Continuing in our Super Security Showdown series, in the last article we reviewed the Azure Security Center. Let’s complete the series with the OMS Security and Audit Solution.

 

OMS Security and Audit Solution

Overview of OMS Security and Audit Solution

Operations Management Suite (OMS) is a cloud based service. Within it are several “Solutions” that provide insight, analysis, etc. against your environment.

The Security and Audit Solution collects: Windows security event logs, Windows firewall logs, and Windows event logs. From a forensic standpoint, OMS collects event logs as soon as they occur which helps combat against malicious users attempting to hide their activities.

Using the Security and Audit solution, you can:

  • Conduct investigations for suspicious executable files
  • Conduct investigations for communication with malicious IP addresses
  • Perform forensic analysis
  • Investigate security breach patterns
  • Collect data for audit scenarios
OMS Security and Audit Solution
OMS Security and Audit Solution

There are other Solutions within OMS under the “Security and Compliance” classification, including Anti-Malware, and System Updates which do tie-in to Security to some degree, but I’ve deliberately excluded those from this article since this series is more focused on things like threat detection, etc.

 

OMS Security and Audit Solution Requirements

That’s enough of an overview, what are the requirements?

Requirements: Azure subscription, OMS Workspace

Pros: Not specific to Azure Resources (able to use against on-premises systems), Integrates with System Center Operations Manager

Con: Systems monitored require Internet access (or proxy) to send data back to OMS

 

OMS Security and Audit Solution Reference Material:

 

So that’s the OMS Security and Audit Solution. That completes our series (for now). If/when new security offerings appear we can always come back and add more.