Link Search Menu Expand Document

Azure Landingzone Protect

Table of contents

Introduction

Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You must make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services, and make sure you’re on top of your security posture.

SKU’s

Feature Azure Landingzone Protect
Protect against malicious activities related to Azure Key vault +
Protection against malicious usage of Azure Storage Accounts +
Protection against spreading malware through Azure Storage Accounts +
Protection against malicious Azure Resource Manager activities +
Protection against network-related threats +
Compliant with NEN & ISO +
24/7 alert and incident follow-up +

*this product can not be enabled in combination with a Vidara Light SKU.

Features

Azure Key Vault is a cloud service that safeguards encryption keys and secrets like certificates, connection strings, and passwords. Wortell MDR uses Defender for Azure Key Vault and Azure Sentinel to hunt, scan and respond to malicious activities related to Azure Key Vault.

Protection against malicious usage of Azure Storage Accounts

One of the most used resources in Azure is Azure Storage Accounts. Azure Storage Accounts are often used in combination with other resources to store application data, logs, backups, etc. When not configured and monitored correctly, data on storage accounts can be accessed through the public internet.

Wortell uses Azure Defender for Storage in combination with Azure Sentinel to protect Azure Storage Accounts. Azure Defender for Storage is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your storage accounts.

As part of this feature, your environment will get protected against the following Azure Storage Account related threats:

  • Access from suspicious IP addresses (anonymous IP addresses and TOR)
  • Anonymous scan of public storage containers
  • Phishing content hosted on a storage account
  • Distribution of malware through Storage Accounts
  • Potentially sensitive data that is publicly accessible

Protection against spreading malware through Azure Storage Accounts

Worms and other vehicles that can be used to spread malware can make use of Azure cloud infrastructure to host malware. Files that contain malware could be uploaded to an Azure Storage Account and from there being downloaded on victim PCs. Wortell uses Azure Defender for Storage and Azure Sentinel to detect and respond to these kinds of threats. Wortell will respond to the following malicious activities:

  • Malware is getting uploaded to an Azure Storage Account
  • A storage account is identified as a source for distributing malware

Protection against unauthorized malicious Azure Resource Manager activities

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

The cloud management layer is a crucial service-connected to all your cloud resources. Because of this, it is also a potential target for attackers. Wortell uses Azure Resource Manager defender and Azure Sentinel to detect and respond to Azure Resource Manager-related threats.

Protection against unauthorized malicious Azure Resource Manager activities

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

The cloud management layer is a crucial service-connected to all your cloud resources. Because of this, it is also a potential target for attackers. Wortell uses Azure Resource Manager defender and Azure Sentinel to detect and respond to Azure Resource Manager-related threats.

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is like a traditional network that you’d operate in your data center but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Wortell uses Azure Defender in combination with Azure Sentinel and the Vidara HoneyNetwork to detect and respond to network-related threats in Azure.

Compliant with NEN & ISO

ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Using it enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.

24/7 alert and incident follow-up

Cloud Services are important, and attacks are happening during the day and nighttime. Therefore, Wortell has a team of cybersecurity engineers available 24/7.

Wortell has organized the availability of the experts as follows:

  • Tier 1: Eyes on-screen during business hours and outside of business hours
  • Tier 2: Eyes on-screen during business hours, stand-by outside of business hours
  • Tier 3: Eyes on-screen during business hours, stand-by outside of business hours

Cost Calculation

The cost will be calculated based on the number of storage accounts and key vaults present in the Azure environment. Once per month the number of resources (key vaults and storage accounts) in Microsoft Azure will get fetched.

License Requirements

The following prerequisites need to be met to deliver this service: • Azure Defender for Storage needs to be activated • Azure Defender for Key Vault needs to be activated • Azure Defender for Azure Resource Manager needs to be activated.

Microsoft Licenses are not part of Wortell Protect and need to be purchased separately.

Product Requirements

The following requirements are necessary before onboarding this product to our MDR service:

Requirements MoSCoW
Microsoft Defender for Cloud is configured and in use Must have
All resources in scope (keyvaults, storage accounts, etc.) are connected to Defender for Cloud Must have