How to improve security postures by adopting Azure Security Center

Optimal adoption of cloud solutions, useful for accelerating the digital transformation of businesses, must include a process capable of ensuring and maintaining a high degree of security of its IT resources, regardless of the deployment models implemented. Have a single infrastructure security management system, that strengthens your environment's security postures and provides enhanced threat protection for workloads, wherever they reside, becomes an indispensable element. The Azure Security Center solution achieves these goals and can address key security challenges. This article describes the features of the solution that allow you to improve and control the security aspects of the IT environment.

The challenges of cloud security

Among the main challenges that must be faced in the security field by adopting cloud solutions we find:

• Always rapidly changing workloads. This aspect is certainly a double-edged sword of the cloud in that on the one hand, end users have the ability to get more out of solutions, on the other hand, it becomes complex to ensure that the constantly evolving services live up to their standards and that they follow all the best security practices.
• Increasingly sophisticated attacks. No matter where your workloads are running, security attacks adopt sophisticated and advanced techniques that require you to implement reliable procedures to counter their effectiveness.
• Resources and expertise in the field of security not always up to par to address security alerts and ensure that environments are protected. Security is an evolving front and staying up to date is a constant and difficult challenge to achieve.

Azure Security Center can effectively respond to the challenges listed above by enabling you to prevent, detect and address security threats affecting Azure resources and workloads in hybrid and multicloud environments. Everything runs at the speed of the cloud, as the solution is fully natively integrated into the Azure platform and is able to ensure simple and automatic provisioning.

The security pillars covered by Azure Security Center

Azure Security Center features (ASC) are able to sustain two great pillars of cloud security:

• Cloud Security Posture Management (CSPM): ASC is available for free for all Azure subscriptions. Enabling takes place when you visit the ASC dashboard for the first time in the Azure portal or by enabling it programmatically via API. In this mode (Azure Defender OFF) features related to the CSPM area are offered, including:
  • A continuous assessment that reports recommendations related to the security of the Azure environment. ASC continually discovers new resources that are deployed and assesses whether they are configured based on security best practices. If not,, resources are flagged and you get a priority list of recommendations for what you should fix to get them protected. This list of recommendations is taken and supported by Azure Security Benchmark, the Azure-specific set of guidelines created by Microsoft, this contains security and compliance best practices based on common frameworks. This benchmark is based on the controls of the Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST), with a focus on cloud-centric security.
  • Assigning a global score to your environment, that allows you to assess the risk profile and take action to take remediation actions.

• Cloud workload protection (CWP): Azure Defender is the CWP platform integrated in ASC that offers advanced and intelligent protection of resources and workloads residing in Azure and in hybrid and multicloud environments. Enabling Azure Defender offers a range of additional security features as described in the following paragraphs.

What types of resources can be protected with Azure Defender?

Enabling Azure Defender extends the functionality of the free mode, also to workloads running in private clouds, at other public clouds and hybrid environments, providing comprehensive management and unified security.

Among the main features of Azure Defender we find:

• Microsoft Defender for Endpoint. ASC integrates with Microsoft Defender for Endpoint to provide comprehensive functionality of Endpoint Detection and Response(EDR). With this integration, you can take advantage of the following features:
  • Automated Onboarding: Once the integration is activated, the Microsoft Defender for Endpoint sensor is automatically enabled for the servers monitored by the Security Center, except for Linux and Windows Server systems 2019, for which it is necessary to make specific configurations. Server systems monitored by ASC will also be present in the Microsoft Defender for Endpoint console.
  • Microsoft Defender for Endpoint alerts will also be displayed in the ASC console, in order to keep all reports in a single centralized console.

• Vulnerability Assessment for Virtual Machines and Container Registries. Vulnerability scanning included in ASC is done through the solutionQualys, This is recognized as a leader to identify in real time any vulnerabilities present on the systems. No additional license is required to take advantage of this feature.

• Hybrid cloud and multicloud protection. Thanks to the fact that Azure Defender for Servers take advantage of Azure Arc you can simplify the onboarding process, and enable the protection of virtual machines running in AWS environments, GCP or hybrid cloud. All of which includes several features, including, automatic provisioning of agents, policy management, vulnerabilities and EDR (Endpoint Detection and Response) integrated. Furthermore, thanks to the multicloud support of Azure Defender for SQL, it is possible to constantly monitor SQL Server implementations for known threats and vulnerabilities. These features are also usable for SQL Server activated in an on-premises environment, on virtual machines in Azure and also in multicloud deployments, contemplating Amazon Web Services (AWS) and Google Cloud Platform (GCP).

• Access and application controls (AAC). It is a solution that can control which applications run on systems, this allows you to do the following:
  • Be alerted to attempts to run malicious applications, that may potentially not be detected by antimalware solutions.
  • Respect corporate compliance, allowing the execution of only licensed software.
  • Avoid using unwanted or obsolete software in your infrastructure.
  • Control access to sensitive data that takes place using specific applications.

All this is made possible thanks to machine learning policies, adapt to your workloads, which are used to create authorization and denial lists.

• Threat protection alerts. Thanks to the integrated behavioral analysis features, the Microsoft Intelligent Security Graph and machine learning can identify advanced attacks and zero-day exploits. When Azure Defender detects a threat anywhere in your environment, generates a security alert. These alerts describe the details of the affected resources, the suggested correction steps and in some cases the possibility is provided to activate Logic Apps in response. All security alerts can be exported to Azure Sentinel, in third-party SIEM or other SOAR tools (Security Orchestration, Automation and Response) or IT Service Management.

• Network map. To continuously monitor the security status of the network, ASC provides a map that allows you to view the topology of the workloads and evaluate if each node is configured correctly. By checking how the nodes are connected, you can more easily block unwanted connections which could potentially make it easier for an attacker to attack your network.

• Specific security for different scopes. Azure Defender allows you to specifically protect different artifacts and receive security alerts. There are different protections that can be enabled, including:
  • Azure Defender for servers
  • Azure Defender for App Service
  • Azure Defender for Storage
  • Azure Defender for SQL
  • Azure Defender for Kubernetes
  • Azure Defender for container registries
  • Azure Defender for Key Vault
  • Azure Defender for Resource Manager
  • Azure Defender for DNS

Azure Defender dashboard in ASC allows you to have visibility and undertake specific controls on CWP features for your environment:

Azure Defender is free for the first 30 days, at the end of which if you choose to continue using the service, charges will be charged as reported in this document.

Conclusions

Azure Security Center helps you strengthen the security posture of your IT infrastructure. Thanks to the features offered, it is possible to implement best practices globally and obtain an overview in the security field. The solution combines the knowledge gained by Microsoft in the management of its services with new and powerful technologies suitable for dealing with and managing the issue of security in a conscious and effective way..