Microsoft AZ-700: Get Network Security Recommendations with Microsoft Defender for Cloud

Reading Time: 3 minutes

Notes from MS Learn AZ-700 Module 6: Design and implement network security – Unit 2: Get Network Security Recommendations with Microsoft Defender for Cloud

Network security is various tech, devices, processes and provides rules and configs to protect the CIA of networks/data. Every org though have some sort of network security

  • NS-1: Establish network segmentation boundaries
    • Security Principle to ensure that VNet deployment aligns with segmentation strategy
    • Any workload that incurs high risk should be isolated in VNets
  • NS-2: Secure cloud services with network controls
    • Security Principle to secure cloud services establishing private access point to resource(s)
    • Should also disable/restrict public access if you can
  • NS-3: Deploy firewall at edge of enterprise network
    • Security Principle to perform advanced filtering on net traffic to/from external networks
    • Can also use firewalls between internal segments
    • If needed, custom routes for subnet used to override system route
    • This forces net traffic to go through network appliance for security
  • NS-4: Deploy IDS/IPS
    • Security Principle to inspect network and payload to/from workloads
    • Ensure IDS/IPS always tuned for high-quality alerts
  • NS-5: Deploy DDOS Protection
    • Security Principle to protect network/apps from attacks
  • NS-6: Deploy web app firewall
    • Security Principle to deploy WAF and configure rules to protect web apps/API’s from app specific attacks
  • NS-7: Simplify net security config
    • Security Principle to use tools to simplify, centralize, enhance network security management
  • NS-8: Detect & Disable insecure services/protocols
    • Security Principle to protect from insecure services/protocols at OS/App/Software package
    • Deploy controls if disabling isn’t possible
  • NS-9: Connect on-prem or cloud privately
    • Security Principle to use private connection between networks
  • NS-10: Ensure DNS security
    • Security Principle to ensure DNS security config against known risks
  • Using Microsoft Defender for Cloud for Regulatory Compliance
    • Defender for Cloud aids in streamlining meeting regulatory compliance requirements using the “Regulatory Compliance Dashboard”
    • This shows status of all assessments within environment you have chosen standards and regulations for
    • As you act and reduce risk posture improves
  • Regulatory Compliance Dashboard
    • Shows overview of status with set of supported compliance regulations
    • View overall score, number of pass/fail assessments within each standard
  • Compliance Controls
    • Contains
      • Subscriptions the standard is applied on
      • List of all controls for said standard
      • View details of passing/failing assessment associated with control
      • Number of affected resources
      • Severity of the alert
    • Some are grayed out as they don’t have Any MS Defender for Cloud assessments associated
    • Check their requirement and assess them
    • Some controls may be process-related not technical
  • Exploring details of compliance with a specific standard
    • To generate PDF report with a summary of status choose Download Report
    • Provides high-level summary of compliance status for standard based on MS Defender for Cloud assessment data
    • Organized according to controls of said standard
    • Can be share with stakeholders and aid in providing evidence to internal/external auditors
  • Alerts in MS Defender for Cloud
    • Automatically collects/analyzes/integrates log data from Azure resources
    • List of prioritized security alerts shown along with. Info needed to investigate and remediation steps
  • Manage security alerts
    • Defender for Cloud overview page shows Security Alerts tile at top and a link in the left panel
    • Security alerts page shows active alerts
    • Sort by Severity, Title, Affected Resource, Activity Start Time
    • MITRE. ATTACK tactics and status
    • To filter select any of the relevant filters
  • Respond to security alerts
    • From Security alerts list click an alert
    • Another panel opens with description of alert and affected resources
    • View full details to display more info
    • Left pane shows high-level info regarding alert
      • Title
      • Severity
      • Status
      • Activity time
      • Description
      • Affected Resource
    • Right Pane includes
      • Alert details tab with more details
        • IP address
        • Files
        • Processes
        • Etc
      • Take Action Tab with Actions like
        • Mitigate the threat
          • Provides manual remediation steps
        • Prevent Future Attacks
          • Provides sec recommendations to aid in reducing attack server, increase security posture
        • Trigger Automated Response
          • Provides option to trigger logic app as response
        • Suppress similar alerts
          • Provides option to suppress further alerts with similar characteristics
Share this article:

Permanent link to this article: https://www.packetpilot.com/microsoft-az-700-get-network-security-recommendations-with-microsoft-defender-for-cloud/

Leave a Reply

Your email address will not be published.