Azure Security Center is a cloud solution that helps prevent, detect and respond to security threats that affect resources in the Azure environment and workloads in hybrid environments. By assigning a global score to your environment, you can assess your risk profile and act to take remediation action in order to improve the security posture. The solution is based on general recommendations, but in some cases it is appropriate to customize it to better contemplate your security policies. This article describes how you can introduce this level of customization in order to increase the value provided by Azure Security Center.
Using custom security policies
The default recommendations in the solution are derived from general industry best practices and specific regulatory standards.
Figure 1 – Standard score and recommendations in Azure Security Center
Recently was introduced the ability to add your own Initiatives custom, to receive recommendations if security policies specifically set for your environment are not met. The custom initiatives that are created are fully integrated into the solution and will be covered in Secure Score and in compliance dashboards.
To create a initiative you can follow the steps below:
Figure 2 – Starting the process of creating a custom initiative
Within the Initiatives you can include Azure Policies built into your solution or your own custom policies.
In the example below, theinitiative includes the following two policies:
- A custom that prevents peering against a Hub network that is in a given resource group.
- A bult-in that verifies that Network Security Groups are applied to all subnets.
Figure 3 – Creating a custom initiative
Following, you need to proceed with the assignment of theinitiative custom:
Figure 4 – Starting the assignment process
Figure 5 – Assigning the custom initiative
Figure 6 – Displaying the assigned custom initiative
The display of the recommendations in Security Center is not immediate, but currently it takes about 1 hour and you can see it in the following section:
Figure 7 - Custom initiative in the Regulatory Compliance section
Disable default security policy
Under certain circumstances it may be desirable to disable certain controls present by default in the Azure Security Center solution, as they are not appropriate for your environment and you do not want to unnecessarily generate the events. To do this, you can take the following steps::
Figure 8 - Access to the Security Center default policy
Figure 9 – Selecting the default Security Center policy assignment
Figure 10 – Disabling a specific policy that is present by default
Conclusions
Azure Security Center natively provides a series of controls to constantly check for conditions that are considered anomalous and can have a direct impact on the security of your environment. The ability to introduce a level of customization into your solution, makes it more flexible and allows you to verify and apply security compliance policies on a large scale that are specific to your environment. To improve security postures it is essential to evaluate the adoption of this solution and applying a good level of customization it greatly increases its value.
