Roman Sakhno - Fotolia


Microsoft Azure Security Center: Successful or stagnated?

Now that Microsoft's Azure Security Center has been out and in use for a while, expert Ed Moyle takes a look at how successful it is and where it's headed in enterprise use.

In July 2016, Microsoft announced the general availability for Azure Security Center -- and with it, a host of security options for Microsoft Azure customers. There was quite a bit of excitement about the platform when it went live: it promised better visibility into the security of workloads, better and more fine-grained control over security-relevant configurations, detailed information about threats and vulnerabilities, better management of security policies, along with a laundry list of other features of value to security teams.

As with any service or product, the touchstone of ultimate success or failure is ongoing support and maintenance. Meaning, it's great to put a service like this out into the marketplace, but it's only useful if it is kept current and maintained adequately. Services that see ongoing investment and continued enhancement will become more useful and prosperous over time; services that stagnate will become less useful, and will eventually fade into irrelevance.

Moreover, for a service like this one that is heavily dependent on a thriving partner ecosystem for functionality, success not only means continued support and investment in the platform itself from the provider, but also a thriving network of partners responding to the call to build on and integrate into the platform. After all, how useful would an Android or iPhone be without an app marketplace? Not very, right? The same is true here: the utility is expanded through feature updates and through partner integration.

So which path is Azure Security Center on: stagnation or success? At the eight-month mark, signs point to it being the latter.

Feature rollout and partner integration

The first indication that Azure Security Center is a success is the continued expansion of the feature set provided by Microsoft, and the continued growth of the ecosystem of partner services available to Azure customers. There has been quite a bit of activity in this regard.

First, and most notably, Microsoft extended support to include Windows Server 2016. On its own, this might not mean much, since inclusion of a new Microsoft platform into the Microsoft-provided cloud offering might seem like a given. However, that's not all we've seen in feature expansion since the product's release. Microsoft also highlighted several additional features in September 2016, including integrated vulnerability assessment, expanded web application firewall capability and storage security assessment.

This rounds out an already extensive selection of partner services in the platform from known security players like Barracuda, Check Point, Fortinet and others. While one might expect a surge in partner additions just after general availability of the platform, new additions to the partner solution ecosystem seem to be continuing. For example, in January alone, Trend Micro began support for Security Center with Trend Micro Deep Security, and Dome9 started native Azure support, which allows for the correlation of events via Security Center and F5 Networks.

So, what was already a fairly robust partner network continues to expand, even six months after initial release, and more than a year since the initial announcement of the service.

Research investment

The continued expansion of partner integrations, in addition to the continued expansion of the support and feature set from Microsoft itself, is a good sign for the overall health and utility of the platform. However, it is not the only sign. As part of a September 2016 update, Microsoft also announced continued investment in the research activities and reporting that support the ongoing utility of the platform. Specifically, this comes in the form of expanded capabilities in and around threats and incident response.

From a threat detection standpoint, Microsoft continues to update and refine its threat detection capabilities based on additional information brought to light by the research community. One area highlighted specifically is the detection of output distributed denial-of-service via the platform. Microsoft also highlights the built-in threat attribution reports within the platform itself. As any security analyst will tell you, including this natively within the platform can save quite a bit of time and energy in researching an issue and running it down.

On the incident response front, Microsoft continues to highlight expanded incident tracking capabilities, enhancing the ability to track an attack campaign across multiple virtual machines throughout the platform.

In addition to the continued growth of features and partner services within the portal, there is continued integration of research-driven information -- such as adversaries, their tradecraft and the indicators of compromise -- into the platform, as well. All of these things suggest that Microsoft views Azure Security Center as something it will continue to invest in over the long term, and will continue to build upon as Azure gains traction.

Next Steps

Learn more about the features of Microsoft Azure Security Center

Find out how Azure aims to boost cloud security for enterprises

Check out ways to vet a cloud collaboration app

Dig Deeper on Public Cloud Computing Security