Subnet Connected Defense in Depth

Network Security for Azure environments

Network security typically falls into three areas:

  • Secure/manage traffic flow between applications, their tiers, between different environments, and other services
  • Secure/manage traffic flow between users and the application
  • Secure/manage traffic flow between the applications and the Internet

Azure Network security is about building a defense in depth approach.

The usual type of services that need to be protected from the network perspective, can be categorized into those types:

  • IaaS services connected to subnets
  • PaaS services connected to subnets
  • Public facing PaaS services with security lockdown
  • Public facing PaaS services with TLS access restrictions
PaaS Services with TLS
PaaS Services with TLS
PaaS Services with Lockdown DiD
PaaS Services with Lockdown DiD
Subnet Connected Defense in Depth
Subnet Connected Defense in Depth

Improve your Azure enhanced Secure Score

The enhanced Azure Secure Score is attack surface focused and brings three benefits:

  • Security Controls – Security recommendations are grouped into logical sets that better reflect your vulnerable attack surfaces.
  • Overall score better reflects the overall posture – Your score will only improve when you remediate all of the recommendations for a single resource within a control. That means that your score only improves when the security of a resource improves.
  • Security status of individual attack surfaces is more visible – By showing the score per Security Control, the Secure Score page becomes the place where you can get a granular view of how well your organization is securing each individual attack surface.
Azure enhanced Secure Score
Azure enhanced Secure Score

In order to remediate most of the security controls and improve your Azure Security score, you could very easily use our Managed Azure Services: by enabling compliance with the CIS standard, for example, it is guaranteed that your Azure Security score will increase dramatically.

You must remember as well that our managed security services can Disable/Customize the security policies as they apply to your particular environment, so when the Secure Score is calculated you wont get penalized for the security controls that don’t apply to your particular requirements.

Azure Security Center and Azure Policies – perfect companions

In the past, cybersecurity and privacy were often low on the list of priorities for nonprofits. But, as cyberthreats have increased so have the risks of ignoring those threats. Breaches, compromised data, and cyberattacks can put vulnerable beneficiaries at risk, disrupt nonprofit operations and
services, expose your organization to liability, and tarnish the reputation you have so painstakingly built.

To combat those threats, small businesses need to:

  • Identify, assess, and mitigate security risks.
  • Stay up-to-date with security best practices and the overall  threat landscape.
  • Correctly respond to compliance obligations in a timely fashion.

Azure Security Center and Azure Policies are tools that can help protect your data and cloud infrastructure while maintaining a high level of productivity.

Many small businesses don’t have the resources or the in-house skills to perform those tasks, but you can use the extensive technical skills of NovaQuantum to secure your Azure environment today!

Our skilled team of professionals have extensive security and compliance expertise that can help organizations like yours determine your level of risk, keep your security current, and meet compliance requirements. A great way to begin is with an assessment of your current technology and your level of security measured against a well know security standard like CIS. We’ll also let you know about new options available with the latest Microsoft technologies. Contact us Today!

Azure Security Center and Azure Policies are tools that can help protect your data and cloud infrastructure while maintaining a high level of productivity
your trusted security partner

Your trusted security partner to drive ongoing security posture improvement

  • We help organizations assess their security posture by providing them with wide visibility of their Azure environment
  • We provides security administrators with the guidance, controls and processes to drive improvement by focusing the high value/low risk security controls. We can automate the remediation of those controls, if required.
  • We enable security teams to benchmark progress and demonstrate progress to leadership by having regular reports
Your trusted security partner
Your trusted security partner
Azure Security Model

Azure security posture assessments and improvements

Cyber hygiene is hard to maintain due to :

  • users
  • processes
  • tools
  • technology
  • depth of security controls
  • breadth of tools
  • 1000s of security controls
  • ~100 security apps and tools

Here is what manual Security Posture Management looks like in a typical modern business that uses online Microsoft services:

Manual Security Posture Management
Manual Security Posture Management

…and here is what the Azure Security Model looks like for any business that makes use of the Azure and Office 365 platforms.

Azure security posture-Azure Security Model
Azure Security Model

As you can see, the security aspect of ANY Azure environment are very complicated: NovaQuantum, providing managed Azure Security services, is your trusted security partner to drive ongoing posture improvement and help YOU navigate all those complex security details!

Windows and SQL 2008 are end of life- act NOW!

Windows Server 2008 and SQL Server 2008 have reached end of support

Without security updates and bulletins released by Microsoft, your businesses could be exposed to security attacks or compliance risks.

July 9, 2019 : End of extended support for SQL Server 2008/2008 R2

January 14, 2020 : End of extended support for Windows Server 2008

Azure platform for your business – 5 reasons

  1. No more capital expenditures: Why pay for expensive hardware when you don’t have to? As a subscription service, Azure frees you from upfront capital expenses and the time it takes to manage services locally. And that means you can focus on what’s important: running your business.
  2. Business continuity, no matter what: We all know that a data disaster is a business disaster. Even a minor outage can put you at a competitive disadvantage. With Azure, ensure your apps work when you need them the most—without the expense of secondary infrastructure. Don’t be the company without a plan.
  3. Paying only for what you use: Sometimes you need more capacity, sometimes you need less. Azure can easily stretch to meet seasonal needs according to business growth and demands.
  4. A tiered approach to the cloud: Moving to the cloud shouldn’t be an all-or-nothing decision. And it certainly shouldn’t be a hassle. With Azure, you can move any or all your business applications on your timeline and when you’re ready. From accounting and HR to commerce and CRM, there’s a place for everything in Azure
  5. Security, security, and more security: Safeguard your business with unmatched security management and threat protection for all applications and data, whether they’re on-premises or in the cloud. Plus, Azure has more security and certifications than any other cloud provider. Complement platform’s native security features with our managed Azure Security services.
5 reasons to run your business in Azure
5 reasons to run your business in Azure: a higher pdf resolution is attached to this image
Microsoft Security Assessment

Microsoft Security Assessment – a quick guide

Microsoft has provided a plethora of free tools that can help with the assessment of your cybersecurity posture.

One of those security tools is “Microsoft Security Assessment for your business”.

As part of that questionnaire, Microsoft security experts have collaborated to create a personalized Cybersecurity Assessment covering more than 20 security points in 4 key Cybersecurity categories with the purpose of helping you pinpoint strengths and weaknesses in your Cybersecurity efforts.

The four Cybersecurity categories are contained under the following headings:

  1. How secure are your users and accounts?
  2. How protected are you from threats?
  3. How safe is your data?
  4. How effectively are you managing security?

This relatively quick security assessment most likely will identify the need to enforce certain security policies for your company and most likely will raise more questions in regards to your security posture.

By using security industry standards, like Azure CIS, ISO 27001 or PCI standards, you can rest assured that your data and applications hosted in Azure are very well protected. Our managed Azure Security services make this onerous task very simple!

Microsoft Security Assessment
Microsoft Security Assessment
improve cloud security in one step

Reduce Azure cost, improve cloud security in one step

Cloud adoption continues, and it’s easy to see why. According to a recent Microsoft study (Bredin SMB research for Microsoft, March 2019), there are three key reasons small and midsize businesses consider cloud services: 

  • Cost savings​ 
  • Improved security​ 
  • Easy access to documents and applications from multiple locations 

Why wait?
Take charge of your Azure security and let the professionals secure your environment using the latest industry security standards like CIS, PCI or ISO.

Our managed Azure Security Services are a perfect fit for any small and medium businesses that have workloads in the Cloud: starting with an in-depth assessment of the existing security controls and continuing with automated remediation of the essential controls that are deemed business critical by you!

improve cloud security in one step
Improve cloud security in one step

Microsoft is a scale security provider

Microsoft is now a serious security vendor. The center piece of their investment in intelligence is the Microsoft Intelligent Security Graph. This is how they describe the way that Microsoft synthesize a vast amount of data from a huge variety of sources: 400 billion emails get analyzed by and Office 365 email services every month. 

1.2 billion devices are updated monthly. The 1.2B includes ~750M Windows 10 monthly active devices which they receive telemetry, the balance is Win8/7/Vista/XP which communicate with Windows Update on a monthly basis. 400 Billion emails analyzed monthly.

Microsoft operates 200-plus global cloud, consumer, and commercial services. Everything from to Xbox Live to Office 365 to Azure, and so on. And with all of those services, they have a tremendous amount of surface area that they defend.

And so, Microsoft sees more attacks than most other companies on any given day. They get a lot of information from defending against those attacks.

1 Billion plus Azure user accounts give them tremendous insight into how people authenticate to Azure. And that, combined with the 450 billion monthly authentications that they do with Azure Active Directory and Microsoft Account, really give them some tremendous insight into what is normal behavior when it comes to sign-ins and authentications, and what is abnormal behavior, and how often is it that someone has the right password, but they’re not the person they say they are.

Bing scans about 18 billion web pages every month, giving them really great insight into what people are doing with web scripting technologies when it comes to attacks and phishing campaigns. And they have a great way to look at that and understand how they should help customers defend based on that information.

On top of all of that Microsoft layer shared threat data that they get from their partners, from the researchers at Microsoft who are part of their 3,500-plus people that are full time on security, and law enforcement agencies that they partner with worldwide through their digital crimes unit, as well as botnet data that they collect through the digital crimes unit. All of that intelligence makes up the Intelligent Security Graph.

Azure Advanced Security for SMBs
Azure Advanced Security for SMBs