Azure Security Center helps you prevent, identify, and react to threats with expanded visibility and control over all your Azure Resources security.. It gives coordinated security monitoring and policy management across your Azure memberships, helps in recognizing threats that may somehow go unnoticed, and works with a broader ecosystem of security arrangements..
Maintaining a strong security for all cl theoud-based applications in an enterprise is the responsibility of organization and it’s cloud provider.As many organizations are transforming their applications and transactions over digital, there is an increase in usage of cloud services. Hence, cloud security has become an essential factor of investment for the organizations. built-in security controls and capabilities to host the organization’s IT infrastructure, Web applications, and database in the cloud.
Some Key Terms to Understand before getting deeper into the concept
Azure Resources : They are some data reference groups created automatically for Virtual machines, Virtual Networks, SQL services, Storage accounts, web applications, other databases etc.
Security Policy: They are defined rule or controls on Azure resources.
Security Recommendations are created when security vulnerabilities are found in a system. These recommendations are selected as per the security problem aroused. Some of the recommendations would be OS configurations not matching the system requirements, identify and remove malicious software by providing an anti-malware, providing a web application firewall etc.
State of Security shows the list of issues formed when a potential security vulnerabilities have been identified. They are shown on Prevention session of Security center dashboard which have Compute, Networking, Storage & data, and Applications.
Data Collection is a process of collecting the data using the Microsoft Monitoring Agent. It reads the data along with the security-related configurations and event logs from the machine and then copies it to the workspace.
Security Alerts are formed when any threads are identified in the system.
Partner Solutions are other applications integrated with Azure. They show the status of a partner solution as
Green implies there is no issue.
Unhealthy means Red, say there is a health problem that requires one to take action immediately..
Orange indicated to Quit or Sopped reporting.
Unknown protection status (orange) means something unknown/obscure/ malware has shaped in the system due to a failed process of adding another asset to the current arrangement.
Not detailed (gray) - the arrangement has not reported anything yet. That means a solution's status may be unreported.
Security Center delivers easy-to-use and effective threat prevention, detection, and response capabilities that are built in to Azure. Key capabilities are:
Automatically collects, analyzes the security of the data from your Azure resources and partner solutions.
Uses global threat intelligence features like Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds
Applies human analytics like machine learning.
Security incidents/alerts are provided on emergency basis.
Enables trusted platform for enterprises for their cloud-based applications.
Provides an enterprise-level identity governance on the data to manage the access for end users.
Azure Virtual machines are separated from the organisations firewall, traffic and users.
Data is encrypted and protected from destruction.
Continuous monitoring and traffic analysis with customized penetration testing services.
Previews on Azure Storage security , security vulnerabilities, web application firewall Security incidents are available to the end user.?
To get started with Security Center, you need a subscription to Microsoft Azure. When you logged into Azure Portal, on the Microsoft Azure menu, select Security Center.
The Welcome blade opens, if you have logged in for the first time. Select Launch Security Center ..
Now, Set up the following one by one
To learn more on configuring other, you can refer Microsoft documentation on Azure Security Center
It has extended it’s partner services in the platform from known security gaints like Barracuda, Check Point, Fortinet in Sep 16. In jan 17, Trend Micro Deep Security, and Dome9 started native Azure is a good sing for the platform. From a threat detection standpoint, it started providing built-in threat attribution reports. Manymore integrations into research-driven information such as adversaries is always in process for Azure which makes the enterprises to continue to build their thrust.