Microsoft Sentinel in Action


Book Description

Learn how to set up, configure, and use Microsoft Sentinel to provide security incident and event management services for your multi-cloud environment Key FeaturesCollect, normalize, and analyze security information from multiple data sourcesIntegrate AI, machine learning, built-in and custom threat analyses, and automation to build optimal security solutionsDetect and investigate possible security breaches to tackle complex and advanced cyber threatsBook Description Microsoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you integrate cloud security and artificial intelligence (AI). This book will teach you how to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic. The first part of this book will introduce you to Microsoft Sentinel and Log Analytics, then move on to understanding data collection and management, as well as how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. The next part will focus on useful features, such as entity behavior analytics and Microsoft Sentinel playbooks, along with exploring the new bi-directional connector for ServiceNow. In the next part, you'll be learning how to develop solutions that automate responses needed to handle security incidents and find out more about the latest developments in security, techniques to enhance your cloud security architecture, and explore how you can contribute to the security community. By the end of this book, you'll have learned how to implement Microsoft Sentinel to fit your needs and protect your environment from cyber threats and other security issues. What you will learnImplement Log Analytics and enable Microsoft Sentinel and data ingestion from multiple sourcesTackle Kusto Query Language (KQL) codingDiscover how to carry out threat hunting activities in Microsoft SentinelConnect Microsoft Sentinel to ServiceNow for automated ticketingFind out how to detect threats and create automated responses for immediate resolutionUse triggers and actions with Microsoft Sentinel playbooks to perform automationsWho this book is for You'll get the most out of this book if you have a good grasp on other Microsoft security products and Azure, and are now looking to expand your knowledge to incorporate Microsoft Sentinel. Security experts who use an alternative SIEM tool and want to adopt Microsoft Sentinel as an additional or a replacement service will also find this book useful.




MCE Microsoft Certified Expert Cybersecurity Architect Study Guide


Book Description

Prep for the SC-100 exam like a pro with Sybex’ latest Study Guide In the MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100, a team of dedicated software architects delivers an authoritative and easy-to-follow guide to preparing for the SC-100 Cybersecurity Architect certification exam offered by Microsoft. In the book, you’ll find comprehensive coverage of the objectives tested by the exam, covering the evaluation of Governance Risk Compliance technical and security operations strategies, the design of Zero Trust strategies and architectures, and data and application strategy design. With the information provided by the authors, you’ll be prepared for your first day in a new role as a cybersecurity architect, gaining practical, hands-on skills with modern Azure deployments. You’ll also find: In-depth discussions of every single objective covered by the SC-100 exam and, by extension, the skills necessary to succeed as a Microsoft cybersecurity architect Critical information to help you obtain a widely sought-after credential that is increasingly popular across the industry (especially in government roles) Valuable online study tools, including hundreds of bonus practice exam questions, electronic flashcards, and a searchable glossary of crucial technical terms An essential roadmap to the SC-100 exam and a new career in cybersecurity architecture on the Microsoft Azure cloud platform, MCE Microsoft Certified Expert Cybersecurity Architect Study Guide: Exam SC-100 is also ideal for anyone seeking to improve their knowledge and understanding of cloud-based management and security.




Introducing Windows 10 for IT Professionals


Book Description

Get a head start evaluating Windows 10--with technical insights from award-winning journalist and Windows expert Ed Bott. This guide introduces new features and capabilities, providing a practical, high-level overview for IT professionals ready to begin deployment planning now. This edition was written after the release of Windows 10 version 1511 in November 2015 and includes all of its enterprise-focused features. The goal of this book is to help you sort out what’s new in Windows 10, with a special emphasis on features that are different from the Windows versions you and your organization are using today, starting with an overview of the operating system, describing the many changes to the user experience, and diving deep into deployment and management tools where it’s necessary.




Microsoft Azure Security Center


Book Description

Discover high-value Azure security insights, tips, and operational optimizations This book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder show how to apply Azure Security Center’s full spectrum of features and capabilities to address protection, detection, and response in key operational scenarios. You’ll learn how to secure any Azure workload, and optimize virtually all facets of modern security, from policies and identity to incident response and risk management. Whatever your role in Azure security, you’ll learn how to save hours, days, or even weeks by solving problems in most efficient, reliable ways possible. Two of Microsoft’s leading cloud security experts show how to: • Assess the impact of cloud and hybrid environments on security, compliance, operations, data protection, and risk management • Master a new security paradigm for a world without traditional perimeters • Gain visibility and control to secure compute, network, storage, and application workloads • Incorporate Azure Security Center into your security operations center • Integrate Azure Security Center with Azure AD Identity Protection Center and third-party solutions • Adapt Azure Security Center’s built-in policies and definitions for your organization • Perform security assessments and implement Azure Security Center recommendations • Use incident response features to detect, investigate, and address threats • Create high-fidelity fusion alerts to focus attention on your most urgent security issues • Implement application whitelisting and just-in-time VM access • Monitor user behavior and access, and investigate compromised or misused credentials • Customize and perform operating system security baseline assessments • Leverage integrated threat intelligence to identify known bad actors




Microsoft Azure Security Infrastructure


Book Description

This is the eBook of the printed book and may not include any media, website access codes, or print supplements that may come packaged with the bound book. Implement maximum control, security, and compliance processes in Azure cloud environments In Microsoft Azure Security Infrastructure,1/e three leading experts show how to plan, deploy, and operate Microsoft Azure with outstanding levels of control, security, and compliance. You’ll learn how to prepare infrastructure with Microsoft’s integrated tools, prebuilt templates, and managed services–and use these to help safely build and manage any enterprise, mobile, web, or Internet of Things (IoT) system. The authors guide you through enforcing, managing, and verifying robust security at physical, network, host, application, and data layers. You’ll learn best practices for security-aware deployment, operational management, threat mitigation, and continuous improvement–so you can help protect all your data, make services resilient to attack, and stay in control no matter how your cloud systems evolve. Three Microsoft Azure experts show you how to: • Understand cloud security boundaries and responsibilities • Plan for compliance, risk management, identity/access management, operational security, and endpoint and data protection • Explore Azure’s defense-in-depth security architecture • Use Azure network security patterns and best practices • Help safeguard data via encryption, storage redundancy, rights management, database security, and storage security • Help protect virtual machines with Microsoft Antimalware for Azure Cloud Services and Virtual Machines • Use the Microsoft Azure Key Vault service to help secure cryptographic keys and other confidential information • Monitor and help protect Azure and on-premises resources with Azure Security Center and Operations Management Suite • Effectively model threats and plan protection for IoT systems • Use Azure security tools for operations, incident response, and forensic investigation




Implementing Hybrid Cloud with Azure Arc


Book Description

Accelerate hybrid cloud innovation using Azure Arc with the help of real-world scenarios and examples Key FeaturesGet to grips with setting up and working with Azure ArcHarness the power of Azure Arc and its integration with cutting-edge technologies such as Kubernetes and PaaS data servicesManage, govern, and monitor your on-premises servers and applications with AzureBook Description With all the options available for deploying infrastructure on multi-cloud platforms and on-premises comes the complexity of managing it, which is adeptly handled by Azure Arc. This book will show you how you can manage environments across platforms without having to migrate workloads from on-premises or multi-cloud to Azure every time. Implementing Hybrid Cloud with Azure Arc starts with an introduction to Azure Arc and hybrid cloud computing, covering use cases and various supported topologies. You'll learn to set up Windows and Linux servers as Arc-enabled machines and get to grips with deploying applications on Kubernetes clusters with Azure Arc and GitOps. The book then demonstrates how to onboard an on-premises SQL Server infrastructure as an Arc-enabled SQL Server and deploy and manage a hyperscale PostgreSQL infrastructure on-premises through Azure Arc. Along with deployment, the book also covers security, backup, migration, and data distribution aspects. Finally, it shows you how to deploy and manage Azure's data services on your own private cloud and explore multi-cloud solutions with Azure Arc. By the end of this book, you'll have a firm understanding of Azure Arc and how it interacts with various cutting-edge technologies such as Kubernetes and PaaS data services. What you will learnSet up a fully functioning Azure Arc-managed environmentExplore products and services from Azure that will help you to leverage Azure ArcUnderstand the new vision of working with on-premises infrastructureDeploy Azure's PaaS data services on-premises or on other cloud platformsDiscover and learn about the technologies required to design a hybrid and multi-cloud strategyImplement best practices to govern your IT infrastructure in a scalable modelWho this book is for This book is for Cloud IT professionals (Azure and/or AWS), system administrators, database administrators (DBAs), and architects looking to gain clarity about how Azure Arc works and how it can help them achieve business value. Anyone with basic Azure knowledge will benefit from this book.




Securing DevOps


Book Description

Summary Securing DevOps explores how the techniques of DevOps and security should be applied together to make cloud services safer. This introductory book reviews the latest practices used in securing web applications and their infrastructure and teaches you techniques to integrate security directly into your product. You'll also learn the core concepts of DevOps, such as continuous integration, continuous delivery, and infrastructure as a service. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Technology An application running in the cloud can benefit from incredible efficiencies, but they come with unique security threats too. A DevOps team's highest priority is understanding those risks and hardening the system against them. About the Book Securing DevOps teaches you the essential techniques to secure your cloud services. Using compelling case studies, it shows you how to build security into automated testing, continuous delivery, and other core DevOps processes. This experience-rich book is filled with mission-critical strategies to protect web applications against attacks, deter fraud attempts, and make your services safer when operating at scale. You'll also learn to identify, assess, and secure the unique vulnerabilities posed by cloud deployments and automation tools commonly used in modern infrastructures. What's inside An approach to continuous security Implementing test-driven security in DevOps Security techniques for cloud services Watching for fraud and responding to incidents Security testing and risk assessment About the Reader Readers should be comfortable with Linux and standard DevOps practices like CI, CD, and unit testing. About the Author Julien Vehent is a security architect and DevOps advocate. He leads the Firefox Operations Security team at Mozilla, and is responsible for the security of Firefox's high-traffic cloud services and public websites. Table of Contents Securing DevOps PART 1 - Case study: applying layers of security to a simple DevOps pipeline Building a barebones DevOps pipeline Security layer 1: protecting web applications Security layer 2: protecting cloud infrastructures Security layer 3: securing communications Security layer 4: securing the delivery pipeline PART 2 - Watching for anomalies and protecting services against attacks Collecting and storing logs Analyzing logs for fraud and attacks Detecting intrusions The Caribbean breach: a case study in incident response PART 3 - Maturing DevOps security Assessing risks Testing security Continuous security




Designing Distributed Systems


Book Description

Without established design patterns to guide them, developers have had to build distributed systems from scratch, and most of these systems are very unique indeed. Today, the increasing use of containers has paved the way for core distributed system patterns and reusable containerized components. This practical guide presents a collection of repeatable, generic patterns to help make the development of reliable distributed systems far more approachable and efficient. Author Brendan Burns—Director of Engineering at Microsoft Azure—demonstrates how you can adapt existing software design patterns for designing and building reliable distributed applications. Systems engineers and application developers will learn how these long-established patterns provide a common language and framework for dramatically increasing the quality of your system. Understand how patterns and reusable components enable the rapid development of reliable distributed systems Use the side-car, adapter, and ambassador patterns to split your application into a group of containers on a single machine Explore loosely coupled multi-node distributed patterns for replication, scaling, and communication between the components Learn distributed system patterns for large-scale batch data processing covering work-queues, event-based processing, and coordinated workflows