AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
![]() ![]() Side note: CSPM works in multi-cloud scenario for now, CWP doesn’t in all workloads.Ĭollect events from the supported APIs and security configuration recommendations from AWS & GCP Provides cloud security posture management (CSPM) & cloud workload protection (CWP) capabilities in multi-cloud scenario. – Data normalization (every log is different)Ĭollect security configuration recommendations from AWS & GCPĪzure Arc adds capability to manage workloads in 3rd party cloud or on-prem ( overview of Azure Arc) – Everything costs, is there a need to bring same data second time to centralized log repo? – Do you collect all raw logs or only alerts from other clouds? SolutionĬollect data (alerts, raw, events) from connected sourcesĪzure resources, M365 workloads, M365 security solutions, AWS CloudTrail, GCP WorkspaceĬollecting data into Azure Sentinel is relatively easy but in multi-cloud scenario there are things to consider: Why? Azure Sentinel does provide effective view for security monitoring (and related activities such as Threat Hunting & SOAR) but when eyes turns to security posture management Azure Security Center (ASC) CSPM (Cloud Security Posture Management) capabilities jumps on the game. At the time of writing, it’s possible to build single pane of glass view to Azure Sentinel but I would still use all of the security solutions: Azure Sentinel, Azure Security Center (+AzDefender) & Cloud App Security. The ultimate goal in this monitoring architecture is to build centralized multi-cloud view into Microsoft cloud. These will be addressed in later blog posts. In the picture below, there are four (4) major log sources sending audit trail (alerts, data & signal, events / raw logs, recommendations, etc) to Microsoft security solutions (Azure Sentinel, Azure Security Center & Cloud App Security).Īll of these sources have multiple solutions & resources which needs detailed planning and configuration from security monitoring point of view. The idea in this architecture is to leverage Microsoft security solutions as much as possible in security monitoring & posture management. Architectureīase of the architecture is one example case I have been working with. Update – Architecture picture updated to contain centralized AWS S3 bucket where Azure connector can ingest AWS GuardDuty findings. I have been involved in cases where all data (raw, alerts, events, signals) are collected to Azure and also in cases where only relevant important information is collected to the centralized repo. This is the first part of the series and will describe a high-level approach for building effective security monitoring & posture management with Microsoft security tools such as: Azure Sentinel, Azure Security Center & Microsoft Cloud App Security. There are always alternative options, so don’t expect this blog series to cover all possible solutions and all alternative approaches. The purpose of this blog series is to shed light on how aforementioned can be built in multi-cloud scenarios, what are the possible options with pros & cons. The cloud environments typically are: Azure, AWS & GCP but also AliCloud is seen and naturally on-premises environment with hybrid identity still remains in the different ecosystems. Even though, my work is focused on Microsoft technologies and how to get the most out of the MS security tools I’m more and more working with multi-cloud environments. As many of you already know, I have spent last couple of years purely focusing on security monitoring, leveraging Microsoft security solutions in the cloud. ![]()
0 Comments
Read More
Leave a Reply. |