When to use what – Azure Sentinel, CASB, Azure Security Center, Security & Compliance Center in Office 365, etc.
Many
customers using Microsoft Cloud Services in the context of collaboration und
communication often asked the “When to use what” question. Meanwhile we had
several really good methods and tools to answer this question like the Periodic Table of Office 365. At the end it is not about when to use what,
it is about “what do you want to do” or “what is your business case”? And this
is the same with the Microsoft Security Features & Services.
Features & Services
Microsoft
Azure Sentinel is a cloud-native SIEM solution with advanced AI and security
analysis capabilities.
Microsoft
Cloud App Security is a multimode Cloud Access Security Broker (CASB). It
provides rich visibility, control over data travel, and sophisticated analytics
to identify and combat cyberthreats across all your cloud services. Further
infos about CASB
Azure
Security Center provides unified security management and advanced threat
protection across hybrid cloud workloads.
Office
365 Security & Compliance Center is designed to manage security & compliance
features across Office 365. Links to existing SharePoint and Exchange
compliance features bring together compliance capabilities across Office 365.
Microsoft
Intune is a management solution that provides mobile device, endpoint and operating
system management. It aims to provide Unified Endpoint Management for corporate
devices and BYOD.
Azure
Active Directory (Azure AD) is Microsoft’s cloud-based identity and access
management service. It covers resources, such as Microsoft Office 365, the
Azure portal, and thousands of other SaaS applications along with any cloud
apps developed by your own organization.
Microsoft
Information Protection helps an organization to classify and protect its
documents and emails by applying labels. It helps you discover, classify, label
and protect your sensitive information – wherever it lives or travels. Further
infos about Information
Protection
Protect
your enterprise from threats in the cloud and on-premises with Azure Advanced
Threat Protection. ATP is a cloud-based security solution that leverages your
on-premises Active Directory signals to identify, detect, and investigate
advanced threats, compromised identities, and malicious insider actions
directed at your organization.
Microsoft
Defender Advanced Threat Protection (ATP) is a unified platform for
preventative protection, post-breach detection, automated investigation, and
response. Microsoft Defender ATP is built into Windows 10.
Typic discussions with customers
Azure Sentinel vs. Azure Security Center
Azure Security Center is focusing on Azure workloads. Azure Sentinel is used to for real-time event and detecting attacks covering your hole architecture.
Quote
by Microsoft: To reduce confusion and simplify the user experience, two of
the early SIEM-like features in Security Center, namely investigation flow in
security alerts and custom alerts will be removed in the near future.
Individual alerts remain in Security center, and there are equivalents for both
security alerts and custom alerts in Azure Sentinel. Going forward, Microsoft
will continue to invest in both Azure Security Center and Azure Sentinel. Azure
Security Center will continue to be the unified infrastructure security
management system for cloud security posture management and cloud workload
protection. Azure Sentinel will continue to focus on SIEM. Source: Securing the hybrid cloud with Azure
Security Center and Azure Sentinel
Azure Security Center vs. Security and Compliance Center in Office 365
The Office 365 Security & Compliance Center is designed to help you manage security & compliance features across Office 365. Links to existing SharePoint and Exchange compliance features bring together compliance capabilities across Office 365. Azure Security Center analyzes data from a variety of Microsoft and also partner solutions. To take advantage of this data, machine learning for threat prevention, detection, and eventually investigation. Both services are part of the Microsoft Service Trust PlatformAzure Sentinel vs. CASB
Azure Sentinel is a SIEM solution with advanced AI and security analysis capabilities. It integrates with third-party security platforms from vendors such as Fortinet, Symantec and Check Point, as well as Microsoft's Graph Security API. By connecting with Microsoft Cloud App Security, you will gain visibility into your cloud apps, get sophisticated analytics to identify and combat cyberthreats, and control how your data travels.Office 365 Security Features vs. Intune
Microsoft Intune and built-in security features in Office 365 for MDM both give you the ability to manage security & compliance in your environment. You can manage security & compliance using both Intune and Office 365 in the same Office 365 tenant. If you have both options available, you can choose whether you manage security & compliance in Office 365 or the more feature-rich Intune solution for MDM and MAM scenarios.Azure AD vs. Intune
Intune manages mobile devices and apps. It integrates closely with other EMS components like Azure Active Directory for identity and access control.Azure Advanced Threat Protection vs. Microsoft Defender ATP
Azure Advanced Threat Protection enables you to integrate Azure ATP with Windows Defender ATP. While Azure ATP monitors the traffic on your domain controllers, Windows Defender ATP monitors your endpoints, together providing a single interface from which you can protect your environment. By integrating Windows Defender ATP into Azure ATP, you can leverage the full power of both services and secure your environment. Source & Details: Integrate Azure ATP with Windows Defender ATPRoundup
As you can
see all this features work together like for example Microsoft Defender Advanced Threat
Protection integration with Microsoft Cloud App Security or Azure Information Protection
integration with Cloud App Security So trying to find the best tool / solution for
your enterprise only discussing the detailed features isn’t the best way.
How to get started
To get a solid Security & Compliance
strategy based on the Microsoft Security Stack the best way is to start with
your scenarios. Dealing with the Microsoft Security Stack a best practices
approach is to separate the topics like this:
Next step is to map the scenarios:
- Protect at the front door
- Protect your data anywhere
- Detect & remediate attacks
to those 4 categories / topics:
- Identity and access management
- Mobile device & app management
- Information protection
- Threat protection
Periodic table & mapping
Microsoft offers a good overview to tweak your scenarios in this article Top 10 Actions to Secure Your Environment. Based on this the following overview offers a blueprint to get started with your security strategy:Architecture
Roundup
From a
planning and architecture perspective the features and services must be
separated in monitoring solution and solution used to natively setup
regulations and policies.
For example: You can use Information Protection to protect
you content and E-Mails and in addition you can integrate the Logs and Signals coming
from Information Protection to Azure Sentinel. But natively you cannot use
Azure Sentinel to protect you content and E-Mails.
So
at the end it is all about your scenarios!
Wow! This could be one particular of the most useful blogs We have ever arrive across on this subject. Basically Magnificent. I am also a specialist in this topic therefore I can understand your effort
AntwortenLöschenCloud Business Management Software Suite
Protect your enterprise from threats in the cloud and on-premises with Azure Advanced Threat Protection Cloud Security Projects For Final Year . ATP is a cloud-based security solution cyber security projects for students that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider Information Security Projects For Final Year actions directed at your organization.
LöschenDer Kommentar wurde von einem Blog-Administrator entfernt.
AntwortenLöschenYou've provided some very useful information about cisco training online. I'm glad I came into this article because it provides a lot of important information. Thank you for sharing this story with us.
AntwortenLöschenI really like it whenever people come together and share thoughts. Great post, keep it up.
AntwortenLöschenDP-090T00: Implementing a Machine Learning Solution with Microsoft Azure Databricks
AntwortenLöschenExcellent post, Its really friendly article... good working
NextUp TextAloud Crack
MusicLab RealStrat Crack
BETTERNET VPN PREMIUM Crack
Windows Vista Crack
Thank you for this wonderful post. It is very informative and useful. DP-060T00: Migrate NoSQL workloads to Azure Cosmos DB
AntwortenLöschen