Microsoft’s Azure Security Centre provides unified security management, advanced threat protection, and security monitoring across newly deployed Azure resources. This is an asset for companies who have recently invested in an Azure hybrid cloud workload, or who require increased visibility into the security posture of their compute, apps, network, and data resources.The platform comes with the ability to either utilise the default security policies (which you assess the suitability of and customise as needed) or the ability to create your own custom security policies based on a vast amount of metrics that the Microsoft Monitoring Agent collects.
The Microsoft Monitoring Agent is deployed onto each Windows VM’s (whether they are located in Microsoft Azure or on-premises) and reads various security-related configurations and event logs and copies that data to your Azure Security Center Tenancy workspace over a secure connection.
Typically, 48 hours after a company has defined their security policies and set up their log collectors, Security Center will start to display overall and individual resource security scores and provide prioritised actionable recommendations on the ‘Overview’ Dashboard. Any identified attacks or potential security incidents, detected via Security Center’s built-in behavioural analytics and machine learning, will also be displayed in the notification area of the ‘Overview’ Dashboard. Furthermore, potential security incidents detected by Security Center can be adopted by an organisation’s Event Management communication strategy - such as integration with SIEM, or sending email/text notifications.
Compute and App recommendations, such as endpoint protection issues and missing security updates, can be remediated directly from the Security Centre Console. Other guidelines include manual instructions which help with issues including missing disk encryption. The Networking recommendations will also list any security issues found on the Azure network connection, internet facing (exposed ports and services) resources, and network topology issues. The Data Resource recommendations are primarily centred around Azure SQL services and Azure storage account storage recommendations.
Additional benefits include how Microsoft Partner platforms can be natively configured to send security related alerts and information directly to a company’s Security Centre workspace. This includes, but are not limited to, Palo Alto or Cisco Firewalls, Trend Micro, Symantec, McAfee endpoint systems, and Barracuda and F5 web applications. This feature gives a company the ability to view their multiplatform security posture holistically, giving them increased transparency, control, and management capabilities.
Getting started with these capabilities is quite easy. Security Centre is built into the Microsoft Azure subscription, and the free tier delivers visibility into the security state of any Azure resources, as well as products and services from relevant partners. Businesses looking at the standard tier receive advanced threat detection capabilities, which include threat intelligence, behavioural analysis, anomaly detection, security incident reporting, and threat attribution reports. This includes a 60-day trial to get companies started, and only a AU$19 per VM per month investment thereafter.
If you’d like to find out more about how Microsoft Azure Security Center can help you improve your security, get in touch with MOQdigital today. We can help you discover the right security solution for your ongoing business needs, and ensure that you get the most out of your digital investments.