Security

Use Azure Security Center to conduct a security posture assessment


Information security assessments are a critical component of any enterprise infosec program, helping organizations…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

understand potential vulnerabilities in their systems and policies. As more modern workloads move to the cloud and expand the enterprise attack surface, the need for regular information security assessments is greater than ever.

An effective information security assessment will not only help enterprises identify the current state of their network, assets and users on premises and in the cloud, but also provide recommendations for how to improve weak controls and processes. Recent examples, like the WannaCry and Petya ransomware outbreaks, highlighted insecure configurations of many enterprise systems. Had teams conducted an information security assessment to determine which patches to apply and where holes needed plugging, the effects of the ransomware attacks could have been lessened.

There are many tools available to help enterprises conduct information security assessments, including Azure Security Center, Microsoft’s security management system. In this excerpt from Chapter 4 of Microsoft Azure Security Center, Second Edition, published by Pearson Education, authors Yuri Diogenes and Tom Shinder outline how Security Center can be used to perform a security assessment on premises, in the cloud — Azure or other providers — and hybrid environments.

Read on to learn how to calculate your enterprise’s current Secure Score — Microsoft’s measurement of the current security configuration of an organization’s systems. Then, explore how to fine-tune your company’s score to boost the safety and resiliency of your enterprise’s assets.


Secure Score

When working in a cloud environment, monitoring the security state of multiple workloads can be challenging. How do you know if your security posture across all workloads is at the highest-possible level? Are there any security recommendations that you are not meeting? These are hard questions to answer when you don’t have the right visibility and tools to manage the security aspects of your cloud infrastructure.

Azure Secure Score
Figure 4-1. Overall Secure Score of your workloads in Azure

Security Center reviews your security recommendations across all workloads, applies advanced algorithms to determine how critical each recommendation is, and calculates your Secure Score based on them. Secure Score helps you to assess your workload security posture from a single dashboard. You can view the overall Secure Score in the Overview page in Security Center dashboard, as shown in Figure 4-1.

The overall Secure Score shown in the main dashboard is an accumulation of all your recommendation scores. Keep in mind that this score can vary because it reflects the subscription that is currently selected and the resources that belong to that subscription. If you have multiple subscriptions selected, the calculation will be for all subscriptions. The active recommendations on the selected subscription also make this score change. For the example, as shown previously in Figure 4-1, the current Secure Score of this subscription is 397 out of 570. This means that to achieve 570, it is necessary to address all current recommendations. To access more details about your Secure Score, click the Review Your Secure Score option in the Secure Score tile (see Figure 4-2).

Azure Secure Score details
Figure 4-2. Details about your current Secure Score

From this dashboard, you have a better visualization of how your workloads impact your overall Secure Score. The example shown in Figure 4-2 has an interesting breakdown because the Networking workload is fully compliant, but the other workloads are still a long way from being fully compliant. From here on, you can either click on each workload to see the recommendations or click view recommendations on the subscription. For this example, click the View Recommendations option to see all recommendations, as shown in Figure 4-3.

Azure Secure Score recommendations
Figure 4-3. Recommendations that have a direct impact on the Secure Score

The recommendation Secure Score is a calculation based on the ratio between your healthy resources and your total resources. If the number of healthy resources is equal to the total number of resources, you get the maximum Secure Score of 50. To try to get your Secure Score closer to the max score, fix the unhealthy resources by following the recommendations. Notice that each recommendation has its Secure Score Impact; this number allows you to see how much your Secure Score will be impacted once you address this recommendation. For example, if your Secure Score is 50 and the recommendation impact is +5, performing the steps outlined in the recommendation will improve your score to 55.

Fine-tuning your Secure Score

While Secure Score can be utilized to assist your organization in enhancing its security posture, there will be some scenarios in which not all recommendations are applicable to your environment. It is common to have customers asking to fine-tune those recommendations; they ask because there are items they consider to be false positives.

Organizations commonly use a third-party MFA solution for subscription accounts with owner permissions, and the organizations believe they can safely ignore the Enable MFA For Accounts With Owner Permissions On Your Subscription option. However, because the organizations are not addressing this recommendation, there is a 50-point drop in their Secure Score. How can they safely disable this recommendation?

If you are absolutely sure that this recommendation has been addressed by implementing an external factor that is not being taken into consideration by Security Center, you can follow the steps described in Chapter 3, “Policy Management,” to disable the policy that reflects your desired recommendation. For the recommendation described in the previous paragraph, you need to choose Disabled from the Monitor MFA for accounts with owner permissions policy drop-down menu, as shown in Figure 4-4.

Disabling Azure policies
Figure 4-4. Disabling an Azure Policy to reflect a more accurate list of recommendations

Source link

Tags