Here is a summary of some of the new capabilities of the Microsoft Azure Security Center with a free video at the bottom of this blog post. Most of this content comes from Sarah Fender Principal Program Manager Azure Cybersecurity at Microsoft.
New integrated partner solutions
Azure Security Center already makes it easy to bring trusted Web Application Firewall (WAF) and antimalware solutions with you to the cloud. In the next few weeks, we will add a new category of solutions: Next Generation Firewalls. This extends network protections beyond Network Security Groups, which are built-in to Azure. Security Center will discover deployments for which a Next Generation Firewall is recommended, and enable you to provision a virtual appliance from leading vendors, including Check Point and soon after Cisco and Fortinet, in just a few clicks.
In addition, you will soon have more options when deploying a WAF from Security Center, including Imperva SecureSphere and Imperva Incapsula solutions along with the ability to connect multiple web applications to a single WAF appliance and provision a WAF for applications running on Classic Virtual Machines. This builds on existing capabilities, which help you deploy Barracuda Web Application Firewall and F5 BIG-IP solutions as well as endpoint protection from Trend Micro. Alerts from all these partner solutions are integrated in Security Center so you can view and respond to security issues impacting your Azure resources in one place.
Advanced threat detection capabilities
In Azure Security Center, we leverage Microsoft’s unique ability to gather security intelligence from trillions of signals to help you detect threats sooner. For example, we have updated and expanded the detection algorithms in Security Center to discover compromised machines through analysis of crash dumps. After years of examining crash dumps that customers sent to Microsoft from more than one billion PCs worldwide, we are able to analyze these events to detect when a crash is the result of a failed exploitation attempt or brittle malware. Azure Security Center automatically collects crash events from Azure virtual machines, analyses the data, and alerts you when a VM is likely compromised.
Additional network and behavioral analytics are also available. SSH brute force attacks are now being detected for Linux virtual machines. Much like the existing RDP brute force detections for Windows VMs, Azure Security Center is using Machine Learning to understand typical network traffic patterns and more effectively distinguish between legitimate remote connection attempts and those being executed by attackers. If unusual access attempts are identified, a security alert is generated. New alerts are also being surfaced when suspicious processes are detected on virtual machines, based on collection and analysis of local security events logs.
Centralized security management
You may be running a variety of workloads in Azure with different security requirements. For example, you may have an application that contains sensitive data and requires additional security controls such as encryption. Starting next week, in addition to configuring a Security Policy at the subscription level, you can also configure a Security Policy for a Resource Group – enabling you to tailor the policy based on the security needs of a specific workload. Azure Security Center continually monitors your resources according to the policy you set, and alerts you if a configuration drifts or appropriate controls are not in place.
To help you do more with insights from Azure Security Center, we have released a Power BI Dashboard that enables you to visualize, analyze, and filter recommendations and security alerts from anywhere, including your mobile device. Use the Power BI dashboard to reveal trends and attack patterns - view security alerts by resource or source IP address and unaddressed security risks by resource or age. You can mash up Security Center recommendations and security alerts with other data in interesting ways, for example with Azure Audit Logs and Azure SQL Database Auditing, which both offer Power BI Dashboards, or you can export this data to Excel for easy reporting on the security state of your cloud resources.
A look at the new Azure service that uses Microsoft's real-time intelligence to protect your deployments from outside/inside threats. Watch to learn more about:
• Centralized security monitoring
• Setting policy and deployment security controls for your Azure Resources
• And....advanced threat detection through machine learning