Foreword
I was so pleased to hear that Yuri and Tom were teaming up to write another book on security. I found their first book about Azure core security, Microsoft Azure Security Infrastructure, riveting—I read it cover to cover twice, recommending it to anyone interested in learning more about security in Azure.
This book extends that work. It will teach you all you want to know about how to use Azure Security Center—the security solution to get visibility and control and prevent and detect threats in your Azure subscriptions. Security Center is a critical solution for protecting a cloud workload, and, as indicated by Gartner in their Cloud Workload Protection (CWP) Magic Quadrant, modern hybrid datacenters require a unique protection strategy. And since the classic security perimeter we relied upon is gone with the migration of datacenter workloads into public clouds, a new security paradigm is required. Moreover, with the integration with Log Analytics, and as long as the monitoring agent is installed on your machines, Azure Security Center can be used for your machines on-premises, in a private datacenter, or in another cloud as well. This will simplify your life and I trust you’ll come to rely on Azure Security Center as your primary dashboard and alerting engine for years to come.
No industry is immune to cyberattacks. This book is relevant for everyone around the world. Given the cybersecurity landscape as it exists today and the criticality of the information digital age, we need to assume breach as a mindset and think about what capabilities we need to detect adversarial activity or malicious insiders inside our networks rather than over-relying on thwarting attackers at the front door. Gone are the days when it was acceptable to turn a blind eye to risk. If you don’t know what you don’t know, it’s impossible to take action. Prevention is of the utmost importance, true. However, the ability to detect and control is paramount. Simple, intuitive, and intelligent investigation capabilities are a must to support SecOps teams flooded in a sea of alerts, as well as to support incident response teams.
This book will help you plan, onboard, and learn how to effectively use Security Center to detect and investigate threats in your Azure subscriptions (or in your datacenter workloads). You’ll also learn how to integrate with other solutions, like Azure Active Directory Identity Protection Center, and export your logs to a security information and event management system should you choose to do so. I sincerely hope that you get energy from the capabilities the authors outline in this book, and that it will spur you to action to follow their best practices and recommendations while gaining confidence in the solution.
After reading this book, you will have a better understanding of what Security Center is and how to incorporate it into your security operations center. Yuri and Tom were inspired to write this book because many customers would like to have one place to go to understand what Security Center is, what its requirements are, and how to operate it. You’ll find the material to be technical. It is written with security analysts, architects, and cloud operators in mind, along with any IT professional who wants to understand more about Security Center.
If you’ve read Tom’s work, you’ll know he’s a long-term experienced and seasoned security veteran and author. He’s also a senior program manager in the Azure Security Engineering team. Follow him on Twitter. Read his blogs if you’d like to learn more. He has a wealth of knowledge and wisdom from his days working on-premises and his journey to the cloud.
Yuri is a well-established writer in his own right, publishing document after document in his former role as a content writer for Azure Security. He’s recently joined my team as a senior program manager to support customers’ and partners’ success using Microsoft’s Cloud and Enterprise Security products and services. He has a wealth of information and excels at simplifying the complex.
Dig in.
Hayden Hainsworth
Principal Group Program Manager
Microsoft C+E Security Engineering