Software defined network is titled VNet in Azure and introduces new security challenges for cloud security architect when it comes to isolate data and still allow secure communication from valid users, applications and systems. In this chapter you learn security supported networking in Azure with the guides to present TCP/IP, protocol communication ports and what Azure security services are available to learn about notable tactics, techniques and procedures (TTPs) that can be exploited by Advanced Persistent Threats (APT). You learn VNet recommendations to mitigate misconfigurations and provide detection on Incidents of Compromise (IOC) like forensic evidence of potential intrusions. 

·         Virtual Networks, VNets, Network Peering

·         NSG, Port vulnerability, OSI / TCP Model

·         Azure Firewall Configurations

·         Azure Front Door Service

·         Application Security Groups

·         Remote Access Management

 Chapter 3 Reduce Cybersecurity Vulnerabilities from IaaS and Data 

Operational frameworks and cyber security frameworks work hand-in-hand to support the business. The framework helps to prepare and enable steps to prevent penetration from globally attacks.  In this chapter you learn through examples about advanced persistent threats (APT) using techniques, tactics and procedures to reduce risk to specific threats.

·         Harden Azure VMs

·         VM Security

·         VM Endpoint Security

·         VM OS security updates

·         Database configurations (Best Practices)

o   Authentication

o   Auditing

o   SQL Advanced Threat Protection

·         Storage Accounts (data access)

·         Key Management (best practices)

·         Azure Files authentication

·         Shared Access Signatures (SAS)

·         HDInsight Security

Part II: Azure Cloud Security Operations (Red Team / Blue Team)

(150 pages)

This section of the book is focused on identifying the vulnerabilities from a Red Team perspective (aka Black Hat) and how the Blue Team (White Hat) could defend from the attack. The topics are the same but the Red teams view to help train the Blue teams defense on specific cloud targets.  During the chapters in Part II the reader is guided through many attack matrix from https://attack.mitre.org/ and C2Matrix examples of attackers and their attack techniques. 

 

Chapter 4 Configure Azure Monitoring for Blue Team Hunting

In this chapter readers learn about monitoring the availability of applications and services provide the insight on all Azure services from VM, to containers and cloud services specific to Microsoft Azure.  Logs are divided into two functional types, Metrics, and logs.  Azure has continued to expand insight by collecting this data and displaying in for alerts and management datapoints to respond appropriately. 

Data collected includes tenant and subscription data in attrition to all Azure resources. Metrics are near real time data (review using Metrics Explorer), reviews data at a specific point of time.  Logs have different properties based on the type of logs. Streamed to an Analytics workspace for Alerting and review information over long periods of time.

·         Azure Monitor enablement

·         Logs sources and types of logs

·         Diagnostic logs & retention

·         Azure analytics

·         Privileged Identity Management Configuration

·         Monitor Privileged Access Best Practices

·         Manage API access Best Practices

·         Manage Azure subscription transfers (M&A activities)

 

Chapter 5 Azure Security Center Configuration

Azure Security Center was introduced in the First Editions, and the reader continues their journey with a deep dive on considerations for reducing other security tools. You learn how to ingest log files from Azure environment and auto discover IaaS resources to reduce the “shadow IT” expansion.  In this chapter the Cyber Security Kill Chain is front-and-center as you learn to configure alerts on known exploits. Again the reinforcement of the Attack Matrix is used to correlate and guide the Cloud Operations team into Cloud Security Operations.

·         Configuration cost (consolidation considerations)

·         Enable security:

o   Network

o   VMs

o   Database

o   BLOBs

·         Data Protection

·         Configure Alerting

·         Central policy management with Security Center

·         Just in Time VM access with Security Center

·         Azure Sentinel

 

Chapter 6 Azure Kubernetes Service and Container Security

A NEW chapter in the second edition, takes the reader beyond the introduction to Kubernetes, it guides them on why containers are not secure by default.  You learn container weakness and how to mitigate with security controls to secure Azure containers and the Azure Kubernetes Service (AKS).

You learn to use Azure Security Center to identify the different Alerts from a Windows OS and Linux OS running in Azure IaaS configuration. Threat protection with Security Center expands the benefits of a cloud-native solution and you learn how using the security controls support your companies Cyber Security Framework.

·         Container Network Configuration

·         Authentication

·         Container isolation

·         AKS Security focus

·         Securing the container registry

·         Container vulnerability management

 

Chapter 7 Security Governance Operations 

A NEW chapter that uses many exercises to provide Azure Policy definition structure and readers learn how the policies take effect on users based on business rules. The exercises examples help readers evaluate the impact and what the logical evaluation of an Azure policy and how to customize the JSON policy definitions.   Additional policies apply directly to Azure Kubernetes Services (AKS), to support the Information Security Officers team goals of improved security controls and reporting.

·         Azure Policies (overview)

o   Assignments

o   Definitions

o   Blueprints

·         Compliance reports

·         Configure Azure Monitor

o   Diagnostic logging

o   Log retention

o   Vulnerability scanning

·         Data Management

o   Classification

o   Retention

o   Sovereignty

 

Appendix A (10-20 pages)

·         Azure Penetration Testing Configuration

Appendix B (10-20 pages)

·         Configure an Azure Cloud Cyber Security lab for education

Marshall Copeland is a cloud security architect focused on helping customers “shift left” with cloud security defenses in Azure public cloud using cloud-native services and third-party network security appliances. He uses Infrastructure as Code (IaC) with ARM templates or Terraform HCL to build cloud infrastructure and disaster recovery solutions. Marshall's Azure security design skills include Azure Sentinel, Security Center, Policy, Firewall and ACL networking, and a few open-source solutions such as ELK stack, Wireshark, and Snort. He partners with security operations to guide cloud investigations to enhance “blue team hunting” efficiencies.

Matthew Jacobs is a system engineer focused on cloud architecture technologies needed to support identity management, security, and collaboration tool sets for small and medium businesses, including enterprise organizations. His work has focused on digital transformation, including on-premise only, hybrid cloud networks, and complete public cloud-only deployment. Matthew brings a hands-on cloud architecture approach for Identity Management (IAM) and enhanced engineering to enable business agility that secures and supports a global remote work force. His current work in the Nashville, Tennessee area includes Fortune 500 media, entertainment, and hospitality companies, and his work history extends into public cloud federal compliance requirements for the banking and healthcare industries.