Azure Security Center

Posted 7 February 2017 12:00 AM by Vishan Sondhi, Business Productivity Specialist @ ClearPeople

With more and more organisations adopting cloud solutions such as Azure, the security of the cloud resources is becoming a growing concern. This blog will aim to give you a detailed overview of the Azure Security Center and how it gives you the tools you need to address your organisations security posture in the cloud. 

Azure Security Center provides you with a centralised view of all your Azure Resources and their security state. At a glance, you can verify the appropriate security controls that in place and quickly identify any resources that require attention. Azure Security Center has 3 core capabilities which are:

  • Prevent – Azure Security Center will monitor your Azure subscription(s) based the security policies you configure.
  • Detect - Security Center will automatically collect and analyse security data from your Azure resources, the network, and partner solutions like anti-malware programs and firewalls. It leverages global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds.
  • Respond – Any alerts generated are prioritised, insights into the source of an attack and any impacted resources are all part of Azure Security Center, along with suggestions on how to stop a current attack and help prevent future attacks. 

Security Center Dashboard

Below is a screenshot of the Security Center Dashboard to give you a high level overview of the security of your Azure Subscription.

azure security center dashboard

You can drill down further to view the security issues by clicking on the line items, or graphs where you can view recommendations about the issue.

Security Policies

A Security Policy defines the set of controls, which are recommended for resources within your subscription or resource group.

By default all prevention policies are turned on. Prevention policies and recommendations are tied to each other. In other words, if you enable a prevention policy, such as OS Vulnerabilities, then that enables recommendations for that policy. In most situations, you will want to enable all policies, even though some might be more important to you than others depending on the Azure resource you’ve deployed. 

Below is a screenshot of all the prevention policies (turned on by default).

Media Library System updates. Retrieves a daily list of available security and critical updates from Windows Update or Windows Server Update Services.
OS vulnerabilities. Analyses operating system configurations daily to determine issues that could make the virtual machine vulnerable to attack.
Endpoint protection. Recommends endpoint protection to be provisioned for all Windows virtual machines to help identify and remove viruses, spyware, and other malicious software.
Disk encryption. Recommends enabling disk encryption in all virtual machines to enhance data protection at rest.
Network Security Groups. Recommends that network security groups be configured to control inbound and outbound traffic to VMs that have public endpoints. In addition to checking that a network security group has been configured, this policy assesses inbound security rules.
Web application firewall. Extends network protections beyond network security groups, which are built into Azure. Security Center will discover deployments for which a next generation firewall is recommended and enable you to provision a virtual appliance.
Next generation firewall. Extends network protections beyond network security groups, which are built into Azure. Security Center will discover deployments for which a next generation firewall is recommended and enable you to provision a virtual appliance.
Vulnerability Assessment. Recommends that you install a vulnerability assessment solution on your VM.
SQL auditing & Threat detection. Recommends that auditing of access to Azure Database be enabled for compliance and advanced threat detection, for investigation purposes.
SQL Encryption. Recommends that encryption at rest be enabled for your Azure SQL Database, associated backups, and transaction log files. Even if your data is breached, it will not be readable.

Recommendations

As Security Center collects data from your Azure resources, it will periodically analyse the contents of that data and present you with recommendations to address potential security vulnerabilities. On the Security Center blade, the Recommendations tile displays the total number of available recommendations. If you click on the recommendation tile it will present you with the full list of recommendations.

Azure recommendations

Once you click on the Recommendations tile you will be presented with a table as shown in the following illustration. Click on each recommendation to view additional information or to act to resolve the issue.

azure

Remediating Recommendations

After reviewing the list of available recommendations, you can click on the individual line items to take further action. For example, if you click on the line item to Enable Network Security Groups on subnets, you will be presented with all of the resources that apply to the recommendation, as shown in the following illustration.

Remediating Recommendations

On the Enable Network Security Groups on subnet blade you can mark the resources you need to remediate and click the subnet you want to create a NSG for. You are then presented with the option to create a NSG for that subnet. 

Partner Solutions

Security Center is integrated tightly with third-party solutions from Azure partners. When it comes time to implement a solution to a Security Center recommendation, you often have several choices. You can implement one of the Microsoft solutions. Or, you can implement a partner solution.

For example, there is a recommendation for adding a Next Generation Firewall. Next generation firewall solutions extend network protections beyond Network Security Groups, which are built-in to Azure. At the time of this writing, there are three options for adding a Next Generation Firewall – adding a Barracuda Networks NextGen firewall, adding a Check Point vSEC firewall and adding a Fortinet VM Firewall. This is one example of a recommendation that can be remediated by partner solutions. Additional partner solutions are planned and will be integrated into Azure Security Center in the future.

Partner Solutions

Monitoring Partner Solutions

After you’ve implemented some partner solutions, Azure enables you to monitor those solutions. The Partner solutions tile on the Security Center blade lets you monitor the health status. The screen capture below shows the Security Center overview blade with the Partner solutions tile highlighted

Monitoring Partner Solutions

The Partner solutions tile displays the number of partner solutions and a status summary for those solutions. The status of a partner solution can be:

Protected (green). There is no health issue.
Unhealthy (red). There is a health issue that requires immediate attention.
Stopped reporting (orange). The solution has stopped reporting its health.
Unknown protection status (orange). The health of the solution is unknown at this time due to a failed process of adding a new resource to the existing solution.
Not reported (grey). The solution has not reported anything yet, a solution’s status may be unreported if it has just been connected and is still deploying.

Monitor Solutions Health

To view the health of your partner solutions, select the Partner solutions tile. A blade opens displaying a list of your partner solutions connected to Security Center, as seen in the screen capture below:

Partner solutions

From this screen, select a partner solution to display the status of the partner solution as well as the solution’s associated resources. You can click Solution console to open the partner management experience for this solution. Additionally, you can click on the Link app button to connect resources to this partner solution. For example, you could do basic management (add a new application to be protected by WAF) or access the partner management console for advanced configuration.

Share:

Add your comment

 
 

 

Archive

Tagcloud

Digital Transformation employee engagement staff satisfaction productivity Microsoft Teams Office 365 Yammer cms content management system agile GDPR Microsoft Graph collaboration Microsoft sharepoint 2016 upgrade migration SharePoint Online 2016 Tech Trends Digital Disruption Context marketing marketing SharePoint 2010 SharePoint 2013 TFS Git security kentico Analytics intranet jquery QA Quality Assurance testing digital workspace content management websites Sitecore sitecore marketplace sitecore module cloud Microsoft Cloud Storage digital strategy technical consulting sitecore modules Experience database Sitecore 7 Sitecore 8 support account management customer experience Data Storage windows azure cms integration front end front end development prototype Cloud Storage StorSimple Front-end Development Layout SharePoint 2013 colour palette UI design website design log viewer sitecore cms website Azure big data business-critical sharepoint accessibility android apple chrome clear people clearpeople debug emulator ios mobile testing opera resize adobe desktop flash ie10 internet explorer 10 metro windows 8 bcsp SharePoint Advanced System Reporter reporting framework ControlMode form control master page placeholder publishing console SharePoint 2007 SharePoint error search search results search values software testing testing scenario audit content information architecture retention schedules PowerShell QuickLaunch scripts SharePoint server 2010 business solutions metalogix replication replicator storagepoint stena technet UK Technet picture library slideshow web part RTM released to manufacturing caml caml query MOSS 2007 query infopath