Manage your cloud

security posture and

monitor your compliance
with Azure Security Center​
Yoav Daniely George Mudie
Principal PM Manager CISO
C+AI Security ASOS.com

BRK3187
 Cloud Security posture & compliance management
 Recap
 What’s new & demos
Agenda
CISOs talk - George Mudie - ASOS.com
Security Best Practices
Unmatched security across operations,
technology, and partnerships Operations
Secure foundation and intelligence

$1B
annual investment in cybersecurity

3500+ Azure
global security experts Security

Trillions
of diverse signals for unique intelligence
Technology Partnerships
Built-in controls For a heterogeneous world
Insecure misconfiguration & lack of controls
#1 cause to cloud based data centers breaches

“Through 2020, 80% of cloud breaches will be due to

customer misconfiguration, mismanaged credentials
or insider theft, not cloud provider vulnerabilities”

“A historic 424% jump in breaches related to

misconfigured cloud infrastructure, largely due to
human error.”

Source: https://www.forbes.com/sites/forbestechcouncil/2018/08/09/the-one-cloud-security-metric-every-ciso-should-know/#3ff8c87e5375 , Author: Josh Stella, Forbes council

 Azure Security Center

Strengthen security
Strengthen security posture
posture Protect against
Protect against threats
threats

Cloud security posture management For

For For cloud native
databases
Secure Score | Policies and compliance servers workloads
and storage

Get secure faster

© Microsoft Corporation
Azure
Inside-workload
assessment of Azure Evaluated Categories

Resources with
Secure Score
Access Compute SQL server Network App

Gain instant insight into the security state of your

cloud workloads
+7% +2% +1% +3% +2%

Address security vulnerabilities with

prioritized recommendations Secure Score Impact

Improve your Secure Score and overall security

posture in minutes 50%
Secure
Score
Speed up regulatory compliance
What's new:
Cloud Security Posture Management
 Register for a preview in:
A simplified secure https://aka.ms/MicrosoftSecurityPreviewProgram

score model

Improved tracking with percentage-

based scoring

Easier attack vector correlation and focus

with grouped recommendations
Improved Automation

Apply Quick Fixes to recommendations

Automate responses with LogicApps

Continuously export to Event Hub and Log Analytics

Export to CSV
Extend, customize, and share your organizational policy

Create your
Create your own
own Write your
Write your own
own Share with
Share with the
the
organizational policy
organizational policy recommendations +
recommendations + ASC Community
ASC Community
apply custom
apply custom score
score
Pick and
Pick and choose
choose from
from to itit (soon)
to (soon)
built-in standards
built-in standards
New built-in
vulnerability assessment
Vulnerability ASC VMs
Reports in ASC
Included to ASC standard price for VMs and ATP Dashboard / ASC Service & Servers
via APIs
for containers price
Findings
Agent Deploy ASC
Scans VMs both Linux & Windows Qualys
Powered
& Update

Scans ACR images Azure Container

Registry
For all of the existing customers, turn it on today
Image
Qualys partnership (push)

CI/CD
Protect Kubernetes with
ATP for AKS
Continuous discovery of managed AKS AKS Cluster
instances within Azure Security Center

Actionable security recommendations Master Workers

API Server AKS Nodes

Threat detection
Audit &
Raw Logs

Seamless auto provisioning Container Runtime

Security Center
 ASC joins MISA—and your security posture just got better!
We are growing the Azure Security ecosystem for our customers greater good

Customer
Customer Azure Security Partner Secure Score
Request
Request Secure Score CSPM Holistic View 

Security Posture
Receive 3rd Party Share ASC 
NEW!
NEW! Management 
Recommendations Recommendations 
Single Pane of Glass

Ecosystem
Ecosystem and more coming…
 Take actions today—Get started with the preview

Enable Security Center Act upon your top 5 Upgrade to Security Center
to assess your secure score recommendations today standard to maximize
across the entire organization security value

To learn more, visit azure.microsoft.com/en-us/services/security-center/

Manage your cloud
security posture

November 2019
 Structure

Cyber
Security

Governance, Risk, Identity

Response Security Physical Security
and Compliance and Access Global Fraud Sec Dev
Team Operations Security Architecture
Management

Sec
Engineering

Sec
Assurance
 ASC Recommendations
Sec Assurance + Priority
Sec Architecture + Sec Engineering Scrum Team
Scrum Team

ASC Recommendations Prioritized using Consolidated Priority scrum teams informed Scrum team
for 100+ subscriptions CISO risk register into patterns and guided by Sec Eng backlog

Themes and education

Security maturity model

Security Assurance + All Scrum Teams

 Take actions today—Get started with the preview

Enable Security Center Act upon your top 5 Upgrade to Security Center
to assess your secure score recommendations today standard to maximize
across the entire organization security value

To learn more, visit azure.microsoft.com/en-us/services/security-center/

 Azure Security Center
Sessions at Ignite
BRK3188
Protect your cloud workload from threats using
Azure Security Center
Tuesday, Nov. 5 (10:30–11:15 AM)

BRK3187
Manage your cloud security posture and monitor your
compliance with Azure Security Center
Tuesday, Nov. 5 (2:15–3:00 PM)

BRK3191
End to end security for IoT
Thursday, Nov. 7 (3:30–4:15 PM)

SECO30
End-to-end cloud security for all your XaaS resources
Tuesday, Nov. 5 (2:00–2:45 PM)
“With Security
“With Security Center,
Center, we
we can
can “We want
“We want Security
Security Center
Center toto be
be “By using
“By using Azure
Azure Security
Security Center,
Center,
see where
see where to to make
make aa vital
vital asset
asset for
for our
our view
view into
into we have
we have much
much better
better visibility
visibility
improvements to
improvements to help
help secure
secure the security
the security health
health of
of our
our over the
over the security
security ofof our
our Azure
Azure
our Azure
Azure virtual
virtual machines
machines
—
entire multiplatform
multiplatform IT IT estate at
at aa low
low total
total cost
cost of
of
our entire estate
because itit shows
because shows usus where
where ecosystem, including
ecosystem, including IoT
IoT hubs
hubs ownership.”
ownership.”
risks lie.
risks lie. We
We can
can also
also use
use itit and resources.”
and resources.”
with our
with our on-premises
on-premises Denis Ontiveros
Denis Ontiveros
infrastructure, which
infrastructure, which is
is Ramon Stockmann
Ramon Stockmann Security Platforms
Security Platforms Director
Director
Manager of
Manager of Cloud
Cloud Core
Core Operations
Operations BP
BP
crucial.”
crucial.” Vattenfall
Vattenfall
Aaron Shvarts
Aaron Shvarts
Chief Security
Chief Security Officer
Officer
MSC Technology
MSC Technology North
North America
America
Please evaluate this session
Your feedback is important to us!

Please evaluate this session through

MyEvaluations on the mobile app
or website.
Download the app:
https://aka.ms/ignite.mobileapp
Go to the website:
https://myignite.techcommunity.microsoft.com/evaluations
 Visit aka.ms/MicrosoftIgnite2019/BRK3187
Find this session
in Microsoft Tech  Download slides and resources
 Access session recordings in 48 hours
Community  Ask questions & continue the conversation
© Copyright Microsoft Corporation. All rights reserved.