Trend Micro Cloud One™ – Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected "Update Security Policy" events in your Microsoft Azure cloud account.
A security policy defines the set of controls that are recommended for the cloud resources deployed within your Azure account. The security policies that you enable in Azure Security Center for your cloud account, drive security recommendations and monitoring, and must be in accordance with your organization's security requirements, the types of workloads used, or the data sensitivity and confidentiality level configured for each Azure subscription. After you enable security policies for a subscription's resources, Microsoft Azure Security Center analyzes the security of your cloud resources to identify potential vulnerabilities.
The Real-Time Threat Monitoring and Analysis (RTMA) feature can detect any API call related to configuration changes made to your security policies. The activity detected by Trend Micro Cloud One™ – Conformity RTMA could be, for example, a user action initiated through the Microsoft Azure Portal or an API request initiated programmatically using the REST API or Windows PowerShell, that triggers an "Update Security Policy" operational event. To adhere to cloud security best practices and implement the Principle of Least Privilege (POLP), Trend Micro Cloud One™ – Conformity strongly recommends that you avoid providing your non-privileged, non-administrator users the permission to update the security policies enabled for your Azure cloud subscriptions.
The communication channels for sending RTMA notifications can be configured within your Conformity account. The list of supported communication channels that you can use to receive notification alerts for security policy update events are SMS, Email, Slack, Zendesk, ServiceNow, and PagerDuty.
Monitoring your Microsoft Azure account subscriptions for "Update Security Policy" events can provide insight into the security configuration changes made at the subscription level and can help you to reduce the time it takes to detect suspicious activity such as unsolicited or unauthorized update requests made for security policies. Security policies should reflect long-term viable objectives that align with your organization's security strategy and risk tolerance, therefore, monitoring any security policy configuration changes is essential for keeping your Azure cloud account secure.
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Detect Update Security Policy Event
Risk level: High