Being a cloud consultant means I hear a lot of stakeholder talk about cloud aspects. A statement I hear often is “the cloud is great but what about security?” Because of those questions, Microsoft has released Azure Security Center. Azure Security Center does a great job addressing security concerns while also lowering the workload required to achieve those goals. ASC can be used to monitor Cloud resources or on-premise resources. It will also monitor Windows servers as well as Linux servers. To give you an idea of what has been accomplished with Azure Security Center, I’d like to go over five of its key features that will matter most to the people tasked with day to day care and feeding of Azure Cloud deployments.
Centralized Policy Management allows you to use one page to view all your Azure Security Center policies. This screen also displays the total number of subscriptions you have access to. With a click, you can view which subscriptions are available and what their Security Center coverage is. You can also view policy compliance with those policies. The policy compliance number is shown as a percentage of policies applied. This is a great feature in that it allows you to manage and govern your security posture for all subscriptions.
Azure Security Center also offers continuous security assessment. To do this ASC uses the new Microsoft Security Score. The score is created by weighting security recommendations offered by ASC to plug the largest security holes first. Health monitoring is a tool used for security assessment. This indicates the security health of Azure Cloud resources and on-premise resources. Resource types that are monitored are computer, applications, networking, storage, and indent & access management.
Actionable Recommendations, mentioned above, are provided by Azure Security Center based on data gleaned via the ASC agent installed on the monitored servers. The recommendations are listed with the most important and wide-reaching first. By providing this list with weighted recommendations Azure Security Center prompts you to act first upon the largest security gaps that will have the widest reaching effects of securing your enterprise. Because of this prioritized list, the first recommendations will have the greatest impact on the security of your resources and enterprise.
Azure Security Center will also prioritize security alerts and incidents. By doing this ASC cuts the noise to signal ratio allowing you to view grouped alerts so as to see if the alert you viewed is part of a larger operation or a one-off alert. By doing this ASC will give you a more holistic view of either security alerts and other alarms. This data is offered on one screen with a very clear infographic style view. You can also integrate existing Security and Information Event Management software such as Splunk or QRadar.
A feature I find very exciting is Just in time VM access combined with Adaptive Application controls. Just in time access gives you the ability to set parameters for VM Access such as time frame, port, VM, and duration. Then, when an admin needs access, they can request access via the Azure portal. If the request fits those parameters it’s automatically granted and then revoked once the time duration expires. Allowing access in this manner cuts down the attack surface of all VM’s protected as well as allowing needed access for support and maintenance. Adaptive Application controls will monitor connectivity between VM’s and software running on those VM’s. If Azure Security Center notes a relationship between the VM’s and software it offers a recommendation to whitelist them for your review. In this way, you can see which VM’s interact as well as which software is prompting this interaction. The whitelisting gives you an advantage by allowing the whitelisted traffic to flow without tripping security alarms. This is powered by machine learning incorporated into the Azure Cloud.
These features included in Azure Security Center provide a very robust suite of security features and enhancements. The goal is to more securely offer Azure resources while also allowing access to the resources as required for workloads and maintenance. Azure resource administrators can start utilizing these features by either enabling or installing the ASC agent. The Azure Security Center agent is installed by default for VM’s deployed from the Azure Marketplace. For other servers, you can install the agent via the Azure Security Center recommendations blade.