Cloud Security: The 4C’s Of Cloud-Native Security – Part 5

In the last part of the article series on the 4C's of cloud-native security, we will look at securing the cloud environment itself. Although actual steps to harden your cloud infrastructure differ based on the cloud vendor and the services used to architecture your cloud-native application, many concepts and methodologies are quite similar.

In this article:

For the scope of this article, we’ll take a look at services in Microsoft Azure that support you in securing your overall cloud infrastructure that builds the foundation for your cloud-native application. It is top of the mind for all cloud vendors to provide professional tools to harden and secure cloud infrastructures. Microsoft has recently re-branded existing services to group and advertise all essential services for securing cloud services under the brands Microsoft Defender for Cloud and Microsoft Sentinel.

Before we quickly dive into Microsoft Defender for Cloud, we will look at both products offered by Microsoft and which needs they address.

Microsoft Defender for Cloud

Microsoft Defender for Cloud addresses three essential needs when it comes to securing cloud services:

  • Continuous Assessment: By providing a single number – the secure score -, Microsoft Defender for cloud helps you understand your security posture. A higher secure score means a more secure cloud environment.
  • Secure: Microsoft Defender for Cloud also assists in actively securing cloud infrastructures. It provides security recommendations that tell you which services have weak configurations and may increase your overall attack surface. On top of delivering those recommendations, Microsoft Defender for Cloud gives you either fine granular instructions on how to remediate those misconfigurations or lets you fix those findings automatically by just clicking a “Fix” button.
  • Defend: Quickly taking action on potential threats or attacks is mission-critical to defense cloud environments. Microsoft Defender for Cloud detects attacks and threats to your resources and alerts you automatically. You can stream those alerts also to different SIEM and SOAR solutions.

The Continuous Assessment and Secure capabilities Microsoft Defender for Cloud address Cloud security posture management (CSPM) . Microsoft Threat intelligence powered alerts (Defend) capabilities are key features that address Cloud workload protection (CWP).

Microsoft Sentinel

Besides Microsoft Defender for Cloud, Azure customers can use Microsoft Sentinel, a security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel allows you to:

  • Collect data across all cloud services, applications, users, and infrastructure
  • Detectanomalies and eliminate false positives using threat intelligence
  • Investigate threats with AI to hunt and stop suspicious activities
  • Respond rapidly using built-in orchestration and automation of recurring tasks

With Microsoft Sentinel, users can collect and integrate data from different sources using built-in connectors. You can incorporate data from services like Microsoft 365, Azure AD, and several Microsoft Defender products like Microsoft Defender for Identity or Microsoft Defender for Cloud Apps. On top of that, you can integrate data from non-Microsoft environments using well-adopted formats like Syslog or ingest custom data via REST. Once data ingestion is configured, you can use workbooks (powered by Azure Monitor Workbooks) to visualize and monitor your data. Although Microsoft Sentinel comes with pre-configured workbooks, you can create tailored workbooks on your own to address individual needs. Visualizing and monitoring a vast amount of data becomes cumbersome and tedious quickly. Analytics capabilities from Azure Sentinel reduce noise and minimize the number of alerts you’ve to care about. Microsoft Sentinel correlates alerts into incidents. You can customize the built-in correlation rules to fit your needs. On top of fundamental correlation rules, Sentinel uses its machine learning (ML) capabilities to create incidents from network behavior anomalies. At this point, you should already realize that data ingestion and visualization are just the tip of the iceberg. Although Sentinel is a supercritical piece of the puzzle, I’ll stop here and won’t touch other features from Microsoft Sentinel like automation, integration, hunting, and incidence response techniques. You should definitely consult the official Microsoft Sentinel documentation and dive deeper. But for the scope of this article, let’s move again back to CSPM.

Getting started with CSPM

Now that you have some fundamental understanding of Microsoft Defender for Cloud let’s get started with CSPM.

Choose your Microsoft Defender for Cloud tiers

Microsoft Defender for Cloud offers a free tier that includes continuous assessment and security recommendations. It will give you a secure score (we will take a look at this in a bit) for Azure and AWS environments. (Yes, you can assess multi- and hybrid-cloud environments with Microsoft Defender for Cloud). Enhanced security features provided by Microsoft Defender for Cloud can be activated on the Azure subscription scope. However, there is a 30-day trial that you can use to try those advanced capabilities.

Enhanced security features can be activated/deactivated by resource type. For example, if you’re working with containers, you may find Microsoft Defender for Containers very useful. However, in contrast, you may not need to rent Microsoft Defender for PostgreSQL if your PostgreSQL deployments in Azure are just for testing or development purposes. You can access your Defender for Could dashboard by navigating to Microsoft Defender for Cloud from Azure Portal. The dashboard provides not just essential insights about your overall cloud security; it also contains the latest recommendations from Microsoft security experts in one place.

To configure tiers and book enhanced security features, you can navigate from the dashboard to Environment settings using the left-hand blade navigation.

Configure E-Mail notifications

Security-related notifications and alerts must be sent to people that can take action on discovered incidents. You should take a second and configure your E-Mail notifications properly. To avoid flooding inboxes with notifications and to reduce noise, Defender for cloud will limit the volume of outgoing mails for each subscription to:

  • max 1 mail per 6 hours for alerts with high severity
  • max 1 mail per 12 hours for alerts with medium severity
  • max 1 mail per 24 hours for alerts with low severity

Again, you can customize those settings on the subscription scope.

Configure regulatory compliance

Do you have to address specific regulatory compliance? With Microsoft Defender for Cloud, you can continuously compare the actual configuration of your cloud resources against requirements defined as part of industry standards and benchmarks.

Continuously checking for a regulatory standard requires enhanced security being enabled. You can choose a regulatory standard – again on subscription level – by enabling it under Security policy.

Once you’ve configured your Security policies, it will take several hours to see your performance in the context of every selected regulatory standard in the compliance dashboardCheck the list of supported regulatory standards, to see where Microsoft Defender for Cloud can help hit the bar.

Secure score

Microsoft Defender for cloud computes a secure score, a percentage value that reflects your overall security situation at the current point in time. The security situation changes continuously because of new vulnerabilities, new attack surfaces being added to the cloud infrastructure, or new security features being added to the platform itself. You can see from the picture below that you get a secure score calculated per subscription on top of the overall secure score.

 

Subscription-based secure scores are an immediate indicator of how you can improve your overall cloud security. Also, keep in mind that the secure score is not just a number made up by some teams at Microsoft. It’s reproducible, and the underlying formula is publicly available and well documented.

Recap

This article looked at fundamental concepts for securing your cloud platform. Services like Microsoft Defender for Cloud assist you in discovering insecure service configurations and ensure continuous service observation according to the latest security standards.

When hosting applications in the public cloud, we must address security concerns and harden underlying cloud services to prevent attackers from executing various attacks such as taking down the application, stealing data, or acting on behalf of a user.

Securing the cloud addresses the last “C” in the 4C’s of cloud-native security, which marks the end of the article series.

More articles about Cloud Native, Azure
Free
Newsletter

Current articles, screencasts and interviews by our experts

Don’t miss any content on Angular, .NET Core, Blazor, Azure, and Kubernetes and sign up for our free monthly dev newsletter.

EN Newsletter Anmeldung (#7)
Related Articles
AI
sg
One of the more pragmatic ways to get going on the current AI hype, and to get some value out of it, is by leveraging semantic search. This is, in itself, a relatively simple concept: You have a bunch of documents and want to find the correct one based on a given query. The semantic part now allows you to find the correct document based on the meaning of its contents, in contrast to simply finding words or parts of words in it like we usually do with lexical search. In our last projects, we gathered some experience with search bots, and with this article, I'd love to share our insights with you.
17.05.2024
Angular
sl_300x300
If you previously wanted to integrate view transitions into your Angular application, this was only possible in a very cumbersome way that needed a lot of detailed knowledge about Angular internals. Now, Angular 17 introduced a feature to integrate the View Transition API with the router. In this two-part series, we will look at how to leverage the feature for route transitions and how we could use it for single-page animations.
15.04.2024
.NET
kp_300x300
.NET 8 brings Native AOT to ASP.NET Core, but many frameworks and libraries rely on unbound reflection internally and thus cannot support this scenario yet. This is true for ORMs, too: EF Core and Dapper will only bring full support for Native AOT in later releases. In this post, we will implement a database access layer with Sessions using the Humble Object pattern to get a similar developer experience. We will use Npgsql as a plain ADO.NET provider targeting PostgreSQL.
15.11.2023