Aug 25, 2021
Microsoft 365 Defender, Azure Defender, Azure Sentinel One-Page Diagram
In the past we have published individual diagrams for a number of Microsoft cloud security solutions, but in the end we always intended to have the larger picture that can provide analysts with a visual understanding on what type of data is exchanged between various Microsoft security controls and how that data is used to […]
Read More Jul 13, 2021
Mapping of On-Premises Security Controls Versus Services Offered by Major Cloud Providers
We are happy to publish the fifth version of a diagram that started in March 2017, with just AWS and Azure versus On-Premises. The diagram began as an effort to make a translation between the typical on-premises security controls that everybody, more or less, knows what they do and the various services advertised by major […]
Read More Aug 3, 2020
Azure AD Identity Protection Design
Azure AD Identity Protection Design by Adrian Grigorof, CISSP, CISM, CRISC, CCSK , Marius Mocanu, CISSP, CISM, CEH, SCF, Dorian Birsan Last update: August 3rd, 2020 Azure AD Identity Protection (AAIP) is another piece of the Microsoft M365 security stack puzzle, extending the detection of threats related to identities. It provides ability to enforce policies, […]
Read More May 24, 2020
Microsoft Defender Advanced Threat Protection (ATP) Design
Defender ATP is one of the stars of Microsoft’s security stack, with a meteoric rise in Gartner’s Magic Quadrant for endpoint protection. With 6 layers of protection geared towards specific requirements of the modern EDR, it takes advantage of the complementary Microsoft security services, such as Microsoft Cloud App Security, Azure ATP, Azure Information Protection, […]
Read More May 10, 2020
Azure Advanced Threat Protection (ATP) Design
Azure Advanced Threat Protection (ATP) is probably a bit misunderstood as its main purpose is to identify threats in the traditional on-premises Active Directory with the help of multiple sources of information from other security controls that have visibility into various streams of data. It combines information collected from critical Windows event logs, network traffic […]
Read More May 10, 2020
Azure Sentinel Incidents & KPI Dashboards
Since its release in preview mode in February 2019, Azure Sentinel has provided the Incidents blade in its portal as a platform to monitor and manage the situation when the configured use cases (alerts) are triggered. As the product evolved in bounds and leaps, the Incidents features has become more mature and now, combined with […]
Read More May 3, 2020
Microsoft Cloud App Security Design
Microsoft Cloud App Security (MCAS) has been rated as the number 1 leader CASB product in Gartner’s Magic Quadrant in 2019. As part of Microsoft’s cloud security stack, it provides full integration with other M365 security products, such as ATP, Security Center, Defender ATP and Azure Sentinel. It provides deep visibility and control of SaaS-related […]
Read More Apr 27, 2020
Azure Windows Virtual Desktop Security Monitoring
Azure Windows Virtual Desktop (WVD) environment provides desktop and application virtualization, allowing connections from almost any kind of device to either a fully functional Windows 10 desktop or to an application virtualized on a Windows 10 VM. While providing great flexibility, it introduces additional components that require monitoring from a security perspective. Fortunately, the Azure […]
Read More Jul 19, 2019
Mapping of On-Premises Security Controls vs Major Cloud Providers
A mapping at the very high level of on-premises security controls to native cloud services that can be used to replicate their specific role. As the cloud services tend to be more granular and overlapping in functionality, the mapping is at best approximate but it may bring some extra awareness on the options available in […]
Read More Jul 17, 2019
Azure Security Center Components and Relations with Other Services
One of the most common questions that we are receiving about Azure Sentinel is about its functionality compared with Azure Security Center. The diagram below is an attempt to describe the various components of Azure Security Center, its relation with other Azure services, including Azure Sentinel as well as the interaction with non-Azure services and […]
Read More Jun 19, 2019
Azure Cloud Security Stack vs. NIST Cybersecurity Framework
In May 2019, Managed Sentinel released a diagram presenting a mapping of Azure Security services vs on-premises security controls. The cybersecurity community expressed an interest in having the same security controls mapped against the NIST Cybersecurity Framework functions: Identify, Detect, Protect, Respond and Recover. The diagram below provides a high-level view of how various Azure […]
Read More May 28, 2019
On-Premises vs. Azure Cloud Security Stack
In February 2019, Managed Sentinel released a diagram presenting a mapping of on-premises security controls vs. services offered by major cloud services providers. The following diagram follows a similar pattern, focused just on Azure security technologies and including additional information such as free vs. billable Azure services, availability of the 3rd party tools within Azure Marketplace and […]
Read More