WEBVTT 0:00:02.640000 --> 0:00:07.860000 I think it's safe to say that manually attempting to keep up with all 0:00:07.860000 --> 0:00:13.380000 the vulnerabilities across all of your systems is a task that's very daunting. 0:00:13.380000 --> 0:00:18.200000 That's why in this video, we're going to take a look at vulnerability 0:00:18.200000 --> 0:00:23.020000 management, vulnerability assessment that is available through the Azure 0:00:23.020000 --> 0:00:26.980000 environment. What we're going to cover, we're going to look at vulnerability 0:00:26.980000 --> 0:00:30.960000 assessment, and then I'm going to demonstrate vulnerability assessment. 0:00:30.960000 --> 0:00:34.280000 Pretty straightforward, pretty quick video. 0:00:34.280000 --> 0:00:36.420000 So let's go ahead and jump right in. 0:00:36.420000 --> 0:00:41.340000 Now, don't be fooled by the simplicity of the video. 0:00:41.340000 --> 0:00:45.160000 This is a very important concept. 0:00:45.160000 --> 0:00:48.820000 You have to have vulnerability scanning on your machines, because new 0:00:48.820000 --> 0:00:50.960000 vulnerabilities come up all the time. 0:00:50.960000 --> 0:00:54.260000 What do we have with our integrated vulnerability scanning? 0:00:54.260000 --> 0:00:59.420000 First of all, it is integrated, but it is integrated with the standard 0:00:59.420000 --> 0:01:01.960000 tier security center. 0:01:01.960000 --> 0:01:06.360000 There's really a few different variations of this. 0:01:06.360000 --> 0:01:10.580000 One and the one that's probably most common is virtual machines. 0:01:10.580000 --> 0:01:13.680000 As I said, it is a feature of standard tier. 0:01:13.680000 --> 0:01:17.880000 It is actually not directly from Microsoft, it's integrated, but it's 0:01:17.880000 --> 0:01:19.440000 actually provided by Qualys. 0:01:19.440000 --> 0:01:23.020000 So if you use Qualys for vulnerability scanning on premises, you would 0:01:23.020000 --> 0:01:25.700000 probably be very familiar with this. 0:01:25.700000 --> 0:01:27.800000 Now, it is licensed separately. 0:01:27.800000 --> 0:01:29.540000 It's not part of a Qualys license. 0:01:29.540000 --> 0:01:31.020000 It's not integrated into their system. 0:01:31.020000 --> 0:01:34.760000 It's fully integrated and licensed through security center standard tier. 0:01:34.760000 --> 0:01:38.820000 It runs as an extension that is deployed to the virtual machines. 0:01:38.820000 --> 0:01:42.880000 And it reports on vulnerabilities at the OS level and above. 0:01:42.880000 --> 0:01:47.300000 So if you are familiar with security center, you know things like adjusting 0:01:47.300000 --> 0:01:49.560000 time access to your virtual machines. 0:01:49.560000 --> 0:01:54.280000 That's going to be covered at the management plane at the Azure plane. 0:01:54.280000 --> 0:01:56.500000 This takes a look above that. 0:01:56.500000 --> 0:02:00.380000 This is going in and looking for any known vulnerabilities in the operating 0:02:00.380000 --> 0:02:04.720000 system and even any services that you're running on top of that operating 0:02:04.720000 --> 0:02:06.500000 system in your virtual machine. 0:02:06.500000 --> 0:02:11.700000 So you're looking at a very well-rounded security tool. 0:02:11.700000 --> 0:02:14.820000 And if you don't want to use that, if you have another one, if you're 0:02:14.820000 --> 0:02:17.900000 already licensed with something else and you want to extend it in, that's 0:02:17.900000 --> 0:02:18.840000 fine. They're virtual machines. 0:02:18.840000 --> 0:02:25.000000 Of course, it's not going to be integrated into the security center, but 0:02:25.000000 --> 0:02:30.700000 it is there. Now, one thing to note that the actual integrated vulnerability 0:02:30.700000 --> 0:02:35.980000 scanning requires the standard tier of security center. 0:02:35.980000 --> 0:02:41.940000 However, it will look, security center will look for whether or not you've 0:02:41.940000 --> 0:02:43.920000 got a vulnerability management installed. 0:02:43.920000 --> 0:02:47.740000 And if you don't, it's going to flag that. 0:02:47.740000 --> 0:02:51.980000 If you have a third party tool installed, then it will accept that. 0:02:51.980000 --> 0:02:58.100000 So that's the support within your, or about that wrong thing. 0:02:58.100000 --> 0:03:03.740000 That is the support within your virtual machines container registries. 0:03:03.740000 --> 0:03:08.800000 Whenever you push, images are assessed. 0:03:08.800000 --> 0:03:14.080000 Now, this is actually pretty cool because if, like myself, you are definitely 0:03:14.080000 --> 0:03:18.820000 tied in to containerized solutions, you're building custom images, but 0:03:18.820000 --> 0:03:22.160000 you're usually building your images on top of some other image. 0:03:22.160000 --> 0:03:24.460000 You always are some other image. 0:03:24.460000 --> 0:03:29.260000 And oftentimes there can be a several layer hierarchy of images, and it 0:03:29.260000 --> 0:03:32.700000 can be difficult to know when any vulnerabilities may have been introduced 0:03:32.700000 --> 0:03:35.620000 to those. But that's what this tool does. 0:03:35.620000 --> 0:03:40.700000 I tied into my Azure Container Registry, and it's going to have essentially 0:03:40.700000 --> 0:03:46.520000 a white list and a black list of images, and it's going to let me know 0:03:46.520000 --> 0:03:52.060000 if there are any images that are suspect to be vulnerable, which is pretty 0:03:52.060000 --> 0:03:56.740000 cool stuff. Now, there's also a vulnerability scanner for SQL Server. 0:03:56.740000 --> 0:04:00.160000 You would go and set that up through SQL Server, and of course it's going 0:04:00.160000 --> 0:04:05.540000 to look for data-related vulnerabilities as part of the overall enhanced 0:04:05.540000 --> 0:04:09.820000 security for SQL Server. 0:04:09.820000 --> 0:04:12.780000 All right, so that's vulnerability assessment. 0:04:12.780000 --> 0:04:14.120000 Let's take a quick look. 0:04:14.120000 --> 0:04:17.860000 Now, in this particular demonstration, I'm going to pop into Security 0:04:17.860000 --> 0:04:22.740000 Center. We're going to see where you can go and activate your vulnerability 0:04:22.740000 --> 0:04:29.140000 scanner, and then where you would see vulnerabilities if they were being 0:04:29.140000 --> 0:04:33.500000 recognized. And I'll see if I still have any from previous virtual machines, 0:04:33.500000 --> 0:04:37.100000 and I don't think that I do, but you'll see enough to know where it is 0:04:37.100000 --> 0:04:37.740000 and how to do it. 0:04:37.740000 --> 0:04:41.300000 So let's go ahead and let's jump into that. 0:04:41.300000 --> 0:04:48.020000 So I've got Security Center, and what I'm going to do within Security 0:04:48.020000 --> 0:04:53.620000 Center, I'm going to go down to Compute and Apps. 0:04:53.620000 --> 0:05:00.480000 And here I've got quite a number of recommendations, some of which are 0:05:00.480000 --> 0:05:04.120000 now on none, because we don't have them. 0:05:04.120000 --> 0:05:07.680000 It does say, vulnerability assessment solution should be installed on 0:05:07.680000 --> 0:05:08.660000 your virtual machine. 0:05:08.660000 --> 0:05:11.380000 So I'm going to go ahead and take a look at that. 0:05:11.380000 --> 0:05:14.520000 And it says, are not, but there are. 0:05:14.520000 --> 0:05:22.800000 So let's go to VMs and servers, go to my virtual machine, and there we 0:05:22.800000 --> 0:05:27.920000 go, enable the built-in vulnerability assessment solution on virtual machines. 0:05:27.920000 --> 0:05:30.180000 Go ahead and quick fix that. 0:05:30.180000 --> 0:05:34.840000 And all I have to do is hit remediate. 0:05:34.840000 --> 0:05:40.060000 And what that's going to do is actually install the assessment tool onto 0:05:40.060000 --> 0:05:40.940000 my virtual machine. 0:05:40.940000 --> 0:05:44.940000 And then it's going to be analyzing the virtual machine against the rules 0:05:44.940000 --> 0:05:50.060000 and detection logic that's built by Qualys, and then anything that would 0:05:50.060000 --> 0:05:53.600000 come up, anything that would show from that, would of course show up in 0:05:53.600000 --> 0:05:58.540000 my recommendation list for this virtual machine. 0:05:58.540000 --> 0:06:01.740000 And really that's pretty much it, pretty straightforward. 0:06:01.740000 --> 0:06:06.860000 Again, key things to remember is that that integrated vulnerability scanning 0:06:06.860000 --> 0:06:12.140000 is available for virtual machines, for SQL Server, for Azure Container 0:06:12.140000 --> 0:06:19.080000 Registries. It requires a standard tier of security center. 0:06:19.080000 --> 0:06:24.020000 And if you don't have the standard tier of security center, you can still, 0:06:24.020000 --> 0:06:31.960000 it will still look to see if vulnerability assessment is installed on 0:06:31.960000 --> 0:06:32.640000 your virtual machines.