Monitoring and detecting runtime security risks and threats

All of the security tools that have been discussed up to this point have focused on preventing shipping vulnerable code to production environments. However, the complete, deployed software solution, including all its support infrastructure is made out of so much more than just the code. On top of that, there are many interactions with a solution that may be unexpected or unplanned. Monitoring all of this continuously in production is necessary, not just to prevent security concerns but to also detect any security concerns coming up. In Azure, one of the tools available for doing just that is Azure Security Center. Azure Security Center is offered via the Azure portal and can be selected as any other service using the menu on the left or by searching for it in the top bar.

After opening Security Center, something similar to the following screenshot will open:

This dashboard delivers insight into three main categories:

  • Policy and compliance: This part gives an overview of how compliant all of the selected Azure subscriptions are with regard to the security policies you have configured.
  • Resource security hygiene: Azure has many security controls that can be turned on or off, along with many security configuration settings. Just as anywhere else, it is up to the user to balance cost and security with risk and ease of use. This dashboard will show recommendations for turning the security up for your resources. Users can decide for each recommendation whether they want to follow it.
  • Threat protection: This section shows how many threats or attacks have been automatically detected and reported:

All of these overviews and categories can be drilled down further. The preceding example shows the results of opening the THREAT PROTECTION overview. Here, it lists all of the possible security threats it has identified. In this case, it lists different access attempts to virtual machines that are hosted within the subscription.

There are many more capabilities within Azure Security Center and more are being added on an ongoing basis. When deploying in Azure, this is the place to identify and manage security risks.

This concludes our discussion of the various techniques for monitoring runtime environments for security risks. The next section looks at several alternative tools for performing some of the scanning tasks that were mentioned in earlier sections.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.9.146