Foreword
I was so pleased to hear that Yuri and Tom were teaming up to write another book on Security. I found their first book about Azure core security, “Microsoft Azure Security Infrastructure” riveting. I read it cover to cover twice, recommending it to anyone interested in learning more about security in Azure.
This book extends that work. It will teach you all you want to know about how to use Azure Security Center—the security solution to get visibility and control and prevent and detect threats in your Azure subscriptions. Security Center is a critical solution for organizations using a cloud workload protection (CWP) solution, as indicated by Gartner in their CWP Magic Quadrant. And because the classic security perimeter we relied upon is gone with the migration of datacenter workloads into public clouds, which are a new security paradigm. Also, the integration with Log Analytics means you can use Azure Security Center for your machines on-premises, in a private datacenter, or in another cloud as long as the monitoring agent is installed on your machines. This will simplify your life, and I trust you’ll come to rely on Azure Security Center as your primary dashboard and alerting engine for years to come.
No industry is immune to cyberattacks. This book is relevant for everyone working with cloud computing and information security. Given the cybersecurity landscape as it exists today and the criticality of the information digital age, we need to assume breach as a mindset and think about what capabilities we used to detect adversarial activity or malicious insiders in our networks rather than over-relying on thwarting attackers at the front door. Gone are the days when it was acceptable to turn a blind eye to risk. If you don’t know what you don’t know, it’s impossible to take action. Prevention is of the utmost importance. However, the ability to detect and control is paramount. Simple, intuitive, and intelligent investigation capabilities are a must to support SecOps teams that are flooded in a sea of alerts, as well as Incident Response (IR) teams.
This book will help you plan, onboard, and learn how to effectively use Security Center to detect and investigate threats in your Azure subscriptions (or alternately your datacenter workloads). You’ll also learn how to integrate with other solutions like Azure Active Directory Identity Protection Center. You’ll also learn how to export your logs to a SIEM should you choose to do so. I sincerely hope that you are energized by this book and that you will be spurred to action by following its best practices and recommendations.
After reading this book, you will have a better understanding of what Security Center is and how to incorporate it into your security operations center. Yuri and Tom were inspired to write this book because many customers have asked for a one-stop resource that teaches you how to install and operate Security Center. This book is written with the security analysts, architects, cloud operators, and IT professionals in mind.
If you’ve read Tom’s work previously, you’ll know he’s a long-term, experienced, and seasoned security veteran and author. He’s also a senior program manager on the Azure Security Engineering team. Follow him on Twitter and read his blogs if you’d like to learn more. He’s a wealth of knowledge and wisdom from his days working on-premises and his journey to the cloud.
Yuri is another well-established writer in his own right, and he has published document after document in his former role as a content writer for Azure Security. He’s recently joined my team working as a senior program manager, supporting customers’ and partners’ success using Microsoft’s cloud and enterprise security products and services. He’s a wealth of information and excels at simplifying the complex.
Dig in.
Hayden Hainsworth
Director of Engineering – Program Management
Microsoft Cybersecurity Engineering