Azure Security Center, the cloud solution that allows you to prevent, detect and respond to security threats affecting hybrid architectures, it also provides enhanced protection for storage resources in Azure. The solution detects unusual and potentially harmful attempts to access or use Azure Storage. This article describes how to effectively protect storage in Azure with this solution, looking at the news recently announced in this area.
Azure Security Center (ASC) is possible to activate it in two different tiers:
- Free tier. In this tier ASC is totally free and performs a continuous assessment, providing recommendations relating to the security of the Azure environment.
- Standard tier. Compared to tier free adds enhanced threat detection, using behavioral analysis and machine learning to identify zero-day attacks and exploits. Through machine learning techniques and through the creation of whitelist is possible to control the execution of applications to reduce exposure to network attacks and malware. Furthermore, the standard level adds the ability to perform in an integrated manner a Vulnerability Assessment for virtual machines in Azure. Azure Security Center Standard supports several resources including: VMs, Virtual machine scale sets, App Service, SQL servers, and Storage accounts.
Advanced Threat Protection (ATP) for Azure Storage, it is one of several features in Azure Security Center Standard.
Enabling the Security Center Standard tier is strongly recommended to improve security postures in your Azure environment.
The Advanced Threat Protection feature (ATP) for Azure Storage was announced last year, allowing you to detect common threats such as malware, access from suspicious sources (including TOR nodes), data exfiltration activities and more, but all limited to blob containers. Support for Azure Files and Azure Data Lake Storage Gen2 has also been included recently. This also helps customers protect data stored in file shares and data stores designed for the analysis of corporate big data.
Enabling this feature from the Azure portal is very simple and can be done at the Security Center-protected subscription level or selectively on individual storage accounts.
To enable this protection on all storage accounts in your subscription, you must go to the "Pricing & Settings” of Security Center and activate the protection of Storage Accounts.
If you prefer to enable it only on certain storage accounts, you need to activate it in the respective settings of Advanced security.
When anomaly occurs on a storage account, security alerts are sent by email to Azure subscription administrators, with details of detected suspicious activity and related recommendations on how to investigate and resolve threats.
Details included in the event notification include::
- The nature of the anomaly
- The name of the storage account
- The time of the event
- The type of storage
- Potential causes
- The recommended steps to investigate what has been found
- The actions to be taken to remedy what happened
In this example, the EICAR test file was used to validate that the solution was working correctly.. This is a file developed by the’European Institute for Computer Anti-Virus Research (EICAR) which is used to securely validate security solutions.
Security alerts can be viewed and managed directly from Azure Security Center, where details and actions to investigate current threats and address future threats are displayed..
To get the full list of possible alerts generated by unusual and potentially malicious attempts to log in or use storage accounts, you can access the Threat protection for data services in Azure Security Center.
This protection is very useful even if you have architecture that uses the service Azure File Sync (AFS), which allows you to centralize the network folders of your infrastructure in Azure Files.
Business companies are increasingly moving their data to the cloud, looking for distributed architecture, high performance and cost optimization. All features offered by the public cloud require you to strengthen cybersecurity, particularly given the increasing complexity and sophistication of cyberattacks. By adopting Advanced Threat Protection (ATP) for Azure Storage, you can increase the level of storage security used in your Azure environment easily and effectively.