Preface
Security is always integrated into a cloud platform and this causes users to let their guard down as they take cloud security for granted. Cloud computing brings new security challenges, but you can overcome these with Microsoft Azure's shared responsibility model.
Mastering Azure Security covers the latest security features provided by Microsoft to identify different threats and protect your Azure cloud using innovative techniques. The book takes you through the built-in security controls and the multi-layered security features offered by Azure to protect cloud workloads across apps and networks. You'll get to grips with using Azure Security Center for unified security management, building secure applications on Azure, protecting the cloud from DDoS attacks, safeguarding sensitive information with Azure Key Vault, and much more. Additionally, the book covers Azure Sentinel, monitoring and auditing, Azure security and governance best practices, and secure resource deployments.
By the end of this book, you'll have developed a solid understanding of cybersecurity in the cloud and be able to design secure solutions in Microsoft Azure.
Who this book is for?
This book is for Azure cloud professionals, Azure architects, and security professionals looking to implement safe and secure cloud services using Azure Security Center and other Azure security features. A fundamental understanding of security concepts and prior exposure to the Azure cloud will assist with understanding the key concepts covered in the book.
What this book covers
Chapter 1, Introduction to Azure Security, covers how the cloud is changing the concept of IT, and security is not an exception. Cybersecurity requires a different approach in the cloud and we need to understand what the differences are, new threats, and how to tackle them.
Chapter 2, Governance and Security, goes into how to create policies and rules in Microsoft Azure in order to create standards, enforcing these policies and rules, and maintaining quality levels.
Chapter 3, Managing Cloud Identities, explains why identity is one of the most important parts of security. With the cloud, identity is even more expressed than ever before. You'll learn how to keep identities secure and safe in Microsoft Azure and how to keep track of access rights and monitor any anomalies in user behavior.
Chapter 4, Azure Network Security, covers how the network is the first line of defense in any environment. Keeping resources safe and unreachable by attackers is a very important part of security. You'll learn how to achieve this in Microsoft Azure with built-in or custom tools.
Chapter 5, Azure KeyVault, explains how to manage secrets and certificates in Azure and deploy resources to Microsoft Azure with Infrastructure as Code in a secure way.
Chapter 6, Data Security, covers how to protect data in the cloud with additional encryption using Microsoft or your own encryption key.
Chapter 7, Azure Security Center, explains how to use ASC to detect threats in Microsoft Azure and how to view assessments, reports, and recommendations in order to increase Azure tenant security. It also looks at how to increase VM security by enabling just-in-time access.
Chapter 8, Azure Sentinel, covers how to use Azure Sentinel to monitor security for your Azure and on-premise resources, including detecting threats before they happen and using artificial intelligence to analyze and investigate threats. Using Azure Sentinel to automate responses to security threats and stop them immediately is also covered.
Chapter 9, Security Best Practices, introduces best practices for Azure security, including how to set up a bulletproof Azure environment, finding the hidden security features that are placed all over Azure, and other tools that may help you increase security in Microsoft Azure.
To get the most out of this book
You will require the following software, which is open source and free to use, except for Microsoft Azure, which is subscription-based and billed based on usage per minute. However, even for Microsoft Azure, a trial subscription can be used.
If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copy/pasting of code.
Download the example code files
You can download the example code files for this book from your account at www.packt.com. If you purchased this book elsewhere, you can visit www.packtpub.com/support and register to have the files emailed directly to you.
You can download the code files by following these steps:
- Log in or register at www.packt.com.
- Select the Support tab.
- Click on Code Downloads.
- Enter the name of the book in the Search box and follow the onscreen instructions.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
- WinRAR/7-Zip for Windows
- Zipeg/iZip/UnRarX for Mac
- 7-Zip/PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Azure-Security. In case there's an update to the code, it will be updated on the existing GitHub repository.
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Download the color images
We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: http://www.packtpub.com/sites/default/files/downloads/9781839218996_ColorImages.pdf.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "How to create a rule to deny traffic over port 22"
A block of code is set as follows:
"policyRule": {
"if": {
"not": {
"field": "location",
"in": "[parameters('allowedLocations')]"
}
},
"then": {
"effect": "deny"
}
}
Any command-line input or output is written as follows:
New-AzResourceGroup -Name "Packt-Security" -Location ` "westeurope"
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Go to the Subnet section under NSG and select Associate."
Tips or important notes
Appear like this.
Get in touch
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Reviews
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.