• 1 min read

Enhance your DevSecOps practices with Azure Security Center’s newest playbooks

Cloud-hosted workloads offer excellent scalability, ease of deployment, and pre-secured infrastructure for your workloads. However, the workloads themselves may still be susceptible to attack by cybercriminals.

Cloud-hosted workloads offer excellent scalability, ease of deployment, and pre-secured infrastructure for your workloads. However, the workloads themselves may still be susceptible to attack by cybercriminals. To help safeguard your resources in the cloud, you need to be able to keep up with threats, harden your resources that could be vulnerable to attacks, and deploy techniques to ensure that protection mechanisms are working.

Avyan Consulting partnered with the Azure Security Center team to build attack simulation playbooks for demonstration and training purposes. Azure administrators may use these playbooks to deploy fully operational web and Compute workloads, security management tools such as Azure Security Center & Web App Firewalls (WAFs), and SQL threat protection. Once deployed, the administrator can invoke attacks against the workloads, executing similar techniques used by adversaries around the world. These attack simulations are applied using the supplied instructions and automation. The playbooks cover four common attack scenarios simulations:

Scenario

Description

VM-Virus-Attack

To showcase Virus attack on a Virtual Machine detection & prevention

SQL-Injection-Attack-WebApp

To showcase SQL injection attack detection & prevention on a Web Application (Web App + SQL DB)

XSS-Attack-WebApp

To showcase Cross Site Scripting (XSS) attack detection & prevention on a Web Application

DDoS-Attack-Public IP

To showcase DDoS Protection Standard on Azure resources with public IP

This experience will enable Azure customers to learn about hardening best practices, defensive configurations, and what to look for should a real attack occur.

If you are responsible for the security of datacenter workloads running in the cloud, learn more about Azure’s native security tools such as  Azure Security Center, SQL Threat Detection, and Application Gateway (WAF). These tools work with Cloudneeti from Avyan Consulting to provide rich compliance views across Azure resources.