You're reading from Azure Architecture Explained A comprehensive guide to building effective cloud solutions

Product type Paperback

Published in Sep 2023

Publisher Packt

ISBN-13 9781837634811

Length 446 pages

Edition 1st Edition

Tools

Azure

Concepts

Cloud Computing

Authors (3):

Brett Hargreaves

David Rendón

MJ Parker

View More author details

Table of Contents (20) Chapters

Preface

1. Part 1 – Effective and Efficient Security Management and Operations in Azure

2. Chapter 1: Identity Foundations with Azure Active Directory and Microsoft Entra FREE CHAPTER

3. Chapter 2: Managing Access to Resources Using Azure Active Directory

4. Chapter 3: Using Microsoft Sentinel to Mitigate Lateral Movement Paths

5. Part 2 – Architecting Compute and Network Solutions

6. Chapter 4: Understanding Azure Data Solutions

7. Chapter 5: Migrating to the Cloud

8. Chapter 6: End-to-End Observability in Your Cloud and Hybrid Environments

9. Chapter 7: Working with Containers in Azure

10. Chapter 8: Understanding Networking in Azure

11. Chapter 9: Securing Access to Your Applications

12. Part 3 – Making the Most of Infrastructure-as-Code for Azure

13. Chapter 10: Governance in Azure – Components and Services

14. Chapter 11: Building Solutions in Azure Using the Bicep Language

15. Chapter 12: Using Azure Pipelines to Build Your Infrastructure in Azure

16. Chapter 13: Continuous Integration and Deployment in Azure DevOps

17. Chapter 14: Tips from the Field

18. Index

Why subscribe?

19. Other Books You May Enjoy

Mitigating lateral movements

We can use Microsoft Defender for Identity, which includes a mechanism to detect lateral movements, and a powerful alternate method to remediate lateral movements is by configuring Fusion in Microsoft Sentinel, a correlation engine to detect multistage attacks automatically.

Fusion is a powerful engine integrated with Microsoft Sentinel that identifies combinations of anomalous behaviors and malicious activities observed at different kill chain stages.

Microsoft Sentinel can generate incidents with multiple alerts or activities, and Fusion will correlate all signals from various products and detect advanced attacks. Fusion detections will be shown as Fusion incidents on the Microsoft Sentinel Incidents page. Fusion incidents are stored in the SecurityIncident table in Logs.

How can we enable Fusion? It is enabled as an analytics rule and can help us cover a variety of scenarios, such as the following:

Compute resource abuse
Credential...

The rest of the chapter is locked

You're reading from Azure Architecture Explained A comprehensive guide to building effective cloud solutions

Table of Contents (20) Chapters

Mitigating lateral movements

Authors (2)

Personalised recommendations for you

You're reading from Azure Architecture Explained A comprehensive guide to building effective cloud solutions

Table of Contents (20) Chapters

Mitigating lateral movements

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you