Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native, security information and event
management (SIEM) and security orchestration, automation, and response (SOAR)
solution. Microsoft Sentinel delivers intelligent security analytics and
threat intelligence across the enterprise, providing a single solution for
attack detection, threat visibility, proactive hunting, and threat response.
Microsoft Defender for Cloud
Microsoft Defender for Cloud helps you prevent, detect, and respond to threats
with increased visibility into and control over the security of your Azure
resources. It provides integrated security monitoring and policy management
across your Azure subscriptions, helps detect threats that might otherwise go
unnoticed, and works with a broad ecosystem of security solutions.
In addition, Defender for Cloud helps with security operations by providing
you a single dashboard that surfaces alerts and recommendations that can be
acted upon immediately. Often, you can remediate issues with a single click
within the Defender for Cloud console.
Azure Resource Manager
Azure Resource Manager enables you to work with the resources in your solution
as
a group. You can deploy, update, or delete all the resources for your solution
in
a single, coordinated operation. You use an Azure Resource Manager template
for
deployment and that template can work for different environments such as
testing,
staging, and production. Resource Manager provides security, auditing, and
tagging features to help you manage your resources after deployment.
Azure Resource Manager template-based deployments help improve the security of
solutions deployed in Azure because standard security control settings and can
be
integrated into standardized template-based deployments. This reduces the risk
of
security configuration errors that might take place during manual deployments.
Application Insights
Application Insights is an extensible Application Performance Management (APM)
service for web developers. With Application Insights, you can monitor your
live
web applications and automatically detect performance anomalies. It includes
powerful analytics tools to help you diagnose issues and to understand what
users
actually do with your apps. It monitors your application all the time it's
running, both during testing and after you've published or deployed it.
Application Insights creates charts and tables that show you, for example,
what
times of day you get most users, how responsive the app is, and how well it is
served by any external services that it depends on.
If there are crashes, failures or performance issues, you can search through
the
telemetry data in detail to diagnose the cause. And the service sends you
emails
if there are any changes in the availability and performance of your app.
Application Insight thus becomes a valuable security tool because it helps
with
the availability in the confidentiality, integrity, and availability security
triad.
Azure Monitor
Azure Monitor offers visualization, query, routing, alerting, auto scale, and
automation on data both from the Azure subscription (Activity Log) and each
individual Azure resource (Resource Logs). You can use Azure Monitor to alert
you on security-related events that are generated in Azure logs.
Azure Monitor logs
Azure Monitor logs – Provides an IT management solution for both on-premises
and
third-party cloud-based infrastructure (such as AWS) in addition to Azure
resources. Data from Azure Monitor can be routed directly to Azure Monitor
logs
so you can see metrics and logs for your entire environment in one place.
Azure Monitor logs can be a useful tool in forensic and other security
analysis,
as the tool enables you to quickly search through large amounts of
security-related entries with a flexible query approach. In addition,
on-premises
firewall and proxy logs can be exported into Azure and made available for
analysis using Azure Monitor logs.
Azure Advisor
Azure Advisor is a personalized cloud consultant that helps you to optimize
your Azure deployments. It analyzes your resource configuration and usage
telemetry. It then recommends solutions to help improve the performance,
security, and reliability of your resources while looking for opportunities to
reduce your overall Azure spend. Azure Advisor provides security
recommendations, which can significantly improve your overall security posture
for solutions you deploy in Azure. These recommendations are drawn from
security analysis performed by Microsoft Defender for Cloud.