Exploring Microsoft Antimalware Alert in Azure Security Center

Azure Security Center leverages Microsoft Antimalware engine to trigger antimalware related alerts such as the one shown below: While this alert brings awareness about the current threat status, which in this case it was remediated, sometimes you want to know more information about the threat itself (threat name, process, etc). You can use the Search…


Using Azure Monitor to send an Email Notification for Azure Security Center Alerts

Azure Security Center allows you to provide a security contact that will receive email notifications for Security Alerts, keep in mind that these notification will be sent only on the first daily occurrence of a high severity alert. You can read Provide security contact details in Azure Security Center for more information on how to…


Recap of Microsoft Inspire + Ready

Last week I had the opportunity to attend Microsoft Inspire and Ready in Las Vegas. It was great to meet Microsoft Partners at the Azure Security booth, where I was primarily demoing Azure Security Center. Below the top five questions that I received: 1) Where my customer can learn more about Azure Security Center and…


Azure Essentials

What if you had a place where you could quickly learn more about Azure Security, track your learning progress and master the skills you need for your role? Well, now you have this place, is called Azure Essentials (https://www.microsoft.com/en-us/azureessentials). The reason I said Azure Security, is because you can filter the topic for security and…


New Azure Security Center Dashboard

Today we released the new Azure Security Center dashboard, and in the video below I present a quick overview of what’s new in this dashboard: For more information about the new dashboard, read the articles below: For the Overview dashboard, read What is Azure Security Center? For the Identity & Access dashboard, read Monitor identity and access…


Azure Security Center Integration with Windows Defender Advanced Threat Protection for Servers

At RSA Security Conference this year we announced that Security Center now harnesses the power of WDATP to provide improved threat detection for Windows Servers (this integration is currently in preview). When this integration is enabled you will be able to see more details from the endpoint perspective. You will still start your investigation using Security…


Integrated Security Configuration for your Azure VM

Last week I wrote about the new Azure Security Center Network Map, today I want to talk about the new integrated security configuration experience for Azure VMs, which was also something that we announced at RSA Conference. With this new experience, you can see all recommendations for a particular VM, directly from the VM’s properties…


Going beyond the signature with behavior analytics in Azure Security Center

One of the benefits of using Azure Security Center as your cloud workload protection is the capability to quickly detect threats in your environment based on known patterns. This is not only about matching signatures but going beyond that by understanding the common techniques used by threat actors. By using behavioral analytics, Security Center analyzes…


Detecting Suspicious PowerShell Activity in Azure Security Center

Adversaries may use PowerShell scripts as a defense evasion technique, or to establish persistence. The use of PowerShell to attack systems is not new, it was successfully leveraged in many different attack campaigns in the past, and it is still a growing trend. For this reason is important to follow some core principals to protect…


Considerations Regarding Azure Security Center Adoption

One common question that I receive from customers is: how do I fit Azure Security Center in my overall Security Operations and Incident Response plan? The answer may vary according to your SOC model, the size of the organization, cloud workload, and maturity level. For this reason, is important to take in consideration some key…