Super Security Showdown – Part 4: Azure Security Center

Continuing in our Super Security Showdown series, in the last article we reviewed the Microsoft Advanced Threat Analytics. Let’s continue with Azure Security Center.

 

Azure Security Center

Overview of Azure Security Center

The Azure Security Center helps protect your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions. Within the service you are able to define polices not only against your Azure subscriptions, but also against Resource Groups, so you can be more granular.

This tool will collect and analyze security data from your Azure resources, but also from 3rd party anti-malware applications.

Much like the Azure Active Directory Identity Protection service, it too “leverages global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds.”

It sounds a lot like the Azure Active Directory Identity Protection service at this point. To add to the blurred line between these products/services, it too uses machine learning, generates alerts, provides insights and analysis, etc.

What I find interesting is the setting of the Security Policies. You can set various policies at your Subscription level, or “override” those settings for an individual Resource Group. Think of it like folder inheritance, or GPO inheritance. Also notice the various recommendations that are available, including: Updates, ACLs, Firewall, and SQL.

Azure Security Center - Security Policy

Azure Security Center – Security Policy

When it comes pricing, there are 2 Tiers: Free and Standard. With the Free tier the only features that you do not get are:

  • Behavioral analysis to detect virtual machine compromise
  • Network traffic analysis and intrusion detection

Something also exciting is that the Azure Security Center has integration into PowerBI (also known as “the new hotness”).

Azure Security Center - PowerBI

Azure Security Center – PowerBI

When you wire up PowerBI into your Azure Security Center, you get some really nice looking pre-built dashboards, each which has its own drilldowns.

Azure Security Center - PowerBI Dashboards

Azure Security Center – PowerBI Dashboards

 

Azure Security Center Requirements

That’s enough of an overview, what are the requirements?

Requirements: Azure subscription

Pros: Simple to setup/enable, access controlled through RBAC, PowerBI Dashboards

Con: Only targeted against Azure resources (not on-premises)

 

Azure Security Center Reference Material:

 

So that’s the Azure Security Center. In the next article we will explore OMS Security and Audit Solution.

%d bloggers like this: