Learn about the stages, policies and features of Azure Security Center, a cloud security service.
Security in the cloud is one of the most talked about current topics and Azure Security Center fits in that space.
In the next three blogs, we will feature different Microsoft cloud services: Security Center, Secure Score, and Cloud Apps Security. We explain the details of each service so you have a better understanding of what is included, what is extra, and what you really need to use.
Stages of the Azure Security Center
The Azure Security Center performs its duties in three stages, as shown below. The service actively monitors work streams, detects any anomalies, and provides guidance for remediation.
The table below offers a high level look at how and where you are covered. We will take a closer look at details next.
The Security Center service is available by Azure subscription only – the Office 365 Azure Active Directory Access subscription (provided with Office 365) does not qualify.
The reason is that the security center doesn’t monitor Office 365 (at least not today). It monitors the resources and work streams within Azure: Virtual Machines, SQL Databases, Web Applications, Virtual Networks and so on. This service monitors all of the endpoints that are in use across your Azure service implementations.
The service’s dashboard (image) presents an at-a-glance detail view of security health, what recommendations are available for remediation, and quick access to prevention policies. You can create prevention policies by subscription, or resource groups within subscriptions.
So, if you have multiple Azure subscriptions or resource groups, you can specify prevention policies for each, inherit parent settings, or use defaults.
This is useful if you have test and production environments because you can be less security-stringent while performing testing.
Azure Security Center Policies
The policies themselves are unambiguous and configuration is fast and easy. Data collected from a resource group or subscription can be customized to show recommendations for the following categories:
- System Updates
- OS vulnerabilities
- Endpoint protection
- Disk encryption
- Network security groups
- Web application firewall
- Next generation firewall
- Vulnerability assessment
- Storage Encryption
- SQL auditing & Threat detection
- SQL Encryption
The output of these security checks comprise the “Recommendations” section and the recommended actions list.
If this were all monitoring with no actionable output, it would be useless. Each of the items can be selected and includes one-click remediation, help topics, and extended information about what is being reported and why.
Finally, the security center includes a stacked bar chart (not shown) of current security alerts by severity and by date that have yet to be acted upon.
Keep in mind that, like Office 365 and other Azure workloads, new features are being added all the time. Full details at the time of this writing can be found here: Azure Security Center PDF. At 223 pages, though, it is more thorough than necessary for all but the hard-core security folks. It is, however, a great reference.