Tag: Cloud Security

Altaro Azure Security Center Webinar

Free Webinar: Azure Security Center: How to Protect Your Datacenter with Next Generation Security

I am happy to announce that I will be speaking in a free webinar together with Microsoft MVP Andy Syrewicze about Azure Security Center. The Altaro webinar called Azure Security Center: How to Protect Your Datacenter with Next Generation Security will be focusing on Azure Security Center, and how you can protect your Cloud and Datacenter Infrastructure. The webinar will be free and it will be held twice on Tuesday, July 30th, 2019. You can save your seat by filling out the form here.

Webinar presented live twice:

  • Session 1: 2pm CEST – 8am EDT – 5am PDT
  • Session 2: 7pm CEST – 1pm EDT – 10am PDT

Free Webinar

Azure Security Center: How to Protect Your Datacenter with Next Generation Security

Azure Security Center: How to Protect Your Datacenter with Next Generation Security

Security has always been a fundamental concern of IT admins and now more than ever, in the age of the cloud datacenter, you need to ensure your workload security is ahead of the curve.

Join Thomas Maurer from the Microsoft Azure Team, alongside Microsoft MVP Andy Syrewicze, for a value-packed webinar that will show you how to batten down the hatches, even when your workloads are hosted in the public cloud! You’ll learn:

  • Azure Security Center Introductions
  • Deployment and first steps
  • Best Practices
  • Integration with other tools
  • And more!

With the industry’s transition to the cloud, we’ve seen a number of workloads migrate to service provider datacenters and public clouds like Azure. While many IT Pros are comfortable in dealing with core services in this manner, many find themselves at a loss when it comes to securing these next generation deployments. Pair that with an overly eager bad-actor community, and you have a recipe for disaster. However, new tools are designed to enhance existing security paradigms and help you sleep at night, such as Azure Security Center. Are you concerned about the strength of your Azure workload security? Struggling with where to start? We’ve got the webinar for you!

Taking advantage of the latest in security tools will ensure your organization stays one step ahead of the bad guys, and we’re here to help you get started!

See you there!

As mentioned, we will give you an overview of how Azure Security Center and strengthen your security posture and protect against threats with Azure Security Center. I will also show you features like Azure Just-in-Time VM access and many others.

I hope that you join the webinar and if you have any questions, let me know in the comments.



AZ-500 Microsoft Certified Azure Security Engineer Associate

Passed Exam AZ-500 Microsoft Certified Azure Security Engineer Associate

The new Azure Security exam just came out of beta, and I took some time to learn and see if I would pass it. I am happy that I just passed exam AZ-500: Microsoft Azure Security Technologies, which focuses on Microsoft Azure security engineers who implement security controls, maintain the security posture, manages identity and access and protects data, applications, and networks. After passing this exam, you can call yourself a Microsoft Certified: Azure Security Engineer Associate. Azure Security Engineers implement security controls and threat protection, manage identity and access, and protect data, applications, and networks in cloud and hybrid environments as part of the end-to-end infrastructure. That means this exam covers different topics across the Azure infrastructure and many various Azure services like Azure AD, Azure IaaS, Azure Networking, Azure Kubernetes Service (AKS), Databases, Azure Monitor, Azure Security Center and many more.

Exam AZ-500: Microsoft Azure Security Technologies

Candidates identify and remediate vulnerabilities by using a variety of security tools, implements threat protection, and responds to security incident escalations. As a Microsoft Azure security engineer, candidates often serve as part of a larger team dedicated to cloud-based management and security and may also secure hybrid environments as part of an end-to-end infrastructure.

Candidates for this exam should have strong skills in scripting and automation, a deep understanding of networking, virtualization, and cloud N-tier architecture, and a strong familiarity with cloud capabilities, Microsoft Azure products and services, and other Microsoft products and services.

You can find more detailed information on the Microsoft exam website. There you will find all the skills measured in this exam.

How to prepare for the AZ-500 exam

Microsoft Learn

Microsoft Learn

Exams always have a specific focus; this one covers a broad set of Azure security topics over different Azure services. This means you not only need to have particular security know-how, but also a good overview of the various Azure services. If you don’t have that right now, I recommend that you might start with other exams, such as AZ-900 and AZ-10X for the Microsoft Certified: Azure Administrator Associate. But if you want to go forward with the AZ-500 exam and become a Microsoft Certified: Azure Security Engineer Associate, first have a look at the more detailed information on the Microsoft exam website. Start reading through the Microsoft Docs about the different security topics mentioned in the skills measured, and also get some hands-on experience by trining out the various technologies. My favorite place to learn and understand some tutorial about different topics is Microsoft Learn! On Microsoft learn, you can use a lot of different learning modules, and some of them are focused on Azure Security. If you want to know more about Microsoft learn, check out my blog post: Microsoft Learn – A Great Place To Learn!

At Microsoft Ignite The Tour, our team also presented a session on securing your Azure environment, my session in Amsterdam was recorded, you can watch it here: Microsoft Ignite The Tour 2019 Azure Hybrid Session Recordings.

Are you also interested in becoming Microsoft Azure Certified? Check out my blog posts about why you should become Microsoft Azure Certified, how to pick the right Azure exam certification path and how to prepare and pass a Microsoft Azure certification exam. With that, I wish you happy learning and good luck with the AZ-500 Microsoft Azure Security Technologies exam!



Windows Server 2019 ATP

Windows Server 2019 Windows Defender Advanced Threat Protection

Windows Server 2019 comes with a lot of new feature. One of the large investment Microsoft is making in this Windows Server release, is in security. And one of my favorite new security features in Windows Server 2019 is the support for Windows Defender Advanced Thread Protection. Windows Defender Advanced Threat Protection (ATP) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. It was available for Windows 10 devices for awhile, and now it is available for Windows Server 2019 and other version of Windows Server.

What is Windows Defender Advanced Threat Protection

Windows Defender ATP

Windows Defender Advanced Threat Protection brings some great security features to your platform.

  • Agentless, cloud-powered – No additional deployment or infrastructure. No delays or update compatibility issues. Always up to date.
  • Unparalleled optics – Built into Windows and Windows Server for deeper insights. Exchanges signals with the Microsoft Intelligent Security Graph.
  • Automated security – Take your security to a new level, by going from alert to remediation in minutes – at scale.

Onboard Windows Server 2019 to Windows Defender Advanced Thread Protection

Windows Defender Advanced Thread Protection Onboarding

If you’re already using Windows Defender Advanced Threat Protection (ATP), preview these features by simply installing the latest preview build of Windows Server, and onboard it to Windows Defender ATP.

Otherwise, sign up for the Windows Defender ATP trial on Windows Defender Advanced Threat Protection.

Quick Look at Windows Defender ATP for Windows Server 2019

Windows Server 2019 ATP

Using Windows Defender ATP is pretty simple. It is also very simple with Windows Server 2019. After you have onboarded your Windows Server you can already see alerts and recommendations in your dashboard.

Windows Server ATP

To have some active alerts, you can create a test alert. This is also recommended to do after you have onboarded your machine. With that you can see if the connection is working.

Windows Server 2019 ATP Machine Page

You can find alters, events and actions in the machine page in the Windows Defender Security Center.

I hope this just gives you a short overview about Windows Defender ATP for Windows Server 2019. If you have any questions just leave a comment.



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.