Unable to start Azure ATP Service

Take in consideration a scenario where you deployed Azure ATP, and after the service has worked for some time, one day the service Azure Advanced Threat Protection Sensor keeps on Starting, and after some time it quits (doesn’t show any status), it comes back to Starting, and keeps on this loop. If you go to…


Exploring Microsoft Antimalware Alert in Azure Security Center

Azure Security Center leverages Microsoft Antimalware engine to trigger antimalware related alerts such as the one shown below: While this alert brings awareness about the current threat status, which in this case it was remediated, sometimes you want to know more information about the threat itself (threat name, process, etc). You can use the Search…


Using Azure Monitor to send an Email Notification for Azure Security Center Alerts

Azure Security Center allows you to provide a security contact that will receive email notifications for Security Alerts, keep in mind that these notification will be sent only on the first daily occurrence of a high severity alert. You can read Provide security contact details in Azure Security Center for more information on how to…


Recap of Microsoft Inspire + Ready

Last week I had the opportunity to attend Microsoft Inspire and Ready in Las Vegas. It was great to meet Microsoft Partners at the Azure Security booth, where I was primarily demoing Azure Security Center. Below the top five questions that I received: 1) Where my customer can learn more about Azure Security Center and…


Azure Essentials

What if you had a place where you could quickly learn more about Azure Security, track your learning progress and master the skills you need for your role? Well, now you have this place, is called Azure Essentials (https://www.microsoft.com/en-us/azureessentials). The reason I said Azure Security, is because you can filter the topic for security and…


New Azure Security Center Dashboard

Today we released the new Azure Security Center dashboard, and in the video below I present a quick overview of what’s new in this dashboard: For more information about the new dashboard, read the articles below: For the Overview dashboard, read What is Azure Security Center? For the Identity & Access dashboard, read Monitor identity and access…


File Integrity Monitoring in Azure Security Center

Following the previous posts about new Azure Security Center capabilities that we released at RSA Conference, this one is about File Integrity Monitoring (FIM), which is available in public preview. This capability helps to protect the integrity of your system and applications as Security Center will be continuously monitoring the behavior of your registry and configuration…


Azure Security Center Integration with Windows Defender Advanced Threat Protection for Servers

At RSA Security Conference this year we announced that Security Center now harnesses the power of WDATP to provide improved threat detection for Windows Servers (this integration is currently in preview). When this integration is enabled you will be able to see more details from the endpoint perspective. You will still start your investigation using Security…


Enhance your Cybersecurity Posture to Handle Current Threats

Last January, Erdal Ozkaya and I released a new book called Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics. As part of the book’s promotion, we delivered a webinar to Packt about some of the topics that we cover in this book. Now you can watch the first 30…


Leveraging Azure Security Center Capabilities in a PCI DSS Compliant Environment

It is important to start this conversation by saying that PCI DSS encompasses more than Azure Security Center, however Security Center plays a key role on that, as described in the architecture diagram from Azure Security and Compliance Blueprint – PCI DSS-compliant Payment Processing environments article, shown below: Image extracted from this article The first…