Keeping your resources safe is a joint effort between your cloud supplier, Azure, and you, the client. You must make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and certify you are on top of your security posture.
Azure Security Center limits your exposure to threats by using access and application controls to block malicious activity. Just-in-Time (JIT) virtual machine (VM) access reduces your exposure to attacks by enabling you to deny persistent access to VMs. Instead, you give controlled and audited access to VMs only when required. Adaptive application controls facilitate harden VMs against malware by controlling that applications can run on your VMs. Security Center uses machine learning to research the processes running in the VM and helps you apply whitelisting rules using this intelligence.
What is Just-in-Time (JIT)
Just in time VM access enables you to lock down your VMs in the network level by blocking inbound traffic to specific ports. It allows you to manage the access and cut back the attack surface to your VMs, by permitting access only upon a particular need.
How does JIT work?
Upon a user request, based on Azure RBAC, Security Center will decide whether to grant access. If a request is approved, Security Center automatically configures the NSGs to allow inbound traffic to these ports, for the requested amount of time, after which it restores the NSGs to their previous states.
Manage VM access:
Management ports do always not need to be open. They only need to be open while you’re connected to the VM, for example to perform management or maintenance tasks. When simply in time is enabled, Security Center uses Network Security Group (NSG) rules, which restrict access to management ports, so they cannot be targeted by attackers.
Harden VMs against Malware:
Adaptive application controls assist you define a group of applications that can run on configured resource teams, which among alternative benefits helps harden your VMs against malware. Security Center uses machine learning to analyze the processes running in the VM and helps you apply whitelisting rules using this intelligence.
What is Application Control?
Application control helps you deal with malicious and/or unauthorized software, by allowing only specific application to run on your VMs
How does it work?
Security Center analyzes data of processes to find VMs for which there is a constant set of running applications. Security center creates white listing rules for each resource group and presents the rule in the form of a recommendation. Once the recommendation is resolved, Security Center configures it by leveraging App Locker capabilities.