Muutke küpsiste eelistusi

Microsoft Azure Security Center [Pehme köide]

3.70/5 (14 hinnangut Goodreads-ist)
,
  • Formaat: Paperback / softback, 192 pages, kõrgus x laius x paksus: 230x190x10 mm, kaal: 333 g
  • Ilmumisaeg: 18-Sep-2018
  • Kirjastus: Microsoft Press
  • ISBN-10: 1509307036
  • ISBN-13: 9781509307036
Teised raamatud teemal:
  • Pehme köide
  • Hind: 45,09 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
Microsoft Azure Security CenterSuurem pilt
  • Formaat: Paperback / softback, 192 pages, kõrgus x laius x paksus: 230x190x10 mm, kaal: 333 g
  • Ilmumisaeg: 18-Sep-2018
  • Kirjastus: Microsoft Press
  • ISBN-10: 1509307036
  • ISBN-13: 9781509307036
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781509307036.html
Märksõnad:
This book presents comprehensive Azure Security Center etechniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder show how to apply Azure Security Centres full spectrum of features and capabilities to address protection, detection, and response in key operational scenarios. Youll learn how to secure any Azure workload, and optimise virtually all facets of modern security, from policies and identity to incident response and risk management. Whatever your role in Azure security, youll learn how to save hours, days, or even weeks by solving problems in most efficient, reliable ways possible. Two of Microsofts leading cloud security experts show how to:







Assess the impact of cloud and hybrid environments on security, compliance, operations, data protection, and risk management Master a new security paradigm for a world without traditional perimeters Gain visibility and control to secure compute, network, storage, and application workloads Incorporate Azure Security Centre into your security operations centre Integrate Azure Security Centre with Azure AD Identity Protection Centre and third-party solutions Adapt Azure Security Centres built-in policies and definitions for your organisation Perform security assessments and implement Azure Security Centre recommendations Use incident response features to detect, investigate, and address threats Create high-fidelity fusion alerts to focus attention on your most urgent security issues Implement application whitelisting and just-in-time VM access Monitor user behaviour and access, and investigate compromised or misused credentials Customise and perform operating system security baseline assessments
Foreword ix
Introduction xi
Chapter 1 The threat landscape
1(16)
Understanding cybercrime
1(1)
Understanding the cyber kill chain
2(2)
Common threats
4(1)
Building a security posture
5(1)
Adopting an assume-breach mentality
6(1)
Cloud threats and security
7(4)
Compliance
8(1)
Risk management
9(1)
Identity and access management
9(1)
Operational security
9(1)
Endpoint protection
10(1)
Data protection
10(1)
Azure Security
11(6)
Host protection
12(1)
Network protection
12(2)
Storage protection
14(3)
Chapter 2 Introduction to Azure Security Center
17(16)
Understanding Security Center
17(5)
Security Center architecture
18(3)
Security Center dashboard
21(1)
Considerations before adoption
22(2)
Role-based access control
22(1)
Security policy
23(1)
Storage
23(1)
Recommendations
23(1)
Incorporating Security Center into your security operations
24(1)
Onboarding resources
25(5)
Initial assessment
30(3)
Chapter 3 Policy management
33(18)
Legacy Azure Security Center security policy
33(5)
Next-generation Azure Security Center security policy
38(5)
The Data Collection blade
38(2)
The Policy Management blade
40(1)
The Email Notifications blade
41(1)
The Pricing Tier blade
42(1)
Azure Policy
43(6)
Policy definitions and assignments
44(1)
Initiative definitions and assignments
44(1)
Exploring Azure Policy
45(4)
Customizing your Security Center security policies
49(1)
Azure Security Center RBAC and permissions
49(2)
Chapter 4 Mitigating security issues
51(22)
Compute recommendations
51(7)
Setting up endpoint protection
52(4)
Remediate Security Configurations
56(2)
Networking recommendations
58(5)
NSGs on subnets not enabled
59(2)
Restrict access through internet-facing endpoint
61(2)
Storage and data
63(5)
Server auditing and threat detection not enabled
64(2)
Storage encryption not enabled
66(2)
Applications
68(5)
Web application firewall not installed
68(5)
Chapter 5 Using Security Center for incident response
73(26)
Understanding security alerts
73(2)
Detection scenarios
75(2)
Detecting spam activity
75(1)
Crash-dump analysis
76(1)
Accessing security alerts
77(7)
Security incidents
79(2)
Custom alerts
81(3)
Investigating a security issue
84(5)
Responding to a security alert
89(10)
Creating a playbook
89(2)
Building the workflow
91(3)
Executing a playbook
94(1)
Auditing playbook execution
95(4)
Chapter 6 Advanced cloud defense
99(22)
Threat prevention versus threat detection
99(1)
Methods of threat detection
100(8)
Atomic detection
101(1)
Threat-intelligence feeds and integrated security solutions
102(2)
Behavioral analysis
104(2)
Anomaly detection
106(2)
The cyber kill chain and fusion alerts
108(3)
Application whitelisting: adaptive application controls
111(3)
Just-in-time VM access
114(7)
Chapter 7 Security incident and event management (SIEM) integration with Splunk
121(20)
Integrating SIEM solutions
122(1)
Splunk integration with Azure Security Center
123(18)
Confirming accessible logs in Azure Monitor
124(1)
Configuring the subscription for the Splunk SIEM pipe
124(1)
Creating and configuring a resource group for the Splunk SIEM pipe
124(1)
Setting up an Azure AD application to provide an access control identity
125(2)
Creating an Azure key vault
127(3)
Copying the app password into Key Vault
130(1)
Making an event hub
131(2)
Creating a shared access key for event hub access control
133(1)
Placing the event hub shared access key in Azure Key Vault
134(2)
Hooking up the event hub to Azure Monitor
136(2)
Spinning up the virtual machine that hosts the Splunk enterprise VM
138(1)
Installing and configuring the Azure Monitor add-on for Splunk
139(2)
Chapter 8 Monitoring identity and access
141(12)
Monitoring identity-related activities
141(7)
Identity posture
143(1)
Failed logons
144(3)
Logons over time
147(1)
Integrating Security Center with Azure Active Directory Identity Protection
148(1)
Customizing your search
149(4)
Chapter 9 Using threat intelligence to identify security issues
153(11)
What is threat intelligence and why use it?
153(2)
Using threat intelligence reports in Security Center
155(2)
Using the Threat Intelligence dashboard in Security Center
157(2)
Hunting security issues in Security Center
159(4)
Virtual Analyst
163(1)
Appendix A Using multiple workspaces in Security Center
164(4)
Creating a new workspace
164(1)
Moving computers and VMs to a new workspace
165(3)
Appendix B Customizing your operating system security baseline assessment
168(6)
General considerations
168(1)
Customizing operating system configuration
169(5)
Downloading the JSON file
169(1)
Editing the JSON file
170(3)
Uploading the new rule
173(1)
Index 174