To realize the full benefit of any cloud computing platform—Azure, AWS, or any other—you need to implement best practices related to security and compliance. All too often, data center security takes a backseat to data center design, which puts businesses at a disadvantage when it comes to keeping up with data regulations and preventing data breaches. A 2017 report from Intel Security notes that only 23% of organizations completely trust public clouds to keep their data secure. But with the right resources, it is possible for your organization to achieve both compliance and security in the cloud—without high costs, special expertise, or performance setbacks.
With security being one of the biggest barriers to cloud adoption, Microsoft has been directing many of its resources that way, including a recent expansion of its Azure Security Center. Below are some of the main features of the Security Center; compare them with other available security options on the market to find the one you feel most confident in and comfortable with.
Microsoft Azure Security Center: An Overview
Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. Using advanced analytics, it helps you detect potentially malicious activity across your hybrid cloud workloads, and recommends potential remediation steps, which you can then evaluate, and take the necessary action.
Why use Security Center? As a security solution, it offers:
- Centralized policy management. You can ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads.
- Continuous security assessment. It helps to monitor the security of your machines, networks, storage and data services, and applications to discover potential security issues.
- Actionable recommendations. It offers prioritized and actionable security recommendations so you can remediate security vulnerabilities before they can be exploited by attackers.
- Advanced cloud defenses. You can reduce threats with just-in-time access to management ports and whitelisting, to control applications running on your VMs.
- Prioritized alerts and incidents. You can focus on the most critical threats first thanks to prioritized security alerts and incidents.
- Integrated security solutions. You can collect, search, and analyze security data from a variety of sources, including connected partner solutions.
Azure Security Center offers two tiers of service, free and paid:
- Free access (Azure Resources Only) is very limited. It gives you access to a central console that provides a birds’ eye view of the security status of your Azure cloud resources. (Color indicators—red, orange, and green—make it easy to see the status at a glance.) You can also dig down into specific resources (like applications) to find out more about the severity of existing security issues. The free tier also enables access to a number of integrated partner solutions, for vulnerability assessments. These partner solutions within the Azure Security Center are easy to deploy and work seamlessly within the existing Security Center framework.
You can access the Azure Security Center through the Azure portal, from the left menu. Once you’ve selected it, the overview screen has three main categories: Overview, Prevention, and Detection.
The Security Center Overview provides a quick view into the security posture of your Azure and non-Azure workloads, enabling you to discover and assess the security of your workloads and identify and mitigate risk. The built-in dashboard provides instant insights into security alerts and vulnerabilities that require attention. Here you get a bird’s eye view of your security picture—the number of security solutions you’ve enabled, the number of new alerts and security incidents in the last 72 hours, and the number of security events (a change in the usual operations of a network or service) in the last week.
It also offers prioritized recommendations for improving security on your Azure virtual machines (VMs), network, SQL databases, and applications. For example, using Azure disk encryption for your Windows and Linux IaaS VM disks, and configuring network security group (NSG) rules that force inbound traffic to your VM through a firewall. In my experience, however, understanding how to configure NSGs—like creating inbound and outbound security rules—is more complex than it should be in the Azure Security Center. If you want anything more advanced than the basic options (like creating scheduling firewall rules to turn them on and off as policy dictates), you essentially have to perform those tasks in two different places with Azure.
The Prevention section breaks down those recommendations by area: compute, network, storage & data, and applications. Selecting a security recommendation guides you through the process of addressing the issue.
Microsoft Azure Security Center Features
Features included in standard access are:
- Security event collection—There are many ways of doing cloud security auditing (like disaggregated log management, Syslog, etc.), but collecting data logs in a central place so they can be searched and analyzed is a good way to identify notable security events that may require your attention.
- “Just in time” VM access—This is a fairly new feature that allows administrators to grant someone access to a VM for a defined period of time, say, for an hour or two. The ability to limit access to company data helps reduce your exposure to outside attacks. This is especially useful if you’re working with a consultant or outside agency that needs to access your VM remotely.
- Adaptive application controls—Another fairly new feature, adaptive application controls uses artificial intelligence to recommend applications to whitelist, which helps you avoid malicious and/or unauthorized software running on your VMs.
- Advanced threat detection for networks, VMs/servers, and Azure services—Adaptive application controls help control which applications can run on your VMs located in Azure, which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the processes running in the VM and helps you apply whitelisting rules using this intelligence.
- Built-in and custom alerts—There are various types of alerts you can set up within the Security Center depending on your company’s specific security policy. For example, you may want to set up alerts for potential distributed denial-of-service (DDOS) attacks, giving you a chance to investigate what’s going on around your infrastructure and workloads and potentially remediate the situation.
- Threat intelligence—Turning on this option enables the Azure Security Center system to better analyze and identify security threats in your environment. For example. threat intelligence can help you determine the nature of an attack, the attack point of origin, and more.
Until next time, Rob…..
Originally published at https://www.5nine.com/azure-security-center/