Microsoft is releasing many new security features and they are investing a lot, this is a very good sign of good commitment for a company.

Of the major security features are Security Center, a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on-premises.

The last arrived, Azure Sentinel, now in preview, it provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.

Behind the scenes, these features are actually providing security automation capabilities with amazing reporting, alerting, running books etcetera and we can do a lot more with the support of the open-source world.

Azure provides great automation capabilities using automation account and blueprint, and other great options are Containers.

I think the containerization is a very powerful option, in azure I use Service Fabric and Docker, in different combinations, depending on the usage.

One good example is the using of great security tools like OWASP ZAP, it provides a very extensive API interface and Docker images.

For Docker hosting, we have several options like Virtual Machine, Service Fabric, and we can use Azure Container Registry with Azure CI.

In docker, we can install ZAP using the command below.

docker pull -t sfpsecuritycontainer.azurecr.io/owasp/zap2docker-stable

We can also use the weekly distribution option for continuous updates.

Run ZAP using the command below

docker run -u zap -p 8080:8080 -i owasp/zap2docker-stable zap.sh -daemon -host 0.0.0.0 -port 8080 -config api.disablekey=true -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true

We can directly browse the API

And try and execute them directly from UI and test them before the usage.

We can scan targets and produce our logs and push our logs in the Azure Workspace, this is to integrate our security tools into assets like Security Center and Sentinel.

Previous articleHACKAZURE – Azure Bastion – What you need to know
Next articleWPC 2019 – Milan
I have +25 years of hands-on experience in Cloud Technologies and Cybersecurity, supporting and driving global companies to adopt technologies in the most secure and profitable way. My cores expertises are Security and Cloud Governance, and I strongly believe in the conjunction of both to achieve the top result. In my career, I had the opportunity to lead global cloud infrastructures, providing guidance and leadership in Security and Cloud Governance. Security is my first passion, but I have deep experience in many other areas like Cloud Governance and Integration. I define myself as a very versatile person. In my past, I had the opportunity to work in many different areas, supporting different company roles, from technical roles to Sales, Pre-Sales and High Stakeholders. I see myself as a hands-on geek manager. I love to get my hands dirty and also be able to lead and create important things and initiatives. Mt passion for technology is also the reason for my activities in the IT community. I love sharing my experience and motivating people on engaging the technology with the right motivation and passion. I do conferences around the world, sharing my passion. I have been Microsoft MVP since 2006, Certified Ethical Hacker (CEH) and with a Master in Cybersecurity.

LEAVE A REPLY

Please enter your comment!
Please enter your name here