Microsoft Azure Sentinel: Planning and Implementing Microsofts Cloud-Native Siem Solution
暫譯: Microsoft Azure Sentinel:規劃與實施微軟的雲端原生 SIEM 解決方案

Diogenes, Yuri, Dicola, Nicholas, Trull, Jonathan

Microsoft Azure Sentinel: Planning and Implementing Microsofts Cloud-Native Siem Solution
  • 出版商: MicroSoft
  • 出版日期: 2020-03-17
  • 售價: $1,580
  • 貴賓價: 9.5$1,501
  • 語言: 英文
  • 頁數: 208
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 0136485456
  • ISBN-13: 9780136485452
  • 相關分類: Microsoft Azure

    • 立即出貨 (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Microsoft Azure Sentinel

 

 

Plan, deploy, and operate Azure Sentinel, Microsoft's advanced cloud-based SIEM

 

 

 

Microsoft's cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response -- without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft's leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management... even proactive threat hunting to disrupt attacks before you're exploited.

 

 

 

 

Three of Microsoft's leading security operations experts show how to:

 

 

- Use Azure Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

 

- Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

 

- Explore Azure Sentinel components, architecture, design considerations, and initial configuration

 

- Ingest alert log data from services and endpoints you need to monitor

 

- Build and validate rules to analyze ingested data and create cases for investigation

 

- Prevent alert fatigue by projecting how many incidents each rule will generate

 

- Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

 

- Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

 

- Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

 

- Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

 

- Save resources by automating responses to low-level events

 

- Create visualizations to spot trends, identify or clarify relationships, and speed decisions

 

- Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto

 

商品描述(中文翻譯)

Microsoft Azure Sentinel

計劃、部署和操作 Azure Sentinel,微軟的先進雲端 SIEM

微軟的雲端 Azure Sentinel 幫助您充分利用先進的人工智慧,自動化威脅識別和響應,無需面對傳統安全資訊和事件管理(SIEM)解決方案的複雜性和可擴展性挑戰。現在,微軟的三位領先專家將回顧其所有功能,並逐步指導您進行規劃、部署和日常操作。利用支持早期客戶的實戰經驗,他們涵蓋了從配置到數據攝取、規則開發到事件管理,甚至是主動威脅獵捕,以在您受到攻擊之前破壞攻擊。

微軟的三位安全運營專家展示如何:

- 使用 Azure Sentinel 回應當今快速演變的網路安全環境,並利用其雲原生架構的優勢

- 檢視威脅情報的基本要素:攻擊者的動機、潛在目標,以及戰術、技術和程序

- 探索 Azure Sentinel 的組件、架構、設計考量和初始配置

- 從您需要監控的服務和端點攝取警報日誌數據

- 建立和驗證規則以分析攝取的數據並創建調查案例

- 通過預測每個規則將產生多少事件來防止警報疲勞

- 幫助安全運營中心(SOCs)無縫管理每個事件的生命周期

- 向主動威脅獵捕邁進:識別複雜的威脅行為並在您受到攻擊之前破壞網路殺戮鏈

- 更有效地利用數據:使用可編程的 Jupyter notebooks 及其庫進行機器學習、可視化和數據分析

- 使用 Playbooks 執行安全編排、自動化和響應(SOAR)

- 通過自動化對低級事件的響應來節省資源

- 創建可視化以發現趨勢、識別或澄清關係,並加快決策

- 與合作夥伴和其他第三方集成,包括 Fortinet、AWS 和 Palo Alto

作者簡介

Yuri Diogenes, Senior Program Manager at Microsoft Cybersecurity Engineering's Cloud and Artificial Intelligence Division, works closely with Azure Sentinel and Azure Security Center. Also a Professor at EC-Council University's MS and BS-level Cybersecurity programs, he holds an MS in Cybersecurity Intelligence & Forensics from Utica College, an MBA from FGF in Brazil, and several industry certifications. He is co-author of Microsoft Azure Security Center, Second Edition; Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices, and other Microsoft Press books.
Nicholas DiCola is Principal Program Manager at Microsoft Cybersecurity Engineering's Cloud and Artificial Intelligence Division, where he assists customers in deploying advanced Microsoft Azure security systems. Before joining Microsoft in 2006, he was IT/Cyber Specialist on Active Duty in the U.S. Marine Corps. He was contributing author of Automating Active Directory Administration with PowerShell.
Jonathan Trull (CSSP, CISSP, CISA, OSCP) is Global Director for the Microsoft Cybersecurity Solutions Group. He leads Microsoft's team of security advisors and cloud security architects in providing strategic direction for Microsoft security offerings and engaging with customers and partners worldwide. His 20 years of information security experience includes stints as VP and CISO for Optiv; as CISO for Qualys; and as CISO for the State of Colorado. As faculty member in Regis University's information assurance graduate program, he develops and teaches courses on network forensics, security architecture and design, malware analysis, and legal concepts in information security.

作者簡介(中文翻譯)

尤里·迪奧根斯(Yuri Diogenes),微軟網路安全工程部雲端與人工智慧部門的高級程式經理,與 Azure Sentinel 和 Azure Security Center 密切合作。他同時也是 EC-Council 大學的碩士及學士級網路安全課程教授,擁有 Utica College 的網路安全情報與取證碩士學位、巴西 FGF 的工商管理碩士學位,以及多項行業認證。他是 Microsoft Azure Security Center, Second EditionEnterprise Mobility Suite: Managing BYOD and Company-Owned Devices 及其他微軟出版社書籍的共同作者。

尼古拉斯·迪科拉(Nicholas DiCola)是微軟網路安全工程部雲端與人工智慧部門的首席程式經理,協助客戶部署先進的微軟 Azure 安全系統。在 2006 年加入微軟之前,他曾在美國海軍陸戰隊擔任 IT/網路安全專家。 他是 Automating Active Directory Administration with PowerShell 的貢獻作者。

喬納森·特魯爾(Jonathan Trull)(CSSP、CISSP、CISA、OSCP)是微軟網路安全解決方案小組的全球總監。他領導微軟的安全顧問和雲端安全架構師團隊,為微軟的安全產品提供戰略方向,並與全球的客戶和合作夥伴互動。他擁有 20 年的資訊安全經驗,曾擔任 Optiv 的副總裁和首席資訊安全官(CISO)、Qualys 的首席資訊安全官,以及科羅拉多州的首席資訊安全官。作為瑞吉斯大學資訊保障研究生課程的教職員,他開發並教授有關網路取證、安全架構與設計、惡意程式分析以及資訊安全法律概念的課程。

類似商品