Azure Security Center is a cloud solution that helps prevent, detect and respond to security threats that affect resources in the Azure environment and workloads in hybrid environments. By assigning a global score to your environment, you can assess your risk profile and act to take remediation action in order to improve the security posture. The solution is based on general recommendations, but in some cases it is appropriate to customize it to better contemplate your security policies. This article describes how you can introduce this level of customization in order to increase the value provided by Azure Security Center.
Using custom security policies
The default recommendations in the solution are derived from general industry best practices and specific regulatory standards.
Recently was introduced the ability to add your own Initiatives custom, to receive recommendations if security policies specifically set for your environment are not met. The custom initiatives that are created are fully integrated into the solution and will be covered in Secure Score and in compliance dashboards.
To create a initiative you can follow the steps below:
Within the Initiatives you can include Azure Policies built into your solution or your own custom policies.
In the example below, theinitiative includes the following two policies:
- A custom that prevents peering against a Hub network that is in a given resource group.
- A bult-in that verifies that Network Security Groups are applied to all subnets.
Following, you need to proceed with the assignment of theinitiative custom:
The display of the recommendations in Security Center is not immediate, but currently it takes about 1 hour and you can see it in the following section:
Disable default security policy
Under certain circumstances it may be desirable to disable certain controls present by default in the Azure Security Center solution, as they are not appropriate for your environment and you do not want to unnecessarily generate the events. To do this, you can take the following steps::
Conclusions
Azure Security Center natively provides a series of controls to constantly check for conditions that are considered anomalous and can have a direct impact on the security of your environment. The ability to introduce a level of customization into your solution, makes it more flexible and allows you to verify and apply security compliance policies on a large scale that are specific to your environment. To improve security postures it is essential to evaluate the adoption of this solution and applying a good level of customization it greatly increases its value.