File Integrity Monitoring in Azure Security Center

Following the previous posts about new Azure Security Center capabilities that we released at RSA Conference, this one is about File Integrity Monitoring (FIM), which is available in public preview. This capability helps to protect the integrity of your system and applications as Security Center will be continuously monitoring the behavior of your registry and configuration…


Azure Security Center Integration with Windows Defender Advanced Threat Protection for Servers

At RSA Security Conference this year we announced that Security Center now harnesses the power of WDATP to provide improved threat detection for Windows Servers (this integration is currently in preview). When this integration is enabled you will be able to see more details from the endpoint perspective. You will still start your investigation using Security…


Leveraging Azure Security Center Capabilities in a PCI DSS Compliant Environment

It is important to start this conversation by saying that PCI DSS encompasses more than Azure Security Center, however Security Center plays a key role on that, as described in the architecture diagram from Azure Security and Compliance Blueprint – PCI DSS-compliant Payment Processing environments article, shown below: Image extracted from this article The first…


Integrated Security Configuration for your Azure VM

Last week I wrote about the new Azure Security Center Network Map, today I want to talk about the new integrated security configuration experience for Azure VMs, which was also something that we announced at RSA Conference. With this new experience, you can see all recommendations for a particular VM, directly from the VM’s properties…


Incident Management Implementation Guidance for Azure and Office365

Couple of months ago I had had a great opportunity to be among the contributors/reviewers of this very cool white paper that talks about incident management using Azure and Office 365. Today I’m very please to let you know that you can download this paper right now! This document helps customers to understand how to…


Going beyond the signature with behavior analytics in Azure Security Center

One of the benefits of using Azure Security Center as your cloud workload protection is the capability to quickly detect threats in your environment based on known patterns. This is not only about matching signatures but going beyond that by understanding the common techniques used by threat actors. By using behavioral analytics, Security Center analyzes…


Exploring the Identity & Access dashboard in Azure Security Center

In Azure Security Center you can use the Identity & Access dashboard to explore more details about your identity posture. In this dashboard you have a snapshot of your identity related activities as shown in the example below: Just by looking at this dashboard you can draw some conclusions, for example, all failed logons were…


Detecting Suspicious PowerShell Activity in Azure Security Center

Adversaries may use PowerShell scripts as a defense evasion technique, or to establish persistence. The use of PowerShell to attack systems is not new, it was successfully leveraged in many different attack campaigns in the past, and it is still a growing trend. For this reason is important to follow some core principals to protect…


Detecting Persistence in Azure Security Center

According to Mitre Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), Persistence is “any access, action, or configuration change to a system that gives an adversary a persistent presence on that system”, which is a common technique used by adversaries to keep a communication channel open with the attacked resource. The use of Run and RunOnce registry…


Considerations Regarding Azure Security Center Adoption

One common question that I receive from customers is: how do I fit Azure Security Center in my overall Security Operations and Incident Response plan? The answer may vary according to your SOC model, the size of the organization, cloud workload, and maturity level. For this reason, is important to take in consideration some key…