Anterovium - Fotolia
Microsoft recently announced it is enhancing its Azure cloud platform with a new security center that will increase cloud visibility and improve control over security for users. A public preview of product, Azure Security Center, was released officially in December 2015, and looks promising.
Microsoft has several stated goals for Azure Security Center. First, it wants to provide more comprehensive visibility and security control across all Azure instances and services clients are using. Second, Microsoft aims to provide some form of threat intelligence and alerting on malicious activity in Azure, with insight from its global security intelligence organization. Third, Microsoft wants to help make cloud deployments more effective and efficient by providing transparent policy definitions that security and operations teams can review and collaborate on, and then apply to the environment where appropriate. Let's look at how Azure Security Center is enhancing Microsoft's cloud security.
The first way Microsoft enhanced security capabilities in Azure Security Center is with security policies. Teams can define a security policy by looking at the posture of various Azure assets, and then receive recommendations and assessments of their environment as compared to the policy. Policies currently planned for release fall into the categories of patches, security configuration baselines, endpoint ACLs, network security groups, SQL auditing, Transparent Data Encryption in Azure databases, BitLocker disk encryption and antimalware. Web application firewalls, next-generation firewalls and other enterprise security controls are available through partnerships with leading providers like Barracuda, F5, Cisco, Fortinet, Check Point, Trend Micro, Imperva, Incapsula, CloudFlare and others.
With Microsoft's recommendations utility built into Azure Security Center, analysts can perform assessments against their defined policies and receive detailed ratings of the potential risks systems may have within the Azure environment. One nice capability that Microsoft offers is the ability to immediately find ways to remediate the noted shortcomings by implementing built-in controls or finding partner products that can address the issues. Microsoft will even automate the back-end network connections and connectivity for solutions implemented through the Azure Security Center wizard, making the entire process of remediation much simpler.
The security alerting portion of Azure Security Center aims to provide targeted information about definite, possible or hypothetical issues related to specific assets within the Microsoft cloud. Analysts will be able to click into the prioritized alerts and see which virtual machines and assets are affected. Drilling down into these specific system risks will open a new pane with more details on the alert, recommended remediation steps and possible choices for implementing the controls -- much like the recommendations capability. Microsoft also seems to be adding some basic intrusion detection and reputation scoring capabilities that can help analysts see when suspect or malicious traffic is in the environment, where internal systems are communicating, and reputation data for those IP addresses and domains. Security teams can also choose to immediately run antimalware scans on systems that may be compromised. Microsoft Azure Security Center promises to allow organizations to collect and aggregate log and event data within the cloud, as well, although storage, analysis and integration options with leading log management and SIEM tools were not forthcoming in the initial previews.
Microsoft is making a significant investment in security with the upcoming Azure Security Center platform. With capabilities ranging from policy assignment and audit, remediation guidance and controls integration, Microsoft may help make Azure the cloud environment of choice for security teams interested in more controls and reporting within public cloud environments. Backed by Microsoft's security expertise and insight, Azure Security Center looks to be a welcome addition to public cloud security service offerings, and should spark some intense competition between leading providers.
Learn more about Microsoft Azure security features
Check out this essential guide to Microsoft Azure for enterprises
Find out how difficult it is to implement SSO with Microsoft Azure AD