Azure Monitoring Tools Explained – Part 9: Azure Security Center (ASC)
In the first part of this series, we introduced the confusion and complexity that tends to occur when looking at the long list of monitoring tools available for Azure.
We then provided a list of currently available tools that we will explore further.
- Part 2: Activity Logs
- Part 3: Application Insights
- Part 4: Azure Advisor
- Part 5: Azure Alerts
- Part 6: Azure Diagnostics
- Part 7: Azure Metrics
- Part 8: Azure Monitor
- Part 9: Azure Security Center (ASC)
- Part 10: Network Watcher
- Part 11: Operations Management Suite (OMS)
- Part 12: Service Health
- Part 13: System Center Operation Manager (SCOM)
We’ve already discussed Azure Activity Logs, Application Insights, Azure Advisor, Azure Alerts, Azure Diagnostics, Azure Metrics, and Azure Monitor. The next tool on the list is Azure Security Center (ASC).
Azure Security Center (ASC)
In the interest of full transparency, originally I did not have Azure Security Center as a part of this series. But then I thought about it a little more, and in reality, Azure Security Center is a monitoring tool; it just focuses on monitoring security elements. So let’s dive into what this tool is and how to use it.
So let’s dive into what this tool is and how to use it.
Azure Security Center (or ASC as it’s shortened to), does more than just monitoring your environments and assets against security, it also provides centralized management of security components and threat detection.
One of the greatest announcements recently for Azure Security Center is that it now operates in a hybrid model. This means that, aside from monitoring your Azure resources, you can have Azure Security Center gain visibility, threat prevention, and threat detection/response against your on-premises environment, or even environments running in other clouds as well.
You can even gain additional insights by integrating with Power BI, since Microsoft has released 2 Power BI content packs.
Here is the link to the introduction to Azure Security Center: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
Real Word Example
There are a lot of uses for Azure Security Center, and there are a lot of great demos from the sessions at Ignite.
But for some hands-on, it’s useful to set Azure Security Center up in a new environment, to identify anything you may have missed. For example, maybe you have a requirement to ensure all data and storage is encrypted but might have forgotten to set this on some.
Before setting the environment to “live” you could turn on Azure Security Center to check key elements like encryption, firewalls, etc.
If you’re familiar with the Operations Management Suite (OMS), and the security-based solutions on that platform, you will notice some of these are being brought over into Azure Security Center; specifically the Identity & Access and the Threat Intelligence.
There are currently 12 recommendations that Azure Security Center checks against. So if you don’t need to check against Just-In-Time (JIT) Network Access or SQL elements, you can turn that off (but keep in mind that if you do, it affects all resources that ASC monitors).
But what about if you have your own Security Information and Event Management (SIEM) system in place that you want to use? Thankfully Microsoft also has a Log Integrator available here.
Conclusion
Azure Security Center (ASC) is (and will become) the main location for all things Security in Azure. Similar to how Azure Monitor is the central starting point for monitoring toolsets, Azure Security Center will become more and more the central hub for security.
Case in point, the Operations Management Suite (OMS) security solutions being ported over into Azure Security Center. Microsoft also recently announced a SQL Vulnerability Assessment. If you look carefully at the icon used for the SQL Vulnerability Assessment (VA), it looks a lot like the icon for Azure Security Center. It is my assumption that (hopefully) this will be rolled into Azure Security Center in the future, as currently, it’s only available through the Azure SQL DB interface.
The next tool in our series will be the Network Watcher.