A great place to start when examining the security of your Azure-based solutions is Azure Security Center. Security Center is a monitoring service that provides threat protection across all your services both in Azure, and on-premises. Security Center can:
- Provide security recommendations based on your configurations, resources, and networks.
- Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online.
- Continuously monitor all your services and perform automatic security assessments to identify potential vulnerabilities before they can be exploited.
- Use machine learning to detect and block malware from being installed on your virtual machines and services. You can also define a list of allowed applications to ensure that only the apps you validate can execute.
- Analyze and identify potential inbound attacks and help to investigate threats and any post-breach activity that might have occurred.
- Provide just-in-time access control for ports, reducing your attack surface by ensuring the network only allows traffic that you require.
Azure Security Center is available in two tiers:
- Free. Available as part of your Azure subscription, this tier is limited to assessments and recommendations of Azure resources only.
- Standard. This tier provides a full suite of security-related services including continuous monitoring, threat detection, just-in-time access control for ports, and more.
To access the full suite of Azure Security Center services, you will need to upgrade to a Standard tier subscription. You can access the 60-day free trial from within the Azure Security Center dashboard in the Azure portal. After the 60-day trial period is over, Azure Security Center is $15 per node per month.
You can integrate Security Center into your workflows and use it in many ways. Here are two examples.
1. Use Security Center for incident response.
Many organizations find out how to respond to security incidents only after suffering an attack.To reduce costs and damage, it’s important to have an incident response plan in place before an attack occurs.You can use Azure Security Center in several stages of an incident response.
You can use Security Center during the detect, assess, and diagnose stages.Here are samples of how Security Center may be helpful during the 3 initial incident response stages:
- Detect. Review the primary indication of an event investigation.For example, you can use the Security Center dashboard to review the initial verification that a high-priority security alert was raised.
- Assess. Perform the initial assessment to obtain a lot of data about the suspicious activity. For example, obtain more information about the security alert.
- Diagnose. Conduct a technical investigation and establish containment, mitigation, and workaround strategies.For example, follow the remediation steps described by Security Center in that security alert.
2. Use Security Center recommendations to enhance security
You can reduce the chances of a significant security event by configuring a security policy, and then implementing the recommendations provided by Azure Security Center.
A security policy defines the set of controls that are recommended for resources within that specified subscription or resource group.In Security Center, you define policies according to your company’s security requirements.
Security Center analyzes the security state of your Azure resources.When Security Center identifies potential security vulnerabilities, it creates recommendations based on the controls set in the security policy.The recommendations guide you through the process of configuring the needed security controls. For example, if you have workloads that do not require the Azure SQL Database Transparent Data Encryption (TDE) policy, turn off the policy at the subscription level and enable it only in the resources groups where SQL TDE is required.