This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community. At Ignite Azure Security Center team announced many features and capabilities in the CSPM and the CWPP segments. The entire list can be found in this blog post. One out of many areas that the product team invested a lot of resources and innovation is the containers
Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition: Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS). Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or in different clouds such as Amazon AWS or Google GCP, in additional to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts. Azure Defender for Containers is one of many features that is included in Azure Security Center that falls under the Cloud Workload Protection Platform (CWPP) which is something you must consider for your containers running on Microsoft Azure. Azure Security Center (ASC) is expanding its support in the container space to one of the fastest-growing services in Azure – Azure Kubernetes Service (AKS). In November 2019, Microsoft announced the public preview for threat protection for Azure Kubernetes Service (AKS) support in Security Center. The good news is, on March 25th, 2020 the Azure Kubernetes Services integration with Security Center became Generally Available (GA). Kubernetes is quickly becomi
If like me you are using Azure Container Registry (ACR) to store your container images you may want to scan them for vulnerabilities. Now you can thanks to the Azure Security center standard tier. In this blog post, I will show you how to go about setting up your Azure Security center to Scan your images. But first, lets have a look at how this all works. How does it works? So, how does this work, well basically once you enable this via Azure security center and push an image to your registry a webhook is used to let Azure security center know to kick off a vulnerability scan. This will then use Qualys to do the scanning. At the time of writing, only Linux containers are supported. Hopefully, windows containers will come soon. Below is an image from the Microsoft docs site that might help explain it better. https://docs.microsoft.com/en-us/azure/security-center/azure-container-registry-integration Enough how to, lets get to it. As you probably know Azure Security center can cost a bit, but luckily you can pick and choose the bits you would like to move to the standard tier. To just enable ACR image scanning follow the steps below. First in the Azure portal go to the Security center. In here click Coverage it’s on the left under Policy & Compliance. Now click on Edit Plan next to the subscription that has your ACR. Now, If you have not enabled the Standard plan before you will need to by clicking the big Standard Button. Then you will need to Disable all of the Plans apart from Container Registries. You should have something like…
In this article, I will walk you through how to enable and scan your container images in Azure Container Registry (ACR) with Azure Security Center, and then simulate a scan for a vulnerable container image. Contents of this Article Introduction Azure Security Center gives you complete visibility and control over the security of hybrid cloud workloads, including compute, network, storage, identity, and application workloads. Azure Security Center (ASC) has two mains value proposition: Cloud Security Posture Management (CSPM) – Help you prevent misconfiguration to strengthen your security posture for all different types of cloud workloads and resources in Azure (IaaS, PaaS, and SaaS). Cloud Workload Protection Platform (CWPP) – Protect against threats for servers whether they are running in Azure, on-premises or different clouds such as Amazon AWS or Google GCP, in additional to cloud-native workloads such as Web Apps, Kubernetes, Key Vaults, as well as for SQL databases (PaaS/VM) and storage accounts. Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. It’s based on the open-source Docker Registry 2.0. To learn more about Azure Container Registry, please check the official documentation here. Azure Defender is an evolution of the threat-protection technologies in Azure Security Center, protecting Azure and hybrid environments. When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment: Vulnerability Assessment is one of the advanced protection that is included in Azure Security Center…
What is the Definition of SIEM? Security information and event management (SIEM) is a set of tools and services that combine security events management and security information management capabilities to enable analysts to review log and event data, understand and prepare for threats, and retrieve and report on log data. What is the Purpose of a SIEM? Today’s businesses are composed of many types of applications, databases, devices and users. These complex environments can provide many places where advanced or novice adversaries can operate undetected for months or even years. This problem is caused by a lack of visibility into the environment. SIEMs provide visibility into malicious activity by pulling data from every corner of an environment and aggregating it in a single centralized interface, where it can be used to qualify alerts, create reports and support incident response. Who Needs a SIEM? Any company that is concerned about data security is a suitable candidate for a SIEM. Organizations subject to regulatory compliance, such as retailers and healthcare providers, particularly benefit from a SIEM because SIEMs ease compliance audits. However, only slightly more than half of organizations that say they need a SIEM actually use one. Despite the fact that cybersecurity budgets continue to increase, filling the positions necessary to make a SIEM worthwhile remains challenging. Forty-four percent of organizations report difficulties in achieving the benefits their SIEMs could provide because of a lack of on-staff expertise. An option for companies like these is to engage a third-party provider, such as a managed security services provider (MSSP) or SIEM-as-a-service, to operate their SIEM on…
Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (Saas), and Platform as a Service (PaaS). CSPM is used for risk visualization and assessment, incident response, compliance monitoring, and DevOps integration, and can uniformly apply best practices for cloud security to hybrid, multi-cloud, and container environments. Why is CSPM So Important? Over the course of a day, a cloud may connect and disconnect from hundreds or even thousands of other networks. This dynamic nature makes clouds powerful, but it also makes them hard to secure. And as a cloud-first philosophy becomes the norm, the problem of securing cloud-based systems becomes more acute. Traditional security doesn’t work in the cloud because: there is no perimeter to protect manual processes cannot occur with the necessary scale or speed the lack of centralization makes visibility extremely difficult to achieve While cloud-based computing delivers overall cost benefits, the security piece of that puzzle can eat into the ROI, as there are so many pieces that need to be managed – microservices, containers, Kubernetes, serverless functions, etc. The infamous cybersecurity skills gap is highly relevant here, as
Handler methods is a particularly nice feature introduced with the new ASP.NET Razor Pages framework . This feature enables you to determine what the user was doing when they requested the page, and to execute logic accordingly without having to resort to a bunch of conditional code. One of the most common tasks in web development is to determine which HTTP verb your visitor has used to request a page. Is this an initial GET request, or has the user POSTed a form? In classic ASP or PHP, you will usually query the Server Variables collection (Request.ServerVariables("REQUEST_METHOD") or $_Server['REQUEST_METHOD']) to determine which verb was used, or you might query the Request.Form collection for the presence or absence of values. The ASP.NET Web Forms and Web Pages frameworks provide convenience methods to differentiate between POST and
So, you have a Kubernetes cluster. Let’s make sure you know how to see what’s going on inside. In this blog post, you’ll learn how to review logs from Kubernetes and what you may want to be running in it. Start by Looking at the System The first thing you may want to look at is how the Kubernetes master and nodes are behaving. The Kubernetes master controls the entire cluster—what’s running where and what needs to be provisioned—in coordination with the worker nodes. There are three log files you can look at in the master node: /var/log/kube-apiserver.log– API Server, responsible for serving the API /var/log/kube-scheduler.log– Scheduler, responsible for making scheduling decisions /var/log/kube-controller-manager.log – Controller that manages replication controllers These are the two log files you can look at on worker nodes: /var/log/kubelet.log– Kubelet, responsible for running containers on the node /var/log/kube-proxy.log– Kube Proxy, responsible for service load balancing These logs tell you what’s going on and what can be helpful in troubleshooting problems with the master node. These logs sadly can’t be looked at through the kubectl command but instead need to be looked at directly from the machine. Depending on where you’re hosting the machine, you may have to SSH into the node directly. You can also use one of the many different logging consoles or aggregation services out there. Since a lot of Kubernetes clusters are now being hosted in your cloud provider of choice, those master logs are a little bit trickier to get to. Most cloud providers will provide the logs through their logging interface. This means you don’t need…
Viewing, finding resources https://kubernetes.io/docs/reference/kubectl/cheatsheet/#viewing-finding-resources # Get commands with basic output kubectl get services # List all services in the namespace kubectl get pods --all-namespaces # List all pods in all namespaces kubectl get pods -o wide # List all pods in the current namespace, with more details kubectl get deployment my-dep # List a particular deployment kubectl get pods # List all pods in the namespace kubectl get pod my-pod -o yaml # Get a pod's YAML # Describe commands with verbose output kubectl describe nodes my-node kubectl describe pods my-pod # List Services Sorted by Name kubectl get services --sort-by=.metadata.name # List pods Sorted by Restart Count kubectl get pods --sort-by='.status.containerStatuses[0].restartCount' # List PersistentVolumes sorted by capacity kubectl get pv --sort-by=.spec.capacity.storage # Get the version label of all pods with label app=cassandra kubectl get pods --selector=app=cassandra -o
Building Docker images and configuring your dockerized apps doesn’t have to be a try-fail-repeat Google extravaganza. This article will help you work with Docker ARG, ENV, env_file and .env files with confidence. The only prerequisite: make sure that you’re comfortable with the basics of Docker. Read on and you will understand how to configure your Docker images and dockerized apps with ease - with the power of Docker build-time variables, environment variables and docker-compose templating. Frequent Misconceptions This is a long, in-depth read. Let’s start with something you can use right now, without having to read the whole thing! Here’s a list of