OMS Security: Threat Intelligence

Among the various features offered by Operations Management Suite (OMS) There is the possibility to activate the solution called Security & Compliance that identifies, evaluate and mitigate potential risks of security on our systems. The solution you can turn it on easily with just a few steps:

  1. I log into the portal who and I select the tile "Solutions Gallery"

Figure 1 – Step 1: activating solution Security & Compliance

  1. Among the various solutions offered have the ability to add "Security & Compliance " that currently includes the solution "Antimalware Assessment"e"Security and Audit"

Figure 2 – Step 2: activating solution Security & Compliance

  1. Select the Workspace who and by pressing the button Create the solution is added and made available for use

Figure 3 – Step 3: activating solution Security & Compliance

As a result of the activation of the ’ solution who will connect to systems with the agent installed to perform a security assessment that may initially require up to several hours, then return the processed data in the portal. The solution is able to examine both Windows and Linux machines and helps protect l ’ infrastructure be it on-premises or in the cloud. In this article we'll delve into the functioning of the mechanism of Threat Intelligence.

Figure 4 – Architecture Threat Intelligence

Threat Intelligence plays a vital role in ’ solution scope of security of OMS thanks to a nearly real-time correlation of data collected in the repository OMS with information from leading vendor of Threat Intelligence and with the data provided by the Microsoft security centers. Let us not forget that Microsoft is constantly working to protect their services in the cloud and therefore has a unique visibility and widespread threats that can potentially affect our systems. Providing this functionality Microsoft enables its customers to benefit easily of his knowledge to protect resources, detect attacks and act the same with a quick response without having to resort to complex integration scenarios.

Threat Intelligence is able to provide the following information that enable teams of security to make the necessary actions and to understand the possible level of impairment of their systems:

  • Detect the nature of the attack
  • Determines the intent of the attack, useful to understand if it is a targeted attack at your organization to acquire specific information or if it is a random and massive attack
  • Identifies where the attack
  • Intercepts any compromised systems and reports the server performing traffic considered malevolent outwards
  • Reports which files have been possibly accessed

To access the information in the main portal dashboard Threat Intelligence who select the tile "Security and Audit":

Figure 5 – Tile Security and Audit

On the dashboard "Security and Audit" is the section Threat Intelligence then reset:

Figure 6 – Information of Threat Intelligence

In tile Server with outbound malicious traffic monitored server systems are reported that are generating malicious traffic from the Internet. If they are reported immediately should undertake in this tile systems of remedies.

In tile Detected threat types shows a summary of threat detected recently:

Figure 7 – Tile Detected threat types

By selecting the tile you can also obtain more details about:

Figure 8 – Details about the threat detected

Threat Intelligence also provides the map display of the attacks which enables you to quickly identify which part of the globe are made. Orange arrows indicate the presence of incoming malicious traffic, While Red arrows indicate malicious traffic outbound to certain location. By selecting a specific arrow you will get more details about the source of the attack:

Figure 9 – Threat Intelligence map

Conclusions

Detect potential attacks and respond quickly and effectively to security incidents that occur in your environment is crucial. Activating the solution "Security & Compliance"the Microsoft Operations Management Suite (OMS) You can use Threat Intelligence to enhance the effectiveness of its strategies in security and have a powerful tool that can minimize the amount of potential incidents of security. For those interested to further deepen this and other features of the who remember that you can try the OMS for free.

Leave a Reply

Your email address will not be published. Required fields are marked *