Azure Security Center – Overview
Azure security Center provides advanced thread protection and unified security management for a lot of different types of workload running in Azure, on premise or in other clouds. It provides an active defense which reduces your exposure to threads, and provides and intelligent detection to help you keep up to date with evolving cyber-attacks.
The Security Center Overview pages provides a quick look inside the current security status of your Azure and non-Azure workloads. The overview page also provides you with recommendations which can assist with tightening the security of your overall environment.
What do you get when you use Azure Security Center?
Unified security management
- Reduced management complexity. Manage security across all your hybrid cloud workloads – on-premises, Azure, and other cloud platforms – in one console. Built-in dashboards provide instant insights into security issues that require attention.
- Centralized policy management. Ensure compliance with company or regulatory security requirements by centrally managing security policies across all your hybrid cloud workloads.
- Security data from many sources. Collect, search, and analyze security data from a variety of sources, including connected partner solutions like network firewalls and other Microsoft services.
- Integration with existing security workflows. Access, integrate, and analyze security information using REST APIs to connect existing tools and processes.
- Compliance reporting. Use security data and insights to demonstrate compliance and easily generate evidence for auditors.
Multi-layer cyber defense
- Continuous security assessment. Monitor the security of machines, networks, and Azure services using hundreds of built-in security assessments or create your own. Identify software and configurations that are vulnerable to attack.
- Actionable recommendations. Remediate security vulnerabilities before they can be exploited by attackers with prioritized, actionable security recommendations and built-in automation playbooks.
- Adaptive application controls. Block malware and other unwanted applications by applying whitelisting recommendations adapted to your specific Azure workloads and powered by machine learning.
- Network access security. Reduce the network attack surface with just-in-time, controlled access to management ports on Azure VMs, drastically reducing exposure to brute force and other network attacks.
Intelligent threat detection and response
- Industry’s most extensive threat intelligence. Tap into the Microsoft Intelligent Security Graph, which uses trillions of signals from Microsoft services and systems around the globe to identify new and evolving threats.
- Advanced threat detection. Use built-in behavioral analytics and machine learning to identify attacks and zero-day exploits. Monitor networks, machines, and cloud services for incoming attacks and post-breach activity.
- Alerts and Incidents. Focus on the most critical threats first with prioritized security alerts and incidents that map alerts of different types into a single attack campaign. Create your own custom security alerts as well.
- Streamlined investigation. Quickly assess the scope and impact of an attack with a visual, interactive experience. Use predefined or ad hoc queries for deeper exploration of security data.
- Contextual threat intelligence. Visualize the source of attacks on an interactive world map. Use built-in threat intelligence reports to gain valuable insight into the techniques and objectives of known malicious actors.
Where to start?
To start using Azure Security Centre, a Microsoft Azure subscription is required. The Security Center can be access from the Azure Portal: https://portal.azure.com .
From the overview page, I will look at some of the recommendations and how we can implement them to add an additional layer of security to the environment.
From the recommendations page, I can see a list of 8 recommendation ranging from High to Medium severity.
How and where do I start with applying these recommendations? the start process is simple you can just click on one of the recommendations. This will open a new page giving you a brief explanation of the recommendation as well as informing that there is a cost involved.
But for the purpose of this demonstration I will go ahead and make use of the 60 Trial being offered.
I will go ahead and apply this to my IT Pro Cloud Essentials Benefits subscription. Because the Enable advanced security is only available from Standard subscription I will have to enable this 60-day freebie .
Click on the Standard tier and then select Save in the top left-hand corner. By simply just enabling the Standard pricing tier advanced security will automatically be enabled and the severity high will be changed to resolved in the security center.
Next is to Enabled data collection for all subscriptions, and again we can enable this from the recommendations page by clicking on the recommendation.
From the data Collection’s page, click “On” and then click on “Save” in the top left-hand corner.
From the security solution tab, you have the option of adding different data sources into Azure Security Center.
Services such as Microsoft Azure AD Identity Protection, Advance Threat Analytics can be used of additional data sources.
This is just a small overview of Azure Security center and there is much more to offer. To learn more about Microsoft Azure Security Center you can visit: https://docs.microsoft.com/en-us/azure/security-center/security-center-intro