllers.
Microsoft Defender for Identitycan be used to monitor domain controllers.
MicrosoftDefender for Identity can capture the network traffic , correlate with Windows events and analyze for
any threats.
Microsoft 365
1 3
4
2
It helps to protectyour endpoints.
It can provide an automated
response and investigation. Also,
has Vulnerability Management.
Microsoft 365 Defender
c
Safeguardsagainst
malicious threats when it
comes to email messages,
links etc.
Helps to protect your
identities defined in your
on-premises Active
Directory.
Helps tobring visibility and
controls onto the usage of
other cloud applications.
Security
Defender for Endpoint
Defender for Office365
Defender for Identity
Defender for CloudApps
4
2
It helps to protectyour endpoints.
It can provide an automated
response and investigation. Also,
has Vulnerability Management.
Microsoft 365 Defender
c
Safeguardsagainst
malicious threats when it
comes to email messages,
links etc.
Helps to protect your
identities defined in your
on-premises Active
Directory.
Helps tobring visibility and
controls onto the usage of
other cloud applications.
Security
Defender for Endpoint
Defender for Office365
Defender for Identity
Defender for CloudApps
Protecting data
Once attackers gain access to your network, they can also get access to your data.
Security
A hacker would first use an account with elevated privileges to gain access to data.
The hacker could then copy data across the network to another location.
Or the hacker could simply delete the data.
Security
A hacker would first use an account with elevated privileges to gain access to data.
The hacker could then copy data across the network to another location.
Or the hacker could simply delete the data.
Azure SQL Database
Security
Implement dynamic data masking to limit the exposure of sensitive data.
Ensure that database columns that store sensitive data are encrypted.
Enable database-level encryption.
Security
Implement dynamic data masking to limit the exposure of sensitive data.
Ensure that database columns that store sensitive data are encrypted.
Enable database-level encryption.
Other data stores
Security
Azure Virtual Machine Disks –Enable Azure Disk Encryption
Azure Storage Accounts –Azure Storage Service Encryption
Encryption of data in Azure Cosmos DB
Security
Azure Virtual Machine Disks –Enable Azure Disk Encryption
Azure Storage Accounts –Azure Storage Service Encryption
Encryption of data in Azure Cosmos DB
Data Masking
Here the data in the database table can be limited in its exposure to non-privileged users.
Data Masking
You can create a rule that can mask the data.
Based on the rule you can decide on the amount of data to expose to the user.
Data Masking
You can create a rule that can mask the data.
Based on the rule you can decide on the amount of data to expose to the user.
There are different masking rules
Data Masking
Credit Card masking rule –This is used to mask the column that contain credit card details. Here only the last
four digits of the field are exposed.
Email –Here first letter of the email address is exposed. And the domain name of the email address is replaced
with XXX.com.
Custom text-Here you decide which characters to expose for a field.
Random number-Here you can generate a random number for the field.
Data Masking
Credit Card masking rule –This is used to mask the column that contain credit card details. Here only the last
four digits of the field are exposed.
Email –Here first letter of the email address is exposed. And the domain name of the email address is replaced
with XXX.com.
Custom text-Here you decide which characters to expose for a field.
Random number-Here you can generate a random number for the field.
Auditing
You can enable auditing for an Azure SQL database and also for Azure Synapse Analytics.
Auditing
This feature can be used to track database events and write them to an audit log.
The logs can be stored in an Azure storage account, Log Analytics workspace or Azure Event Hubs.
This helps in regulatory compliance. It helps to gain insights on any anomalies when it comes to database activities.
Auditing can be enabled at the database or server level.
If it is applied at the server level, then it will be applied to all of the databases that reside on the server.
Auditing
This feature can be used to track database events and write them to an audit log.
The logs can be stored in an Azure storage account, Log Analytics workspace or Azure Event Hubs.
This helps in regulatory compliance. It helps to gain insights on any anomalies when it comes to database activities.
Auditing can be enabled at the database or server level.
If it is applied at the server level, then it will be applied to all of the databases that reside on the server.
Data classification
The Azure SQL database and Azure Synapse service have the capabilities of Data Discovery and Classification.
Security
This service can scan the database and identify columns that contain potentially sensitive data.
You can also apply sensitive-classification labels to certain columns.
Security
This service can scan the database and identify columns that contain potentially sensitive data.
You can also apply sensitive-classification labels to certain columns.
Azure SQL Database Encryption
This feature is used to encrypt the data at rest.
Security
It carries out the real- time encryption and decryption of the database , its backups and transaction log files.
This is enabled by default on all new Azure SQL databases.
Security
It carries out the real- time encryption and decryption of the database , its backups and transaction log files.
This is enabled by default on all new Azure SQL databases.
The Always Encrypted Feature can be used to encrypt data at rest and in motion.
You can encrypt multiple columns located in different tables.
You can encrypt multiple columns located in the same table.
You can just encrypt one specific column.
Security
You can encrypt multiple columns located in different tables.
You can encrypt multiple columns located in the same table.
You can just encrypt one specific column.
Security
You have 2 types of encryption
Deterministic encryption–Here the same encrypted value is generated for any given plain text value. This is less
secure. But it allows for point lookups , equality joins, grouping and indexing on encrypted columns.
Randomized encryption–This is the most secure encryption method. But it prevents the searching, grouping ,
indexing and joining on encrypted columns.
Security
Deterministic encryption–Here the same encrypted value is generated for any given plain text value. This is less
secure. But it allows for point lookups , equality joins, grouping and indexing on encrypted columns.
Randomized encryption–This is the most secure encryption method. But it prevents the searching, grouping ,
indexing and joining on encrypted columns.
Security
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 36
- Slides 73
- Age 548 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
35 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
38 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
34 views
14
Fertility awareness methods for women in the society
Isaiah47
31 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
30 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
31 views