Protection of multi-cloud environments with Azure Security Center

The tendency of companies to adopt a multi-cloud strategy is increasingly widespread, but this operating model makes it particularly challenging to achieve high safety standards for your environment. To meet this need, Microsoft has officially made multi-cloud security support available in the Azure Security Center solution, allowing you to also contemplate amazon web services resources (AWS) and Google Cloud Platform (GCP). this article describes the features of this solution that provides a high degree of security and improves security postures in multi-cloud environments.

Azure Security Center (ASC) was originally developed as the best tool to protect resources in an azure environment. However, the need for customers to protect resources located on multiple public clouds is widespread and for this reason the product team has decided to expand the capacity for action, simplifying security management tools in multi-cloud environments. Azure Security Center can protect not only resources in hybrid environments but also contemplate multi-cloud architectures, including AWS and GCP.

Figure 1 – Multi-cloud and hybrid protection in Azure Security Center

These are the features that are made available to users to cover multi-cloud scenarios:

  • Connecting your AWS or GCP accounts to Azure Security Center provides a unified multi-cloud view of your environment's security postures. In particular, if the solutions AWS Security Hub or GCP Security Command Center detect incorrect configurations, these reports are included in the Secure Score template and in the compliance assessment against specific regulations (Regulatory Compliance), present in Azure Security Center.
  • Thanks to the fact that Azure Defender for Servers take advantage of Azure Arc you can simplify the onboarding process, and enable the protection of virtual machines running in AWS environments, GCP or hybrid cloud. All of which includes several features, including, automatic provisioning of agents, policy management, vulnerabilities and EDR (Endpoint Detection and Response) integrated. In particular, for vulnerability assessment functionality it is possible to perform manual or large-scale scans, and analyze the vulnerabilities detected, on scanned systems, through a unified experience.

These features complement multi-cloud support, also recently announced, of Azure Defender for SQL, this allows you to constantly monitor sql server implementations to detect known threats and vulnerabilities. these features are usable for sql server enabled in an on-premises environment, on virtual machines in Azure and also in multi-cloud deployment, contemplating Amazon Web Services (AWS) and Google Cloud Platform (GCP).

The solutionAzure Arc plays a fundamental role in all this and allows you to extend azure management services and principles to any infrastructure. To achieve this, Microsoft has decided to extend the model Azure Resource Manager to support hybrid and multi-cloud environments, this makes it easier to implement the security features in Azure on all infrastructure components.

Figure 2 – Azure Arc for hybrid and multi-cloud environments

The onboarding process and capabilities offered vary depending on the public cloud you intend to incorporate into Azure Security Center. the following paragraphs provide features for both amazon web services (AWS) that for Google Cloud Platform (GCP).

Amazon Web Services (AWS)

The onboarding process of your AWS account integrates the solution AWS Security Hub with Azure Security Center. In this way it is possible to obtain complete visibility and protection of these cloud environments to provide:

  • Automatic agent provisioning. ASC uses Azure Arc to deploy Log Analytics agent on board AWS instances.
  • Policy management.
  • Vulnerability management.
  • EDR (Endpoint Detection and Response) integrated.
  • Detecting security-impacting configuration errors.
  • A single view that can show ASC recommendations and AWS Security Hub.
  • An ASC score that also includes AWS resources.
  • Regulatory compliance assessments also for AWS resources.

The moment the connection with AWS Security Hub is configured correctly:

  • ASC scans AWS environment for EC2 instances, onboarding is done in Azure Arc, allowing log analytics agent to be installed. This gives you threat protection and gets security advice.
  • The ASC service scans new AWS EC2 instances each 6 hours and integrates them according to the configuration made.
  • The AWS CIS standard is shown in asc's regulatory compliance dashboard.
  • If the AWS Security Hub are enabled, recommendations will appear in the asc portal and regulatory compliance dashboard, after a few minutes after the completion of the onboarding process.

Figure 3 – AWS recommendations displayed in the ASC portal

To view active recommendations for your resources by type, you can use the security center asset inventory page and apply the specific filter for the type of aws resource that interests you:

Figure 4 – Display filters for AWS resources

Google Cloud Platform (GCP)

The onboarding mechanism of your GCP account allows you to integrate GCP Security Command with Azure Security Center and to have complete visibility and protection, in particular by providing:

  • Detecting security-impacting configuration errors.
  • A single view that can show ASC recommendations and GCP Security Command Center.
  • An ASC score that also includes GCP resources.
  • Integration of boards of GCP Security Command Center CIS-based within the Azure Security Center regulatory compliance dashboard.

The moment the connection with GCP Security Command completes:

  • The CIS GCP standard is shown in asc's regulatory compliance dashboard.
  • Security recommendations for resources located in GCP will appear in the Azure Security Center portal and regulatory compliance dashboard within minutes of completing onboarding.

Figure 5 – GCP recommendations displayed in the ASC portal

GCP virtual machine onboarding is currently manual, but you can adopt scripts to do it on a large scale.

On the Azure Security Center recommendations page, you can view all azure resource security recommendations along with AWS and GCP recommendations, thus obtaining a multi-cloud view.

Conclusions

The ability to adopt Azure Security Center as a centralized control solution, where security information from other public clouds also converges, combined with the possibilities given by integration with Azure Arc, to extend the protection of your systems, allows you to achieve a high degree of security and improve security postures in multi-cloud environments. Multi-cloud strategy adoption will become increasingly widespread, and Microsoft will continue to expand Azure Security Center to provide the best solutions to protect Azure, hybrid environments and multi-cloud operating models.

Please follow and like us: