Azure Unblogged - Security

Hey, everybody. Stay tuned today where I’m going to be interviewing Yuri from the Azure Security Center team, and we’ll be talking about Azure Security Center, Azure Defender. Also Yuri is going to share some of his tips on how to actually study and pass the AZ-500 exam. [MUSIC]. >> Welcome to today’s Azure Unblogged. I am joined by Yuri from the Azure Security Team. Welcome to the show today, Yuri. >> Hey, thank you very much for having me here today, Sarah. >> Awesome. Security is one of those big topics that regardless of what size of organization you are and what technologies you’re using, you have to think about.

00:43 - But if your organization is starting their security strategy and they happen they think about it, where can they actually start? What’s the best point and starting for them? >> Assuming that this journey is starting with the Cloud, they usually are migrating to the Cloud, what they usually need is visibility and control. They need to be able to, as they start migrating those resources to the Cloud, understand the security posture of each workload, how well configured those workloads are from the hardening best-practice perspective, and making sure that overtime they continue to increase that security posture. That’s where Azure Security Center can add a lot of value is by helping them to have the right visibility, the right control, and ensuring that they are moving in the right direction to enhance the overall security posture. >> You mentioned Azure Security Center, and I definitely want to talk about that because it’s a great tool. I’ve used it for some of my code developments and deployments with customers.

01:52 - But if a customer is moving from on-prem to the Cloud, they probably have some security products, or features, or something enabled, already. Does Azure Security Center compliment that? Is it a replacement? Where does that set on that journey for a customer migrating, Yuri? >> It really depends. It really depends what they use. Because one thing that the customer have to realize is that by moving to the Cloud, the threat landscape change quite drastically actually. The workloads, the security controls that they used to have on-prem for those workloads might not be fully applicable. Some security controls they can preserve, like, if it is a VM, then it’s quite obvious that the antimalware that they are using can be preserved on that VM.

02:41 - But if it is a storage, if it is a database, then they might start to looking at the options that are available in security center to replace the security controls because the on-prem security controls are not probably applicable or does not really leverage the power of the Cloud. Because the whole advantage of using native security controls in Azure Security Center is because it’s built in Azure. So it uses the entire elasticity, all of these signals and sensors that we have available in Azure. >> An Azure Security Center is obviously native to Azure and works great with our Azure products, but it can also work back to the way it can’t as well. It can also help secure and add some security protocols to your on-prem resources as well. Is that right? >> Yeah.

The Azure Security Center 03:33 - in order to utilize in a hybrid environment, which means on-prem or even other Cloud providers, they have to upgrade to Azure Defender. It’s used to be called Azure Security Center Standards Tier. After Ignite, we rebrand the whole product. Part of it is continued to be called Azure Security Center, but Azure Security Center now is a free tier, and when you upgrade, goes to Azure Defender. The Azure Defender capabilities are the ones that can be leveraged for on-prem or different Cloud providers as well.

04:06 - >> That was a question I actually wanted to ask you because I heard Azure Defender mentioned, I ignored but I wasn’t sure if it was a new product or a name change, but I think from what you’re saying there is actually just a name change and what we’ve already been offering customers. Is that right or if I got it wrong there? >> Yeah. I understand the confusion. Many people said, “I heard you had tire Azure Security Center.” The answer is no. That is only one single [inaudible]. Is Cloud Security Center. The chain on the strategy it was to keep seamless experience for the defender branding. You have Azure Defender for servers, you have Azure Defender for Kubernetes. You have Azure Defender for storage.

04:48 - The branding is for the threat detection perspective. Now, when you upgrade from free, it is no more the concept of standards tier. Now, the concept is is Azure Defender because now you have the whole package of threat detection for the different workloads. Azure Defender is part of Security Center. Azure Defender is not a different products. Azure Defender belongs to the, is just like you set umbrella, is just the upgraded version. >> Cool. That clears the opposite. Thank you for that. This year, I have no issue if you launched a tons of new features and additions within Azure Security Center. I think I’m off top of my head that I remember you added Asset Inventory and Secure Score at Multi-Cloud Support. What’s been your favorite new feature that you’ve added to Azure Security Center, Yuri? >> I always look Azure Security Center in two major pillars. The Cloud Security Posture Management, CSPM and the Cloud Workload Protection Platform, the CWPP, which is Azure Defender.

05:50 - From the CSPM perspective, I think that the inventory is actually one of the major ones. It’s really easy to search and to query for different resources, the current status. Also, the integration with Azure Resource Graph is very powerful. So you can start the inventory using that dashboard, and if you needed to go deeper and create different filters, then you can just click on “Open Query in org.” Everything that you see on the screen, it will be used as a baseline to create a different query in org. That’s very powerful. I really like that capability as well.

06:34 - We recently released and actually this was this week, last week actually, the capability to export the Secure Score through the Log and IaaS workspace, which is using the continuous export feature. Now, you’re using the continuous export. You can export the the Secure Score, which is also something that I like. The capabilities to query the Security Score via Azure Resource Graph is very powerful as well. These are the things that from the CSPM perspective, it helps a lot customers to have visibility and to track progress over time. Now, from from the Cloud Workload Protection Platform, one of the things that we release at Ignite is the continuous assessment of ACRs, Container Registries and we continue to improve on our threat detections. We release it.

07:39 - Recently the threat detections for SQL anywhere, which means that you can have SQL on your machine in AWS or GCP by onboarding that SQL using Azure Arc. You will be able to use azure Defender for SQL. That’s why we call it anywhere, because it can be any Cloud provider, on-prem or in Azure. We’re going to have threat detection and whatnot. >> Awesome. It sounds brilliant. Now, I know you’ve written tons and tons of books in the past and I think you’ve got a new book. It’s either out or coming out. Yuri, is that right? >> Yeah.

The new book is 08:18 - the AZ-500 exam for Microsoft, the official one. It got delay a little bit because towards the end of September, we had another update on the exam. It was a minimal update, but we had to readjust the book. The book was almost ready. It was actually going to be released in October. There’s updates, “Hey, we have a new update on the exam objectives,” and we have to basically restructure a part of the book because they remove some stuff, they add some other stuff.

08:55 - But again, it caused delay and the book is now available for pre-order at MicrosoftPressStore.com, in Amazon as well. The dates should be released, will be now December between 25th and 28th. Around Christmas time. >> Awesome. I have to admit the AZ-500 exam is still one that I haven’t attempted yet, Yuri. Do you have any tips for me in terms of why I should be thinking about? If people are thinking about the AZ-500 exam, who should be thinking about it? Is it for IT Pros, devs, and everybody? What’s your take on that? >> Well, ideally, everyone that works with security should be taking the exam. That’s point number one. But if you think broadly, everyone needs to know a little bit of security.

09:47 - Ideally, the dev, when he is creating his application, he should think about security and develop a secure code. The exam is very well formatted for the IT Pro that also needs the security skills. It’s very infrastructure-oriented. There will be some automations, questions, or using PowerShell Arm templates, things like that. But it’s very heavily on the infrastructure. Now, it is a very broad exam. I know people that’s been working with Azure for a long time that are currently on their third attempt for the exam.

10:30 - I just receive a cup of e-mail, say, “Hey, I need this book to be out now because already, I failed twice,” and I was like, “Okay.” But it is a hard exam. I should be very honest with you, is not easy exam. Usually, people that are very experienced, they still surprise. I actually record a podcast with Sarah Young and Michael and Mark Simos about this. They just passed the exam like border edge because and they were like, “This is a very difficult exam and we are talking about some folks that really no security.” It’s not an anything, is exam. Do not underestimate the exam.

11:19 - There’s a lot of Azure Policy and I think the challenge of the exam is the breadth. Is very broad, the scope. You have to know Azure firewall, you have no Security Sentinel, Azure Blueprint, Azure Policy, VPN, networking. It’s very broad. It covers a lot of things. All those things are covered from the infrastructure/security standpoint. Do a lot of hands-on, try to do some hands-on because if you just study from the theory perspective, you might miss some points that you only see when you start doing some hands-on. >> Awesome. I think that’s an opportunity over my my Christmas holidays, then getting some hands-on experience for AZ-500.

12:07 - Thank you so much, Yuri, for your time today. I really appreciate it and you’ve cleared up some of those misconceptions I had around some of the products and our security range. If you want to check out any of the resources or products that Yuri mentioned, please do check our short description notes where we’ll be posting some links and remember to subscribe and link for channel for future content as well. Cheers, everybody. [MUSIC] .