Tools that help build your security monitoring center

November 10, 2024

TeamValue

Company

Table of contents

Loading toc item...

Who you gonna call?

Contact opnemen

No items found.

The NIST Framework

Where procedures are followed, frameworks are used, right? A foothold and a best practice. This also applies to security management. It Cybersecurity NIST framework is one of the most used and recognizable ones, so we would like to briefly explain it. The link above also includes a file for completing your asset management and online learning. Take advantage of it!

Identify

Here we look at governance, risk management, business environment and your asset management. How else should you know what to look out for during the 'protect' phase?

Protect

Phase two involves Data Security, awareness & training, maintenance and protective technology. Together, how do we ensure that we protect our data and reduce risks in the best possible way? You can take precautions, among other things, by setting up MFA. More via The importance of MFA — why you really need to have it set up by 2022.

Detect

This concerns anomalies & events, continuous security monitoring and detection process. That means nothing more than knowing in time what vulnerabilities and risks there are. With our monitoring via Azure Secure score, among other things, we know what to pay attention to. More via Why monitoring the secure score should be part of your security management.

Respond

It's all in the detail, they sometimes say. But sometimes those details aren't available yet. In phase 4, it's all in the response planning, analysis, mitigation and improvements. That when a situation occurs, we know how to act from policy, procedures, the framework and experiences.

Recover

Recovery planning, improvements and communications. If, for example, a data breach occurs internally or externally, we know how to keep the damage as limited as possible and we will check the procedures in the first four steps. We call that continuous learning. Example via How do you deal with a cyberattack? The process and our lessons at a glance.

Microsoft Defender 365 & Microsoft Defender for Cloud

Do you want to know more about how Microsoft uses the NIST Framework and what you can pay attention to to be as secure as possible? Then take a look at the following papers and follow the best practice for yourself. Tip of the veil: the standard dashboards of both tools immediately show you where you still have to do actions and how your RAG (red/amber/green) report is doing. More via National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) - Microsoft Compliance | Microsoft Learn.

Do you want to know if, in addition to the basics, you can also make your Azure DevOps environment as secure as possible? > NIST Cybersecurity Framework (CSF) - Azure Compliance | Microsoft Learn or read:

OWASP top 10 — secure software development

We also call it Security by design. For secure software development, we also follow the standards of OWASP Summit 10:2021. It goes too deep for this blog to dive completely into that, but in the future we would like to write another blog about it in combination with, for example, a GitHub migration.

A number of principles that you can always take into account when developing are those of the Golden Path:

Doing the Things Fast - Principle of Flow
Doing the Things Right - Principle of Feedback
Doing the Right Things - Principle of Continual Learning and Experimentation

More via TeamValue - The Golden Path

And then we hear you think... The framework has been applied, the Microsoft Defenders are running and then? How nice it is when you can see the data and insights from all these systems at a glance. This saves time, is organized and is also real-time. We set this up with associated risk management with a SIEM. That stands for Security Information and Event Management. It's a solution that helps organizations detect, analyze, and respond to threats before they harm business operations. Read more about it via What is SIEM? | Microsoft Security. One way to properly set up your SIEM is Azure Sentinel.

SIEM — the benefits of Azure Sentinel

Azure Sentinel What is Microsoft Sentinel? | Microsoft Learn is a complete solution from Microsoft for securing cloud services. It combines SIEM with SOAR, allowing Azure Sentinel not only to identify and analyse threats, but also to respond to them in the event of a threat. In our view, it is the ideal combination between SIEM and XDR (Extended Detection and Response).

According to Hendrik, the benefits? Get an overview of the entire organization with Microsoft's cloud-based SIEM tool. Aggregate security data from virtually any source and use AI to distinguish noise from legitimate events. Correlate alerts across complex attack chains and accelerate threat response with built-in layout and automation. Here's a screenshot of what you can expect behind the scenes.

Monitoring dashboard — ISO reporting

A complete dashboard that monitors your security, checks the quality of the code at the source, provides advice in the development and management phases, gives you recommendations based on best practices and lists your “SecDevOps or also SoCaaS status”? That's what you want, isn't it? First of all, for safety. Secondly, for obtaining or maintaining ISO certification.

In the fourth and final blog of this series, we explain how to arrive at your security policy, which templates you can use and how you can then continue to monitor your secure score.

Tip from Hendrik: do you have the basics of MFA in order? Do you monitor the secure score in Azure? The next step is then to apply the security framework to all your Microsoft, Azure and reporting environments. If you want to discuss that, (digital) coffee is always hot for these kinds of topics.