Tools that help build your security monitoring center

The NIST Framework

Where procedures are followed, frameworks are deployed right? A handhold and a best practice. So too for security management. The Cybersecurity NIST framework is one of the most widely used and recognizable, so we'd like to briefly explain it. The link above also includes a file for completing your asset management and an online learning. Take advantage of it!  

1. Identify

Here we look at governance, risk management, business enviornment and your asset management. How else should you know what to look for during the "protect" phase?  

2. Protect

Phase two involves Data Security, awareness & training, maintenance and protective technology. How do we together ensure that we protect our data as well as possible and limit risks? One way to take precautions is by setting up MFA. More via The importance of MFA - why you really need to have it in place by 2022.

3. Detect

This involves anomalies & events, continuous security monitoring and detection process. This means nothing more than that we know in time what vulnerabilities and risks there are. Among other things, with our monitoring through Azure Secure score, we know what to look out for. More via Why monitoring secure score should be part of your security management.

4. Respond

It's all in the detail they sometimes say. But sometimes those details are not yet available. In phase 4, it's all in the response planning, analysis, mitigation and improvements. That when a situation arises, we know how to act from policies, procedures, the framework and experiences.  

5. Recover

Recovery planning, improvements and communications. Should it happen, for example, that a data breach occurs internally or externally, we know how to minimize the damage as much as possible and follow the procedures from the first four steps. Continuous learning is what we call that. Example via How do you deal with a cyberattack? The process and our lessons listed.

Microsoft Defender 365 & Microsoft Defender for Cloud

Want to learn more about how Microsoft deploys the NIST Framework and what you can all look out for to be as secure as possible? Then take a look at the following papers and follow the best practice yourself. Tip of the hat: the standard dashboards of both tools show you immediately where you still have actions to do and how your RAG (red/amber/green) reporting is doing. More via National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) - Microsoft Compliance | Microsoft Learn.

Want to know if you can make your Azure DevOps environment as secure as possible in addition to the basics? > NIST Cybersecurity Framework (CSF) - Azure Compliance | Microsoft Learn or read:  

• The importance of MFA - why you really need to have it in place by 2022
• With Microsoft Azure's Key Vault, all your secrets are safe! ‍
• Cloud & Governance Tip - Managed Custom Domains available for Azure API Management

OWASP top 10 - secure software development

Security by design is what we also call it. We also do follow the standards of OWASP Top 10:2021 for secure software development . It goes too deep for this blog to dive into that completely, but in the future we would like to write another blog about that in combination with, for example, a GitHub migration.  

Some principles you can always keep in mind anyway while developing are those of the Golden Path:

• Doing the Things Fast - Principle of Flow
• Doing the Things Right - Principle of Feedback
• Doing the Right Things - Principle of Continual Learning and Experimentation

More via TeamValue - The Golden Path

And then we hear you thinking... The framework is applied, the Microsoft Defenders are running and then? How nice is it when you can see the data and insights from all these systems at a single glance. That saves time, is clear and is also real-time. We set this up with corresponding risk management with a SIEM. That stands for Security Information and Event Management. It is a solution that helps organizations detect, analyze and respond to threats before they harm business activities. Read more about it via What is SIEM? | Microsoft Security. One way to properly set up your SIEM is Azure Sentinel.  

SIEM - the benefits of Azure Sentinel  

Azure Sentinel What is Microsoft Sentinel | Microsoft Learn is a total solution from Microsoft for securing cloud services. It combines SIEM with SOAR, allowing Azure Sentinel to not only detect and analyze threats, but also respond to them in the event of a threat. In our view, it is the ideal combo tyssen SIEM and XDR (Extended Detection and Response).

The benefits according to Hendrik? Get an overview of the entire organization with Microsoft's cloud-based SIEM utility. Merge security data from virtually any source and use AI to distinguish noise from legitimate events. Correlate alerts in complex attack chains and accelerate threat response with built-in classification and automation. See below some screenshot of what to expect behind the scenes.  

Other helpful reading tips:  

• Threat protection: SIEM and XDR tools | Microsoft Security
• https://andrecamillo.medium.com/the-right-tools-for-modern-socs-631b9270e8a  

Where you might get started with Azure Sentinel? Check it out here.

Monitoring dashboard - ISO reporting

A full dashboard that does your security monitoring, looks up code quality at the source, provides both advice in the development and management phases, gives you recommendations based on best practices and lists your "SecDevOps or aka SoCaaS status"? That's what you want, right? First, for security. Second, for achieving or maintaining ISO certification.  

In the fourth and final blog of this series, we explain how to arrive at your security policy, what templates to use and then how to continue to monitor your secure score.

Tip from Hendrik: do you have the basics around MFA in place? Are you monitoring the secure score in Azure? The next step is to apply the security framework within all your Microsoft, Azure and reporting environments. If you would like to spar about this, the (digital) coffee is always warm for these kinds of topics.