Note: This blog was authored by the Microsoft Threat Intelligence Center.
Microsoft Azure provides a secure foundation for customers to host their infrastructure and applications. Microsoft’s secure foundation spans across physical, infrastructure, and operational security. Part of our operational security includes over 3,500 cybersecurity experts across different teams that are dedicated to security research and development. The Microsoft Threat Intelligence Center is just one of the security teams at Microsoft that encounters and mitigates against threats across the security landscape.
On today’s episode of Microsoft Mechanics, you’ll see how the work of the Microsoft Threat Intelligence Center is helping to secure Azure and the global security landscape. This team works to identify issues such as peer to peer networking software, standard botnet and ransomware attacks, and adversary-based threats from hackers or nation state sponsored groups.
The team also has a broad view across many geographies and a view of the services that run in Azure. With this insight, the team can see common attack patterns. These patterns can be at the network level, service level, app level, or OS level. As soon as an exploit is detected, the Microsoft Threat Intelligence Center works with other teams at Microsoft to build mitigations into our products and services. In addition, the team creates threat intelligence reports that provide detailed information on things like what the attack was, where it happened, the environment(s) that were impacted and steps you need to take to remediate the attack.
In addition to seeing how the Microsoft Threat Intelligence Center mitigates attacks targeting the Azure platform, you’ll learn how that intelligence is fed back into our services and how you can strengthen your organizational security using these tools. For example, you can use Azure Security Center to get a centralized, real-time monitoring view into the security state of your hybrid cloud resources, and quickly take action against issues. You can also use Security Center’s Just-in-Time VM Access to protect against threats such as brute force attacks by reducing access to virtual machine management ports to only when it is needed. Security Center’s Investigation Path will help you explore all the entities involved an attack, such as a SQL injection, and quickly remediate against the attack.
We hope that you find today’s overview helpful. Please let us know your thoughts, and feel free to post your questions.