[Post updated on 09/24/2021]
Organizations are starting to realize that they need to closely monitor their cloud security posture, and protect their cloud workloads against threats. Azure Security Center covers scenarios by offering Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) capabilities via the enablement of Azure Defender.
To effectively determine the benefits of adopting Security Center, you should perform a Proof of Concept (PoC). Even before enabling Security Center in your subscription and start validating your scenarios, you should go through a planning process to determine a series of tasks that must be accomplished in this PoC.
Planning Each Phase
Use following schedule to perform their Security Center PoC. Keep in mind that this is an example, and each organization may adequate this according to their needs.
The sections that follow will explain each phase in more details.
During the planning phase you will organize a meeting with key stakeholders of this PoC. At minimum, you should have representatives from IT (mainly the ones that are responsible for your Cloud workloads), Security Operations, and Security Governance. The intent of this phase is to determine the answers for the following items:
At the end of this phase you have the first checkpoint (A). On this checkpoint you should document the following items:
This phase will focus on the implementation of the requirements. When going through those requirements, make sure to document everything that needs to be changed in the environment. One classic example is when the members of the Team that are implementing Security Center don’t have the right level of permission in all subscriptions. This can cause delays if the team that is implementing Security Center is not the same team that manages Azure Identity. For this reason, it becomes critical to involve the right stakeholders since the planning phase.
At the end of this phase you have the second checkpoint (B). On this checkpoint you should document the following items:
Implementation and validation
Now you are ready to flip the switch and upgrade from Free to Azure Defender, and once you do that the next step is the implementation of the scenarios that you established during the planning phase. Here are the most common scenarios that are covered during a PoC:
Scenario 1: Security Posture Management
Scenario 2: Reducing the Attack Surface
Scenario 3: Threat Detection & Response
At the end of this phase you have the third checkpoint (C). On this checkpoint you should document the following items:
If you need a deeper plan to perform a PoC for each Azure Defender Plan, please access them from here:
This is the final phase of the PoC, and it is strategically done 5 days before you reach the 30 days trial, and the reason for that is because you want to have a spare time to make your final decision if you want to keep using Azure Defender or not, and if not you can rollback to ASC Free tier. This is the time to re-engage the stakeholders, present the results, and the benefits of adopting Security Center in production.
At the end of this phase you have the last checkpoint (D). On this checkpoint you should document the following items:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.