Continuing in our Super Security Showdown series, in the last article we reviewed the Microsoft Advanced Threat Analytics. Let’s continue with Azure Security Center.
- Azure Active Directory Identity Protection
- Windows Defender Advanced Threat Protection
- Microsoft Advanced Threat Analytics
- Azure Security Center
- OMS Security and Audit Solution
Azure Security Center
Overview of Azure Security Center
The Azure Security Center helps protect your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions. Within the service you are able to define polices not only against your Azure subscriptions, but also against Resource Groups, so you can be more granular.
This tool will collect and analyze security data from your Azure resources, but also from 3rd party anti-malware applications.
Much like the Azure Active Directory Identity Protection service, it too “leverages global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds.”
It sounds a lot like the Azure Active Directory Identity Protection service at this point. To add to the blurred line between these products/services, it too uses machine learning, generates alerts, provides insights and analysis, etc.
What I find interesting is the setting of the Security Policies. You can set various policies at your Subscription level, or “override” those settings for an individual Resource Group. Think of it like folder inheritance, or GPO inheritance. Also notice the various recommendations that are available, including: Updates, ACLs, Firewall, and SQL.
Azure Security Center – Security Policy
When it comes pricing, there are 2 Tiers: Free and Standard. With the Free tier the only features that you do not get are:
- Behavioral analysis to detect virtual machine compromise
- Network traffic analysis and intrusion detection
Something also exciting is that the Azure Security Center has integration into PowerBI (also known as “the new hotness”).
Azure Security Center – PowerBI
When you wire up PowerBI into your Azure Security Center, you get some really nice looking pre-built dashboards, each which has its own drilldowns.
Azure Security Center – PowerBI Dashboards
Azure Security Center Requirements
That’s enough of an overview, what are the requirements?
Requirements: Azure subscription
Pros: Simple to setup/enable, access controlled through RBAC, PowerBI Dashboards
Con: Only targeted against Azure resources (not on-premises)
Azure Security Center Reference Material:
- Introduction to Azure Security Center: https://azure.microsoft.com/en-us/documentation/articles/security-center-intro/
- Getting started with Azure Security Center: https://azure.microsoft.com/en-us/documentation/articles/security-center-get-started/
- Azure Security Center frequently asked questions (FAQ): https://azure.microsoft.com/en-us/documentation/articles/security-center-faq/
- Microsoft Azure Security and Compliance blog: https://blogs.msdn.microsoft.com/azuresecurity/
So that’s the Azure Security Center. In the next article we will explore OMS Security and Audit Solution.