An Introduction to Microsoft Azure Security Center

It’s a common misconception that once servers are in the cloud, the cloud provider is responsible for the security on those systems. Microsoft or Amazon or Google or whoever will not necessarily keep an eye on your servers and security with your subscription.

The first thing that we need to address: it is still your baby! Just because you put it in the cloud doesn’t mean you can forget about it. Improperly maintaining your servers or cloud environment can not only put your servers and data at risk, it can also potentially harm other organizations’ servers on that cloud provider. This is no different than having a hosted website with outdated, unsafe code on it.

Azure Security Center

Azure Security Center is Microsoft’s tool to address security needs of Azure clients. This is for those that want to maintain better active security and/or those that have part of their infrastructure in Azure that need more security automation and auditable documentation.

To get started, the Azure Security Center requires the Microsoft Monitoring Agent service to be installed on the virtual systems you wish to monitor. That agent will run as a background service to report to your dashboard.

Note: It will take some time for the system to gather the data for reporting, so don’t expect to get your feedback five minutes after you set it up.

Security Policies

Within Azure Security Center you will then need to implement the Security Policies you want to enable to check for compliance. Those can include items like permissions monitoring, endpoint protection active, updates, and other security policies. This is similar to Network Access Protection (NAP) of the past, but on steroids.

Within the Security Policies you can also greater define to your specific needs and set up email notifications. There isn’t just a predefined list to choose from.

Once defined and applied, you will have an overview of the environment in your dashboard, including recommendations to remediate and fix potential issues.

Just In Time (JIT) VM Access

The JIT VM Access is a tool to harden your VM access, such as if you have an incorrectly configured gateway to your VM or you have ports that could allow brute force attempts. With JIT, advanced firewall rules you can lock your VM down to a specified IP address or IP ranges and can limit the access timeframe. JIT also gives you better auditing and logging for those internet-enabled VMs.

Adaptive Application Controls allow you to audit and block or whitelist the processes you want to allow giving you to further control to lock down the environment. For example, if you have a server running only a set job when it starts running some rogue program or unexpected services, Adaptive Application Controls will alert you and block them if you configured it to do so.

Azure Security Center Detection Capabilities

The Azure Security Center’s detection capabilities include: threat intelligence (knowledge base), behavioral analytics, anomaly detection, and Fusion, which combines events and alerts to map the attack timeline.

With the detection capabilities, you can easily review and determine who, what, when, where and how. These timelines can be critical in securing your systems with the details required to stop an active attempt or in preventing future attempts. They will also provide you the forensic information you may need to share with any other agencies that may be involved.

Here is a much more detailed overview of all the features of Security Center in Azure from Microsoft.

So how much does it cost? There is a very limited free edition that is only good for 60 days. That will give you plenty of time to set up a test environment. After those 60 days it becomes a purchase product.

If you have questions about moving to Azure or how to keep yourself protected in the cloud, send us an email or give us a call at 502-240-0404!