Continuing in our Super Security Showdown series, in the last article we reviewed the Azure Security Center. Let’s complete the series with the OMS Security and Audit Solution.
- Azure Active Directory Identity Protection
- Windows Defender Advanced Threat Protection
- Microsoft Advanced Threat Analytics
- Azure Security Center
- OMS Security and Audit Solution
OMS Security and Audit Solution
Overview of OMS Security and Audit Solution
Operations Management Suite (OMS) is a cloud based service. Within it are several “Solutions” that provide insight, analysis, etc. against your environment.
The Security and Audit Solution collects: Windows security event logs, Windows firewall logs, and Windows event logs. From a forensic standpoint, OMS collects event logs as soon as they occur which helps combat against malicious users attempting to hide their activities.
Using the Security and Audit solution, you can:
- Conduct investigations for suspicious executable files
- Conduct investigations for communication with malicious IP addresses
- Perform forensic analysis
- Investigate security breach patterns
- Collect data for audit scenarios
There are other Solutions within OMS under the “Security and Compliance” classification, including Anti-Malware, and System Updates which do tie-in to Security to some degree, but I’ve deliberately excluded those from this article since this series is more focused on things like threat detection, etc.
OMS Security and Audit Solution Requirements
That’s enough of an overview, what are the requirements?
Requirements: Azure subscription, OMS Workspace
Pros: Not specific to Azure Resources (able to use against on-premises systems), Integrates with System Center Operations Manager
Con: Systems monitored require Internet access (or proxy) to send data back to OMS
OMS Security and Audit Solution Reference Material:
- Explore security with the Security and Audit solution: https://technet.microsoft.com/en-us/library/mt484109.aspx
- Operations Management Suite: https://technet.microsoft.com/en-us/library/mt484091.aspx
So that’s the OMS Security and Audit Solution. That completes our series (for now). If/when new security offerings appear we can always come back and add more.