Data
Reader small image

You're reading from  Machine Learning Security with Azure

Product typeBook
Published inDec 2023
PublisherPackt
ISBN-139781805120483
Edition1st Edition
Tools
Azure
Concepts
Machine Learning
Right arrow
Author (1)
Georgia Kalyva
Georgia Kalyva
author image
Georgia Kalyva

Georgia Kalyva is a technical trainer at Microsoft. She was recognized as a Microsoft AI MVP, is a Microsoft Certified Trainer, and is an international speaker with more than 10 years of experience in Microsoft Cloud, AI, and developer technologies. Her career covers several areas, ranging from designing and implementing solutions to business and digital transformation. She holds a bachelor's degree in informatics from the University of Piraeus, a master's degree in business administration from the University of Derby, and multiple Microsoft certifications. Georgia's honors include several awards from international technology and business competitions, and her journey to excellence stems from a growth mindset and a passion for technology.
Read more about Georgia Kalyva

Right arrow

Logging, Monitoring, and Threat Detection

Following best practices is not enough. The threat landscape changes every day and adversaries find new ways to gain access to our resources. Monitoring the safeguards we have put in place is vital to maintaining our security posture. In this chapter, we will see how to monitor our resources and see how effective our security measures are in preventing and detecting threats. We will learn how Azure Monitor works and how to configure logging, retention, and notifications. Finally, we will explore some features of Defender for Cloud and Microsoft Sentinel that can further help us protect our resources and mitigate threats even in real time.

In this chapter, we’re going to cover the following main topics:

  • Enabling logging and configuring data retention for Azure services
  • Securing resources with Microsoft Defender
  • Exploring threat management with Sentinel

By the end of this chapter, we will be able to set up alerts...

Technical requirements

Although this chapter deals mostly with monitoring and logging, knowing the Kusto Query Language (KQL) might come in handy when implementing solutions.

KQL is a query language used to query, analyze, and visualize large datasets stored in Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and Application Insights. KQL is a powerful language that allows you to perform various operations on your data, including filtering, aggregating, joining, and visualizing it.

KQL learning resources

Some resources to learn KQL can be found here: https://learn.microsoft.com/en-us/azure/data-explorer/kql-learning-resources.

Enabling logging and configuring data retention for Azure services

As soon as we create an Azure subscription, we get full monitoring capabilities with the Azure Monitor service. This is a service where we do not need to enable or do any action, it is automatically available for our subscriptions. Although it provides us with full stack monitoring and advanced analytics, there are different things we can do with services that work on top of Azure Monitor. Azure Monitor can monitor and combine data in Azure, on-premises, and other clouds.

You can access the Azure Monitor service by searching for monitor on the search bar and clicking on the resource. In this blade, you will see all Monitor has to offer:

Figure 9.1 – An Azure Monitor overview

Figure 9.1 – An Azure Monitor overview

Let us see the key components of Azure Monitor.

Working with Azure Monitor

There are two types of data Monitor gathers, metrics and logs. Metrics are numerical values that represent various aspects of...

Securing resources with Microsoft Defender

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP) designed specifically for cloud environments. It offers a comprehensive set of security measures and best practices, aimed at safeguarding cloud-based applications against a wide range of cyber attacks and vulnerabilities. Microsoft Defender for Cloud combines several functionalities, including a cloud workload protection platform (CWPP) focusing on infrastructure, storage, and so on, a cloud security posture management (CSPM) solution to prevent security issues, and a DevSecOps solution that helps to secure code across different clouds if needed. Defender includes a basic CSPM without additional cost. There are advanced features that you can enable on top of that, including attack path analysis, the cloud security explorer, advanced threat hunting, security governance, as well as tools to evaluate your security compliance across regulatory standards that...

Exploring threat management with Sentinel

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution. It offers intelligent security analytics and threat intelligence centrally for Azure and other clouds. With Sentinel, we have smart alert detection, threat visibility, hunting, and response, all in a single pane. There are several benefits to using Sentinel for the aforementioned tasks:

  • As a cloud solution, it scales with our data, and we pay for what we use.
  • Microsoft Sentinel gathers data using connectors from a wide range of sources, including Azure services, on-premises environments, and other clouds.
  • The service comes with built-in ML models that help to identify suspicious activities and reduce false positives. Over time, these models can be trained to improve their accuracy based on your organization’s unique patterns.
  • Threat hunting is done using KQL to...

Summary

In this chapter, we learned to utilize multiple services, ensuring we can monitor our resources effectively by enabling different services and learning how we can start to use the logs we gather to prevent security incidents. The first one we worked with was Azure Monitor, using Monitor alerts to make sure we can be notified about any issues. By combining the capabilities of Monitor Log Analytics and Application Insights, we can have end-to-end monitoring of our resources and our model endpoints. Additionally, by using Microsoft Defender for Cloud, we can get recommendations to implement best practices, and we can use Microsoft Sentinel for advanced threat management. Now that we have a comprehensive view of the best practices across different surface areas included in a ML project, we can combine them and see how we can build a security baseline for our Azure resources in the next chapter.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 13 of 17
Next Chapter
You have been reading a chapter from
Machine Learning Security with Azure
Published in: Dec 2023Publisher: PacktISBN-13: 9781805120483
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Georgia Kalyva

Georgia Kalyva is a technical trainer at Microsoft. She was recognized as a Microsoft AI MVP, is a Microsoft Certified Trainer, and is an international speaker with more than 10 years of experience in Microsoft Cloud, AI, and developer technologies. Her career covers several areas, ranging from designing and implementing solutions to business and digital transformation. She holds a bachelor's degree in informatics from the University of Piraeus, a master's degree in business administration from the University of Derby, and multiple Microsoft certifications. Georgia's honors include several awards from international technology and business competitions, and her journey to excellence stems from a growth mindset and a passion for technology.
Read more about Georgia Kalyva

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1
Generative AI with LangChain

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5
Mastering Tableau 2023

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5
Building AI Applications with ChatGPT APIs

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2
Data Engineering with AWS

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5
Modern Data Architecture on AWS

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5
Practical Guide to Applied Conformal Prediction in Python

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages
TinyML Cookbook

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages