If you are working in a cyber-security field where DevOps is involved, you probably heard about shift-left security. Shift-left security is just basically to move security assessment or verification sooner in the development process so you wouldn’t waste time to remediate security findings before the product or application is released to the production environment.
Specific to Azure, the new CI/CD integration to scan container images in Azure Security Center has come to my attention. In this article, let’s explore this feature and how to perform a PoC to demonstrate it to your team or customer. The article will also provide step-by-step guidance on how to make the PoC done.
Recently I was asked to help a colleague of mine on a policy named “Azure SQL Server auditing should be enabled“. He deployed an ARM template to enable auditing but the deployment didn’t reflect the setting in Azure Portal.
In this article, let’s look into the problem the colleague had. We will also modify the built-in policy to make it more useful.
Backup would be the last hope for you in an attempt of recovering your infrastructure after a cyber attack. Malware doesn’t only steal and exfiltrate data but also scans and deletes your backup. The soft delete feature is designed to address such a concern of data destruction.
In this article, let’s look into some aspects of the soft delete feature in Azure Backup.
There are two different policies in Azure Security Center/Azure Policy scan virtual network resources and DDoS protection plan. Your virtual network resources may fall into the list of non-compliant resources in one of these policies. In this article, let’s demystify the two policies and remediate or justify them in case you are asked by a compliance guy. Continue reading
Watchlist in Azure Sentinel allows you to build your own data from external data sources for correlation with analytics or hunting rules in your Azure Sentinel environment.
In this article, what we are going to do is explore Azure Sentinel Watchlist REST API and then create Azure Role Assignment watchlist.
By default, when creating a new Azure storage account it accepts connections from clients on any network. To limit that, Azure allows you to add a trusted list of virtual network subnets or IP ranges.
This article is not going to walk you through step-by-step guidance on how to add firewall rules to the Azure Storage account. Instead, it will mainly focus on deploy network restriction programmatically in a DevOps environment.
Recently I got a question from a friend regarding Azure Active Directory hybrid identity option. The question was part of his exam in Az-500 Microsoft Azure Security Technologies.
In this article, I’d like to provide a bit about the AAD hybrid identity as well as to clarify something about it.
Giving unplanned role to users or groups is one of the reasons that lead to a security breach. In this article, let’s just look at how we can use Azure Policy to prevent role assignment from being assigned to unattended target users and groups.
Sending logs from Azure virtual machine/virtual machine scale set to different Azure Log Analytics workspace (as known as multi-homing) is a common requirement in a large cloud environment. In the past Azure only supported configuring multi-homing on Windows virtual machine. Azure Log Analytics agent for Linux didn’t support to configure a secondary log analytics workspace.
In this article, let’s look at the new Azure Monitor Agent and data collection approach in Azure that supports multi-homing scenario. The article is based on Azure Monitor Agent preview that might be subject to change in the future.
Data breaches caused by cloud misconfiguration have been seen for the past few years. One of the most common misconfigurations is granting public access to cloud storage service. Such a data is often unprotected, making them to be accessed without any authentication method. Microsoft recently introduced a new protection feature to help avoid public access on storage account. The feature introduces a new property named allowBlobPublicAccess.
In this article, let’s explore the feature as well as how to deploy and monitor it at scale.