Modern and ever more complex threats present a new challenge for administrators in the cloud. Microsoft also works in this field, providing new ways to counter threats. For example, with the previewed Security Center in Azure – It bundles, the formerly tedious, monitoring of the individual resources and at the same time also offers proactive measures and guidelines for safe operation.
The Security Center provides an overarching platform for administrators to centrally monitor the security status of the resources it manages. The system automatically collects data from the resources selected by the administrator and provides comprehensive descriptions, but also some solutions. The Security Center also includes the optimized provision of solutions from partners. These deployment options relieve administrators and are a solid and centralized maintenance solution from Microsoft.
WHERE CAN I FIND THE AZURE SECURITY CENTER?
The Security Center can be found in the extended menu. Click on “Browse”. However, the Security Center must still be configured so that it is ready for use. In the basic version, the Security Center is free of charge for you, but it does not include any behavioral analysis of the virtual machines (VM) or network monitoring for anomalies.
WHAT IS THE FUNCTIONALITY OF THE AZURE SECURITY CENTER?
Using the example of two functionalities, the special possibilities of the Azure Security can be illustrated.
MONITORING OF DIFFERENT RESOURCES
After the settings have been adjusted in the Security Policy, the monitoring of the permitted resources begins immediately. The Azure Security Center can also be selectively adapted for different resources and also the storage location of the logs based on subscriptions.
The results of the analysis resulting from the monitoring are displayed immediately as security guidelines for network resources. With virtual machines, it can take up to several hours since the collection of the data is more complex. The resulting recommendations are assessed in three stages (high, medium and low) according to Impact and visualized with red, orange and blue in accordance with the color. A high level usually requires an immediate action, the middle level has a larger time window for solving, and the low level should be analyzed and, if necessary, corrected.
The monitoring provides different blades for the respective resource.
The virtual machine blade displays all virtual machines with the corresponding status for monitoring, recommendations and a general listing with an overview of the respective machine. From this blade, it is also possible to implement respective recommendations quickly. For an example, see the following figure: Installing an Endpoint Protection. As a solution, a partner product can also be implemented – these will be charged separately and must be licensed according to the manufacturer’s requirements. Other messages may indicate missing updates or nonexistent encryption.
The overview for the existing networks includes recommendations for open points in the security of networks and an overview of existing resources, which is divided into resources, managed virtual machines (VMs), which also show the affiliation to network security groups, and classical VMs. For classical machines, it is shown whether corresponding access control lists are implemented.
The Azure Security Center also enables monitoring the status of other partners’ solutions, such as the Barracuda WAF, and provides feedback on their health status.
Security Alerts are a collection and visualization of occurring events caused by the behavioral analysis of a VM or occurring anomalies in the network traffic of the resources. The anomalies and events are also explained by auxiliary texts. As examples, there would be a connection of a VM to a malicious IP, RDP brute force attacks on one or more VMs or suspicious RDP traffic.
EXPORT TO POWERBI
For a modern and up-to-date reporting, it is possible to connect the status dynamically to PowerBI within a few clicks, thereby creating powerful dashboards in order to make SIEM reporting efficient and time-saving. From PowerBI there are, of course, additional export options for other standard tools such as Excel to expand or replace existing dashboards. Because the PowerBi is synchronized with the Security Center, there is no manual effort.
KNOWLEDGE SOURCE FOR THE RECOMMENDATION
Of course, the experience gained from the long-term running of own servers is taken, but also modern technologies like machine learning from Big Data are taken into consideration, whereby attack patterns by artificial intelligence on causality and context are examined. However, penetration tests are also carried out by means of so-called red teaming. Red teaming means that scenarios from the real world are carried out on their own resources and then analyzed. Microsoft administrators cannot distinguish between real attacks or the Red Team. It is measured on both sides how much time passes until both teams are achieved. No customer data is targeted, but Microsoft’s own resources. The attacks are measured by the administrators and the attacking team. The administrators measure their response speed and success of their reaction, and the attackers measure their time until they can successfully complete their attack and which resources are affected. The results are evaluated and then implemented in the proposals in the Security Center.
WHAT IS THE FUTURE FOR THE AZURE SECURITY CENTER?
Even if the Azure Security Center is still in the preview you can already develop the possible deployment scenarios and then analyze how far it fits into the company concept. During the pre-production phase, a product application is not recommended, but a test is quite useful. The future planned extensions, which are currently being weighed, can then be used to implement complex solutions. Such a possible implementation would be a proactive system to minimize the damage caused by Ransomware and to automate actions.
The Azure Security Center provides a bundled and intuitive way to monitor the resources on Azure to help administrators work. Due to the strong community and the team, which analyzes the proposals and implements them if necessary, a strong tool is developed which will have a lot of solutions after the preview phase.
Azure Web Development Services in Tennessee, Ohio, Wisconsin, Oregon, South Carolina, Maryland, Connecticut, New York, Oklahoma, Missouri, Louisiana