Cloud Defense Strategies with Azure Sentinel
66,99 €
Sofort verfügbar, Lieferzeit: Sofort lieferbar
Cloud Defense Strategies with Azure Sentinel, Apress
Hands-on Threat Hunting in Cloud Logs and Services
Von Marshall Copeland, im heise Shop in digitaler Fassung erhältlich
Produktinformationen "Cloud Defense Strategies with Azure Sentinel"
Use various defense strategies with Azure Sentinel to enhance your cloud security. This book will help you get hands-on experience, including threat hunting inside Azure cloud logs and metrics from services such as Azure Platform, Azure Active Directory, Azure Monitor, Azure Security Center, and others such as Azure Defender's many security layers.
This book is divided into three parts. Part I helps you gain a clear understanding of Azure Sentinel and its features along with Azure Security Services, including Azure Monitor, Azure Security Center, and Azure Defender. Part II covers integration with third-party security appliances and you learn configuration support, including AWS. You will go through multi-Azure Tenant deployment best practices and its challenges. In Part III you learn how to improve cyber security threat hunting skills while increasing your ability to defend against attacks, stop data loss, prevent business disruption, and expose hidden malware. You will get an overview of the MITRE Attack Matrix and its usage, followed by Azure Sentinel operations and how to continue Azure Sentinel skill improvement.
After reading this book, you will be able to protect Azure resources from cyberattacks and support XDR (Extend, Detect, Respond), an industry threat strategy through Azure Sentinel.
WHAT YOU WILL LEARN
* Understand Azure Sentinel technical benefits and functionality
* Configure to support incident response
* Integrate with Azure Security standards
* Be aware of challenges and costs for the Azure log analytics workspace
WHO THIS BOOK IS FOR
Security consultants, solution architects, cloud security architects, and IT security engineers
MARSHALL COPELAND is a Senior Consultant focused on Cyber Security in Azure public cloud defensive deployments using Azure cloud native and third-party cyber solutions. His work focuses on security in customers hybrid cloud deployments, Secure DevOps and security partner cloud integrations that enhance “blue team hunting” efficiencies. Marshall currently works at Microsoft Corporation supporting enterprise customers security teams using Azure security services for hybrid network security management and data protection. He previously worked in cloud security roles at Optiv Security, and Salesforce. PART I (PAGE COUNT 100)
GOALS: Introduction to Azure Sentinel es with technical featurthat benefit the business. Initial configuration using Azure subscription data connectors, discuss 3rd party integration and alignment with other Azure Security Services. XDR introduction, why it is an industry standard and how to use it in Sentinel.
SUB-TOPICS
1. Overview of Technical Features
2. Benefit and cost support for the business, initial configuration
3. Azure Defender support into Azure Sentinel
4. Azure Security Center support into Azure Sentinel
CHAPTER 1 AZURE SENTINEL OVERVIEW
Platform benefits, SOC security reference, alignment to Cyber framework, Log Analytics planning, cost structure
CHAPTER 2 OTHER AZURE SECURITY SERVICES
Azure Monitor, Azure Security Center, Azure Defender, working together to support Azure Sentinel
CHAPTER 3 AZURE SENTINEL XDR CAPABILITIES
Integration with Azure Security standards, protection for additional Azure workloads, guidance for XDR and how it should be used to modernize security operations.
PART II (PAGE COUNT 100)
GOALS: Deployment best practices, platform integration and support for AWS
SUB - TOPICS
1. Enable integration with 3rd party security appliances
2. Configure support for AWS
3. Multi-Azure Tenant deployment best practices
CHAPTER 4 DATA CONNECTION
Single Tenant: Data connectors native, Log Analytics storage options, 3rd party data, KQL validation processes, AWS connection, Service NOW integration
CHAPTER 5 THREAT INTELLIGENCE (TI)
TI connectors and feeds, Sentinel Workbooks introduction, Sentinel Notebook usage, Python integration
CHAPTER 6 MULTI-TENANT ARCHITECTURE
Challenges and cost of Azure log analytics workspace, KQL modification requirements, SOC alignment needed
PART III (PAGE COUNT 100)
GOALS: Improve Cyber Security Threat Hunting Techniques
SUB - TOPICS:
1. Threat Hunting with KQL Language deep dive with examples
2. Integration with MITRE attack Matrix and support for TAXII
3. Data flow examples: User logon, track and validate. Stop network connection to China, etc.
4. Configuration changes needed for multiple Sentinel deployments
CHAPTER 7 THREAT HUNTING WITH AZURE SENTINEL
KQL Hunting introduction, custom queries, Sentinel bookmarks, Sentinel notebooks
CHAPTER 8 INTRODUCTION TO MITRE MATRIX
MITRE Attack Matrix overview and usage, STIX defined, TAXII defined, free TI -vs- service SLA
CHAPTER 9 AZURE SENTINEL OPERATIONS
Daily, Weekly, Monthly tasks, SOC engineer alignment, Continued SOC operations support from official Microsoft supported forum
CHAPTER APPENDIX:
CHAPTER GOAL: WHERE TO GAIN ADDITIONAL KNOWLEDGE FOR AZURE SENTINEL
NO OF PAGES: 20
SUB - TOPICS:
1. Guidance to continue Azure Sentinel skill improvement
2. Relating information to Cyber Security standards
This book is divided into three parts. Part I helps you gain a clear understanding of Azure Sentinel and its features along with Azure Security Services, including Azure Monitor, Azure Security Center, and Azure Defender. Part II covers integration with third-party security appliances and you learn configuration support, including AWS. You will go through multi-Azure Tenant deployment best practices and its challenges. In Part III you learn how to improve cyber security threat hunting skills while increasing your ability to defend against attacks, stop data loss, prevent business disruption, and expose hidden malware. You will get an overview of the MITRE Attack Matrix and its usage, followed by Azure Sentinel operations and how to continue Azure Sentinel skill improvement.
After reading this book, you will be able to protect Azure resources from cyberattacks and support XDR (Extend, Detect, Respond), an industry threat strategy through Azure Sentinel.
WHAT YOU WILL LEARN
* Understand Azure Sentinel technical benefits and functionality
* Configure to support incident response
* Integrate with Azure Security standards
* Be aware of challenges and costs for the Azure log analytics workspace
WHO THIS BOOK IS FOR
Security consultants, solution architects, cloud security architects, and IT security engineers
MARSHALL COPELAND is a Senior Consultant focused on Cyber Security in Azure public cloud defensive deployments using Azure cloud native and third-party cyber solutions. His work focuses on security in customers hybrid cloud deployments, Secure DevOps and security partner cloud integrations that enhance “blue team hunting” efficiencies. Marshall currently works at Microsoft Corporation supporting enterprise customers security teams using Azure security services for hybrid network security management and data protection. He previously worked in cloud security roles at Optiv Security, and Salesforce. PART I (PAGE COUNT 100)
GOALS: Introduction to Azure Sentinel es with technical featurthat benefit the business. Initial configuration using Azure subscription data connectors, discuss 3rd party integration and alignment with other Azure Security Services. XDR introduction, why it is an industry standard and how to use it in Sentinel.
SUB-TOPICS
1. Overview of Technical Features
2. Benefit and cost support for the business, initial configuration
3. Azure Defender support into Azure Sentinel
4. Azure Security Center support into Azure Sentinel
CHAPTER 1 AZURE SENTINEL OVERVIEW
Platform benefits, SOC security reference, alignment to Cyber framework, Log Analytics planning, cost structure
CHAPTER 2 OTHER AZURE SECURITY SERVICES
Azure Monitor, Azure Security Center, Azure Defender, working together to support Azure Sentinel
CHAPTER 3 AZURE SENTINEL XDR CAPABILITIES
Integration with Azure Security standards, protection for additional Azure workloads, guidance for XDR and how it should be used to modernize security operations.
PART II (PAGE COUNT 100)
GOALS: Deployment best practices, platform integration and support for AWS
SUB - TOPICS
1. Enable integration with 3rd party security appliances
2. Configure support for AWS
3. Multi-Azure Tenant deployment best practices
CHAPTER 4 DATA CONNECTION
Single Tenant: Data connectors native, Log Analytics storage options, 3rd party data, KQL validation processes, AWS connection, Service NOW integration
CHAPTER 5 THREAT INTELLIGENCE (TI)
TI connectors and feeds, Sentinel Workbooks introduction, Sentinel Notebook usage, Python integration
CHAPTER 6 MULTI-TENANT ARCHITECTURE
Challenges and cost of Azure log analytics workspace, KQL modification requirements, SOC alignment needed
PART III (PAGE COUNT 100)
GOALS: Improve Cyber Security Threat Hunting Techniques
SUB - TOPICS:
1. Threat Hunting with KQL Language deep dive with examples
2. Integration with MITRE attack Matrix and support for TAXII
3. Data flow examples: User logon, track and validate. Stop network connection to China, etc.
4. Configuration changes needed for multiple Sentinel deployments
CHAPTER 7 THREAT HUNTING WITH AZURE SENTINEL
KQL Hunting introduction, custom queries, Sentinel bookmarks, Sentinel notebooks
CHAPTER 8 INTRODUCTION TO MITRE MATRIX
MITRE Attack Matrix overview and usage, STIX defined, TAXII defined, free TI -vs- service SLA
CHAPTER 9 AZURE SENTINEL OPERATIONS
Daily, Weekly, Monthly tasks, SOC engineer alignment, Continued SOC operations support from official Microsoft supported forum
CHAPTER APPENDIX:
CHAPTER GOAL: WHERE TO GAIN ADDITIONAL KNOWLEDGE FOR AZURE SENTINEL
NO OF PAGES: 20
SUB - TOPICS:
1. Guidance to continue Azure Sentinel skill improvement
2. Relating information to Cyber Security standards
Artikel-Details
- Anbieter:
- Apress
- Autor:
- Marshall Copeland
- Artikelnummer:
- 9781484271322
- Veröffentlicht:
- 01.10.21