Azure and AWS First Party Security Monitoring Tools..
Cloud monitoring helps to verify the security and performance of your cloud resources and data. The practices rely on various tools and services to collect, analyse, and present data insights. The data insights can be used to identify vulnerabilities and issues, predict performance, and optimise the cloud configurations.
NIST Cyber Security Framework defines the below functions, Security Operations principals and best practices :
image Courtesy : https://www.nist.gov/cyberframework
Similar to the traditional IT monitoring, cloud Monitoring is method of reviewing, observing, and managing the operational workflow in a cloud-based infrastructure.
AWS Monitoring Tools
AWS Cloud Trial :
AWS CloudTrial service automatically captures the event logs and activity logs for your services and stores the data in S3 for 90 Days. It enables Cloud governance and compliance. Also it help you identify and respond to unusual activity in your AWS environment.
Amazon Cloud watch
Cloud watch collects the data applications and services inorder to respond on its performance and optimise their rescue utilisation . The dashboards of CloudWatch shows a unified view of applications, services and resources on both Cloud and On-primises environment.
AZURE Monitoring Tools
Azure Security Center
Azure Security Center is a native part of Azure PaaS Service and doesn’t require any additional deployment which include SQL Managed Instance, SQL DB, Service Fabric and storage accounts. Azure security centre protects non-azure servers and on-prim virtual servers both windows and linux workloads by installing a log analytics agent and manage with its security policies. Security centre continuously monitor new resources and workloads being deployed in the environment. Network Map is considered to be a most powerful tool in the security centre which shows the topology of the workloads and the traffic allowed to each workloads . The inbuilt treat protection feature detects and protects threats in IaaS and PaaS levels. Security Center limits the exposure of Azure services to brute force attacks.
Azure Sentinel :
Sentinel is a SIEM ( Security Information Event Management ) and SOAR ( Security Orchestration And Response ) service offering from Azure . Sentinel gives a full overview on the alert detection, threat visibility, proactive hunting, and threat response.
- Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
- Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
- Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
- Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Azure Monitor :
used to understand the application performance and the deployed resources. It proactively identify the issues affecting them. Azure monitor uses a version of Kusto query language and with simple queries it collect data on application monitoring, guest operating systems, resource monitoring, subscription and tenant monitoring data.
