Security monitoring and remediation in Azure

Regularly monitor resources to maintain the security posture and detect vulnerabilities. Detection can take the form of reacting to an alert of suspicious activity or proactively hunting for anomalous events in the enterprise activity logs. vigilantly responding to anomalies and alerts to prevent security assurance decay, and designing for defense in depth and least privilege strategies.

Checklist

How are you monitoring security-related events in this workload?

  • Use native tools in Azure to monitor the workload resources and the infrastructure in which it runs.
  • Consider investing in a Security Operations Center (SOC), or SecOps team and incident response plan.
  • Monitor traffic, access requests, and application communication between segments.
  • Discover and remediate common risks to improve secure score in Microsoft Defender for Cloud.
  • Use an industry standard benchmark to evaluate the security posture by learning from external organizations.
  • Send logs and alerts to a central security log management for analysis.
  • Perform regular internal and external compliance audits, including regulatory compliance attestations.
  • Regularly test your security design and implementation using test cases based on real-world attacks.

Azure security benchmark

The Azure Security Benchmark includes a collection of high-impact security recommendations. Use them to secure the services and processes you use to run the workload in Azure:

Security Benchmark The questions in this section are aligned to these controls:

Reference architecture

Next step

We recommend applying as many best practices as early as possible, and then working to retrofit any gaps over time as you mature your security program.

Go back to the main article: Security