Trend Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected "Update Security Policy" events in your Microsoft Azure cloud account.
A security policy defines the set of controls that are recommended for the cloud resources deployed within your Azure account. The security policies that you enable in Azure Security Center for your cloud account, drive security recommendations and monitoring, and must be in accordance with your organization's security requirements, the types of workloads used, or the data sensitivity and confidentiality level configured for each Azure subscription. After you enable security policies for a subscription's resources, Microsoft Azure Security Center analyzes the security of your cloud resources to identify potential vulnerabilities.
This rule resolution is part of the Conformity Real-Time Threat Monitoring.
The Real-Time Threat Monitoring and Analysis (RTMA) feature can detect any API call related to configuration changes made to your security policies. The activity detected by Trend Cloud One™ – Conformity RTMA could be, for example, a user action initiated through the Microsoft Azure Portal or an API request initiated programmatically using the REST API or Windows PowerShell, that triggers an "Update Security Policy" operational event. To adhere to cloud security best practices and implement the Principle of Least Privilege (POLP), Trend Cloud One™ – Conformity strongly recommends that you avoid providing your non-privileged, non-administrator users the permission to update the security policies enabled for your Azure cloud subscriptions.
The communication channels for sending RTMA notifications can be configured within your Conformity account. The list of supported communication channels that you can use to receive notification alerts for security policy update events are SMS, Email, Slack, Zendesk, ServiceNow, and PagerDuty.
Rationale
Monitoring your Microsoft Azure account subscriptions for "Update Security Policy" events can provide insight into the security configuration changes made at the subscription level and can help you to reduce the time it takes to detect suspicious activity such as unsolicited or unauthorized update requests made for security policies. Security policies should reflect long-term viable objectives that align with your organization's security strategy and risk tolerance, therefore, monitoring any security policy configuration changes is essential for keeping your Azure cloud account secure.
References
- Microsoft Azure Official Documentation
- Azure Security Center
- What is Azure Security Center?
- Remediate recommendations in Azure Security Center
- Manage security policies