Microsoft Security Saturday – 2/22/2020 Part 1

There was so much news this week due to the early releases of RSA announcements required this week’s Security Saturday posts to be broken up into two parts.

As a reminder that you can get Security Saturday posts delivered to your inbox by signing-up here.

Defending the power grid against supply chain attacks—Part 1: The risk definedThis blog series, “Defending the power grid against supply chain attacks,” analyzes how these attacks are conducted and the steps utilities, device manufacturers, and software providers can take to better secure critical infrastructure.

How to operationalize Microsoft Secure Score in your organizationWhen you begin your journey towards operationalizing Secure Score you should treat it like a program that will not have an end date, and one that will continue and evolve over time. In this stage you will work on transitioning your organizations approach to security to a state where security posture management is becoming a top priority and implementing an ongoing program is on its way to mission critical status.

Enable tamper protection in Threat & Vulnerability Management to increase your security postureNow, within the security recommendations section of Threat & Vulnerability Management (TVM), SecOps and security administrators can see a recommendation to turn on tamper protection and then be able to learn more about the recommendation and act on it. This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature.

New Azure Firewall certification and features in Q1 CY2020Azure Firewall is the first cloud firewall service to attain the ICSA Labs Corporate Firewall Certification. For the Azure Firewall certification report, see information here. For more information, see the ICSA Labs Firewall Certification program page.

Azure Firewall Manager now supports virtual networksToday, we are extending Azure Firewall Manager preview to include automatic deployment and central security policy management for Azure Firewall in hub virtual networks.

Moving to unified labeling webinarIn January we ran two webinars talking about moving to unified labeling and why this is something organizations should start planning to do.

Closing an Incident in Azure Sentinel and Dismissing an Alert in Azure Security CenterAs we are exploring automation scenarios within Azure Security , we come across an unsolved mystery. When I use Azure Security Center connector into Azure Sentinel and generate Incidents, what happens when I close my Azure Sentinel Incident, does it close the related Azure Security Center alert? The short of this is it does not. The Azure Sentinel Incident closes but the ASC Alert remains active. You have the option to then dismiss the ASC Alert within the ASC Portal. Sounds like an extra step to keep these systems synchronized.

The Adventure of Automating Azure Security Center Part 1The goal of this first article is to dive and walk through explaining and implementing a simple use case explaining Azure Security Center Workflow Automation which is now in Public Preview. Subsequent articles will dive deeper with more complex automation scenarios in mind. This article is for any person interested in automating Security within Azure but has not been involved or involved a little on Azure platform and Azure Security Center

Scaling Up Syslog CEF CollectionIn the last few months working on Azure Sentinel, many customers have asked me about scaling up syslog CEF collection for getting data into Azure Sentinel.  I have created two sample architectures with code deployment for this purpose.