Azure Landingzone Protect
Table of contents
-
Azure Landingzone Protect
- Table of contents
- Introduction
- SKU’s
-
Features
- Protect against malicious activities related to Azure Key vault
- Protection against malicious usage of Azure Storage Accounts
- Protection against spreading malware through Azure Storage Accounts
- Protection against unauthorized malicious Azure Resource Manager activities
- Protection against unauthorized malicious Azure Resource Manager activities
- Protection against network-related threats
- Compliant with NEN & ISO
- 24/7 alert and incident follow-up
- Cost Calculation
- License Requirements
- Product Requirements
Introduction
Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You must make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services, and make sure you’re on top of your security posture.
SKU’s
Feature | Azure Landingzone Protect |
---|---|
Protect against malicious activities related to Azure Key vault | + |
Protection against malicious usage of Azure Storage Accounts | + |
Protection against spreading malware through Azure Storage Accounts | + |
Protection against malicious Azure Resource Manager activities | + |
Protection against network-related threats | + |
Compliant with NEN & ISO | + |
24/7 alert and incident follow-up | + |
*this product can not be enabled in combination with a Vidara Light SKU.
Features
Protect against malicious activities related to Azure Key vault
Azure Key Vault is a cloud service that safeguards encryption keys and secrets like certificates, connection strings, and passwords. Wortell MDR uses Defender for Azure Key Vault and Azure Sentinel to hunt, scan and respond to malicious activities related to Azure Key Vault.
Protection against malicious usage of Azure Storage Accounts
One of the most used resources in Azure is Azure Storage Accounts. Azure Storage Accounts are often used in combination with other resources to store application data, logs, backups, etc. When not configured and monitored correctly, data on storage accounts can be accessed through the public internet.
Wortell uses Azure Defender for Storage in combination with Azure Sentinel to protect Azure Storage Accounts. Azure Defender for Storage is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your storage accounts.
As part of this feature, your environment will get protected against the following Azure Storage Account related threats:
- Access from suspicious IP addresses (anonymous IP addresses and TOR)
- Anonymous scan of public storage containers
- Phishing content hosted on a storage account
- Distribution of malware through Storage Accounts
- Potentially sensitive data that is publicly accessible
Protection against spreading malware through Azure Storage Accounts
Worms and other vehicles that can be used to spread malware can make use of Azure cloud infrastructure to host malware. Files that contain malware could be uploaded to an Azure Storage Account and from there being downloaded on victim PCs. Wortell uses Azure Defender for Storage and Azure Sentinel to detect and respond to these kinds of threats. Wortell will respond to the following malicious activities:
- Malware is getting uploaded to an Azure Storage Account
- A storage account is identified as a source for distributing malware
Protection against unauthorized malicious Azure Resource Manager activities
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
The cloud management layer is a crucial service-connected to all your cloud resources. Because of this, it is also a potential target for attackers. Wortell uses Azure Resource Manager defender and Azure Sentinel to detect and respond to Azure Resource Manager-related threats.
Protection against unauthorized malicious Azure Resource Manager activities
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.
The cloud management layer is a crucial service-connected to all your cloud resources. Because of this, it is also a potential target for attackers. Wortell uses Azure Resource Manager defender and Azure Sentinel to detect and respond to Azure Resource Manager-related threats.
Protection against network-related threats
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is like a traditional network that you’d operate in your data center but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
Wortell uses Azure Defender in combination with Azure Sentinel and the Vidara HoneyNetwork to detect and respond to network-related threats in Azure.
Compliant with NEN & ISO
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS). Using it enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details, or information entrusted by third parties.
24/7 alert and incident follow-up
Cloud Services are important, and attacks are happening during the day and nighttime. Therefore, Wortell has a team of cybersecurity engineers available 24/7.
Wortell has organized the availability of the experts as follows:
- Tier 1: Eyes on-screen during business hours and outside of business hours
- Tier 2: Eyes on-screen during business hours, stand-by outside of business hours
- Tier 3: Eyes on-screen during business hours, stand-by outside of business hours
Cost Calculation
The cost will be calculated based on the number of storage accounts and key vaults present in the Azure environment. Once per month the number of resources (key vaults and storage accounts) in Microsoft Azure will get fetched.
License Requirements
The following prerequisites need to be met to deliver this service: • Azure Defender for Storage needs to be activated • Azure Defender for Key Vault needs to be activated • Azure Defender for Azure Resource Manager needs to be activated.
Microsoft Licenses are not part of Wortell Protect and need to be purchased separately.
Product Requirements
The following requirements are necessary before onboarding this product to our MDR service:
Requirements | MoSCoW |
---|---|
Microsoft Defender for Cloud is configured and in use | Must have |
All resources in scope (keyvaults, storage accounts, etc.) are connected to Defender for Cloud | Must have |