 Hi there, and welcome to another edition of Tuesdays with Corey. I am continuing my string of demos to show off some of the really cool stuff that we announced at Ignite. There were so many things, so many things, and now I'm going to show you some of the security stuff. This stuff's awesome. If you haven't played with the Azure Security Center, you are missing out like nobody's business. You should go play with this. This is a fun thing to go play with. It will tell you, it will scare you for sure. It's Halloween, or it was Halloween recently in the recent past. We recorded this before Halloween just to be clear, so it sort of feels like Halloween. Where was I? Oh, so security, scare you. That's right. It's all coming back. There's some really cool stuff, but some of the coolest stuff that we launched here in this recent Ignite experience is how to go both investigate and lock down your system by default. If you played with the Security Center, and here I'll show you a little bit of what this looks like. Go into it. You can see all sorts of cool things. You can see prevention. You can go in and say, look, I want to go track all sorts of potential risks with my compute setup, my networking setup, my storage setup, any application support. I've got ports open. I've got bad passwords. This will go in and actually try and detect it, try and tell you what's wrong, and try and make sure that you are setting up your environment in a safe way. This is live active prevention that's going on with your environment. You can track that and monitor that and make sure that you're running your environment in the right way. But there's two other things that are super cool. One is it actually is also detecting potential problems, risks, attacks, potential issues. Here you can see I've got the detection going here, and there are actually 12 high severity security alerts. I'm actually going to zoom in here and take a look at what these are. You can see the types of things that this is checking. This is checking potential SQL injection. It's detecting a suspicious process that's being executed, a successful brute force attack that maybe has happened. Across a bunch of high and potentially risky areas, sometimes a medium area, but yeah, you've got suspicious incoming RDP network activity. This is combining both what we know about your running instance, but also an agent running inside. The combination of what we know around your network, plus what's inside, we're able to do a bunch of machine learning to be able to predict and guess and try and understand whether something's gone wrong here. If I actually go in here and take a look and see, let's see if I've got the suspicious process executed. So I can click on this and sort of better understand what this means, right? What type of process is executing, why do we think it's suspicious? And so if I click right in here, it's going to show me the details of this specific attack vector and then help me understand potential other risks or potential problems that may come from this same attack vector. And so here you can see I've got a couple machines that that suspicious process has been executed on and so it's got a high severity. So let me actually zoom in here and take a look and see the details of this. So it looks like this has been running gen hash.exe, okay? And so clearly that sounds like maybe a suspicious guy and so that's why it's been watching this machine for some period of time and it now comes back and says, hey, this is different from what we've been seeing on this. And so it's using machine learning to try and predict these sorts of weird things. And so it actually gives me a bunch of remediation steps down here of how to go fix this, but what's great, I can also run a playbook so I can go in and actually run a playbook straight from Logic Apps, right? And so be able to launch that directly in here. But another thing that's super cool is I can come in here and actually run through an investigation process. So what that means is that if I actually pull this up, I can now, based on the issue that it was detected, they can now create a map for me of all the surrounding potential problems that may be happening in the environment, right? So instead of just having this one executable on this one machine be a problem, it shows me all of the connecting machines. So here you can see, right? And not only that, but they dance as I walk through them. And so you see I've got this suspicious process and this starts an investigation here. And it's been, it's on this one specific website. And so, excuse me, on this website backend, right? And so you can see here, now I look around, Abby Becker was the one who ran this suspicious product. So I can actually click over on her and zoom in on to her because she now seems like she's the problem, right? And so this is a sign in from an unfamiliar location. And so now I can go in and say, use it from an unfamiliar location. That's interesting. So this, now this suspicious process came from Abby Becker, who signed in from an unfamiliar location. Now, what other machines did she access? Well, uh-oh, this other machine you can see right here in this map. She also accessed as well. And it looks like there was a successful brute force attempt on here and another suspicious process. This now leads me to another security incident that I didn't connect with this one. But now by walking it through this map, I can now see that they actually are connected and they are related to this incorrect or illegitimate login from Abby Becker. And so this is awesome. So this allows me, and then again, I can go in and straight from here, I can actually run a playbook, wipe these machines, clean them off. But now I know actually how they got in and I can go change my processes according to a super cool experience. And like I said, it's just fun. You can kind of make these guys dance around, see. And so not only is it fun, but you can actually make some music from it or some visual pictures here. So that's really fun. Now, last thing I'll show you built in, right here in the security center, just in time access. This is super cool. As an administrator, you can go in now and say, you are going to lock down a specific machine and you are going to go in and make sure that if people access them and they want to go, let's say, use SSH onto a machine or they want to enable RDP and they want to log in. You can now as the master administrator say, that's okay. They can request access. When they do it, we will audit that they requested access and we will lock it down after two hours after they're in. We will then close the port off and they will have to request access again. So now it gives you this audit, this compliance control over people accessing even for standard operational procedures. You can now make sure that the right behavior is happening. And so if you go in here and configure this right here, you can say how long you want the max request time. Maybe you want it shorter or longer. You can even require it to be from only IPs within your environment. So you can lock down your environment, secure it with this just in time access. It's what we do internally for our own security systems. And now you can do this yourself as well. So super cool, security center, go play with it, gives you prevention. It gives you the ability to detect problems. Now with investigate, you can once a problem is detected, you can walk the map and find out all the relative related problems. And of course, with just in time access, you lock down your environment by default. It's secure and locked down by default. With that, if you have any questions, comments, concerns, feedback, ideas, let us know at hashtag Azure TWC, we'd love to hear from you. And with that, have a wonderful and a secure Tuesday. Thanks a lot. I cannot believe this. I think this is the longest demo we've ever had, even better. Can you say, we ready this one? It's not going to work. Security's saying it out of the day. Hey, no! Are you ready? What was I saying? I have no idea. All right, well, this works.