Azure 基础结构监视Azure infrastructure monitoring

配置和更改管理Configuration and change management

Azure 每年都会检查和更新硬件、软件和网络设备的配置设置和基线配置。Azure reviews and updates configuration settings and baseline configurations of hardware, software, and network devices annually. 在从开发和/或测试环境进入生产环境之前,需开发、测试和批准更改。Changes are developed, tested, and approved prior to entering the production environment from a development and/or test environment.

Azure 安全性和符合性团队以及服务团队会对基于 Azure 的服务所需的基线配置进行评审。The baseline configurations that are required for Azure-based services are reviewed by the Azure security and compliance team and by service teams. 服务团队评审是在部署其产品服务前进行的测试的一部分。A service team review is part of the testing that occurs before the deployment of their production service.

漏洞管理Vulnerability management

安全更新管理可帮助保护系统免受已知漏洞的侵害。Security update management helps protect systems from known vulnerabilities. Azure 使用集成的部署系统来管理 Microsoft 软件的安全更新的分发和安装。Azure uses integrated deployment systems to manage the distribution and installation of security updates for Microsoft software. Azure 还可以利用 Microsoft 安全响应中心 (MSRC) 的资源。Azure is also able to draw on the resources of the Microsoft Security Response Center (MSRC). MSRC 一年中每天每时识别、监视、响应和解决安全事件以及云漏洞。The MSRC identifies, monitors, responds to, and resolves security incidents and cloud vulnerabilities around the clock, every day of the year.

漏洞扫描Vulnerability scanning

对服务器操作系统、数据库和网络设备进行漏洞扫描。Vulnerability scanning is performed on server operating systems, databases, and network devices. 至少按季度进行漏洞扫描。The vulnerability scans are performed on a quarterly basis at minimum. Azure 与独立评估师约定,对 Azure 边界进行渗透测试。Azure contracts with independent assessors to perform penetration testing of the Azure boundary. 还会定期进行红队练习,根据结果来改善安全性。Red-team exercises are also routinely performed and the results are used to make security improvements.

保护监视Protective monitoring

Azure 安全性定义了主动监视的要求。Azure security has defined requirements for active monitoring. 服务团队配置符合这些要求的主动监视工具。Service teams configure active monitoring tools in accordance with these requirements. 主动监视工具包括 Microsoft Monitoring Agent (MMA) 和 System Center Operations Manager。Active monitoring tools include the Microsoft Monitoring Agent (MMA) and System Center Operations Manager. 这些工具配置为在需要立即采取措施的情况下向 Azure 安全管理人员提供实时警报。These tools are configured to provide time alerts to Azure security personnel in situations that require immediate action.

事件管理Incident management

Microsoft 实施安全事件管理过程,以在发生事件时加速对事件的协调响应。Microsoft implements a security incident management process to facilitate a coordinated response to incidents, should one occur.

如果 Microsoft 发现对存储在其设备或设施上的客户数据未经授权的访问,或者发现未经授权访问这些设备或设施导致客户数据丢失、泄露或更改,Microsoft 将采取以下措施:If Microsoft becomes aware of unauthorized access to customer data that's stored on its equipment or in its facilities, or it becomes aware of unauthorized access to such equipment or facilities resulting in loss, disclosure, or alteration of customer data, Microsoft takes the following actions:

  • 立即通知客户相关安全事件。Promptly notifies the customer of the security incident.
  • 立即调查安全事件,并向客户提供有关安全事件的详细信息。Promptly investigates the security incident and provides customers detailed information about the security incident.
  • 执行合理的提示性步骤,以减轻影响并将安全事件导致的所有损害降至最低。Takes reasonable and prompt steps to mitigate the effects and minimize any damage resulting from the security incident.

已建立一个事件管理框架,其中定义了角色并分配了职责。An incident management framework has been established that defines roles and allocates responsibilities. Azure 安全事件管理团队负责管理安全事件,包括升级,并确保在必要时专家团队的参与。The Azure security incident management team is responsible for managing security incidents, including escalation, and ensuring the involvement of specialist teams when necessary. Azure 操作管理员负责监督安全和隐私事件的调查及解决。Azure operations managers are responsible for overseeing the investigation and resolution of security and privacy incidents.

后续步骤Next steps

若要详细了解 Microsoft 如何保护 Azure 基础结构,请参阅:To learn more about what Microsoft does to secure the Azure infrastructure, see: