Announcements, Azure Defender, Hybrid + Multicloud, Microsoft Sentinel, Security
Protect multi-cloud workloads with new Azure security innovations
By Eric Doerr Vice President, Cloud Security
5 min read
In the last six months, COVID-19 has changed almost everything about the way we approach work and security. Now, you have to meet the needs of a remote workforce, support rapidly evolving business requirements, and steer your organization to the next normal – even without actually knowing what that normal will entail. At the same time, cybersecurity is more crucial than ever, as bad actors exploit the opportunity to prey on fears and weaknesses.
On the surface, all of this may seem intimidating. But with this kind of dramatic change also comes the opportunity to evolve. We know that the “new normal” now requires you to address a higher volume of security work than ever, all while remaining agile and reducing costs. How do you do that? By having a razor-sharp focus on what’s important. That’s why Microsoft Azure is here to empower you with cloud-native tools that give you the breadth of coverage you need to defend against bad actors, alongside built-in AI to help you focus your attentions on the biggest threats and most critical priorities.
Today, we're pleased to announce a broad set of innovations to help you protect multicloud and Azure workloads including:
- New branding experience, additional protections, and CyberX integration for Azure Defender.
- User and entity behavior analytics and threat intelligence for Azure Sentinel.
- Multi-cloud security posture management for Azure Security Center.
- Managed hardware security module for Azure Key Vault.
- Expanded security control assessments with the Azure Security Benchmark v2.
- Additional service support for Customer Lockbox for Azure.
- Double Encryption for data at rest and transit.
Whether you’re protecting Azure or protecting your entire enterprise with Azure security tools, these improvements are built to help simplify and empower you to focus on what’s important.
New branding experience, additional protections, and CyberX integration for Azure Defender
Today, you need to detect threats across many different attack surfaces. XDR is an emerging industry category that describes the set of threat protection technologies that span endpoints, applications, networking, and cloud. Some vendors deliver an XDR, some vendors deliver a SIEM. Microsoft believes that you benefit from both the comprehensive nature of a SIEM and from the signal prioritization of XDR. Microsoft delivers one of the most comprehensive XDR capabilities in the market with user environment protection technologies like Microsoft Defender Advanced Threat Protection (ATP), Azure ATP, and Office 365 ATP, as well as infrastructure protection technologies like Azure Security Center Standard edition, Azure Security Center for IoT, and Advanced Threat Protection for SQL.
Today we are simplifying and unifying our branding of these technologies under the unified brand of Microsoft Defender. Microsoft Defender includes Microsoft 365 Defender to protect user environments and Azure Defender for cloud workload protection of hybrid environments.
The Azure Defender service includes all of the previously-branded Azure Security Center threat protection technologies. For example, Advanced Threat Protection for Azure Storage is now Azure Defender for Storage. Beyond rebranding there is a new Azure Defender dashboard in the Azure portal and additional Azure Defender protections. In many cases we see customers protecting only a subset of their resources, such as virtual machines, which leaves other resources such as SQL or Storage accounts vulnerable to attack. The new unified dashboard shows you which resources are protected so that you can easily see which resources need to be protected. We continue to expand threat protection capabilities of Azure Defender. The new protections are for Azure Key Vault now generally available, Azure Kubernetes now generally available, SQL Servers on-premises in preview, and IoT in preview as described below.
Azure Security Center for IoT is now rebranded as Azure Defender for IoT. In July, we announced the acquisition of CyberX to help protect industrial IoT, operational technology (OT) and building management system (BMS) environments.
Today we are announcing that CyberX’s agentless capabilities are now integrated into Azure Defender for IoT, allowing you to continuously identify assets, vulnerabilities, and threats across unmanaged legacy IoT/OT devices alongside managed devices. Azure Defender for IoT continues to support air-gapped environments on-premises and we will add more Azure connected scenarios over time. These new capabilities are available for no charge during preview which will commence in October.
User and entity behavior analytics and threat intelligence for Azure Sentinel
Azure Sentinel is introducing new features to help you pinpoint threats across your enterprise. Today, we are adding a preview of user and entity behavior analytics that helps SecOps detect unknown threats and anomalous behavior of compromised users and insider threats. New insights are unlocked with user and entity behavior profiles that leverage machine learning and Microsoft's security research.
Microsoft’s threat intelligence is built from analyzing trillions of diverse signals every day. We are also announcing preview improvements including making it easier for you to manage threat intelligence, including the ability to search, add, and track threat indicators, perform threat intelligence look-ups, and enrichments, as well as creating watchlists for hunting threats – so you can catch more threats, faster. There are a host of other improvements highlighted in the Azure Sentinel blog including a common schema and more connectors, including for Microsoft Teams.
To help Microsoft 365 E5 customers modernize faster, we are offering promotional pricing that will save the typical 3,500 seat deployment $1,500 per month beginning in November 2020. Contact your account representative for more information.
Multi-cloud security posture management for Azure Security Center
We know that now, you’re tasked with protecting a broader attack surface than ever before – and doing that effectively means understanding your vulnerabilities across all of your cloud environments, not just Azure. Ever wonder if your Google Cloud security is configured correctly? How about AWS? Azure Security Center now has a preview of unified multi-cloud view that includes your Google Cloud and AWS security alerts to help simplify security posture management.
Managed hardware security module for Azure Key Vault
We are adding a new option for Azure Key Vault that gives you a single-tenant hardware security module (HSM) instance that is fully managed, highly available and validated to FIPS 140-2 Level 3. Azure Key Vault managed HSM is now in preview and has the same API as Key Vault. Over time Key Vault managed HSM will match the existing Key Vault support for 100+ services using customer managed keys.
Expanded security control assessments with Azure Security Benchmark v2
A key step in cloud adoption journey for organizations is assessing the cloud services against their security control frameworks. Today we are announcing Azure Security Benchmark v2 which includes NIST SP 800-53 controls in addition to the existing support for the CIS control framework v7.1. Azure Security Benchmark v2 is now available within the Azure Security Center regulatory compliance dashboard.
Additional service support Customer Lockbox for Azure
Especially now, with a remote and distributed workforce, maintaining true security means covering every scenario. Customer Lockbox provides an interface for customers to review and approve or reject customer data access requests by Microsoft Engineers. Customer Lockbox is now available for more than 20 services including new support for Azure Kubernetes service, HDInsight, Azure DataBox, and Azure App Service. Customer Lockbox is also now in preview in Azure Government Cloud.
Double Encryption for data at rest and transit
Azure customers can now get two layers of encryption at rest or in transit for defense in depth. This provides additional security controls for highly sensitive customers. Please consult the documentation of each Azure service for instructions on how to enable double encryption in that service.
Continuing to empower you
At Azure, our top goal is to give you the tools you need to maintain security while working remotely and fending off evolving threats. We want Azure to be your trusted cloud, and to equip you to protect not only your Azure environments but your whole organization with cloud-based security tools. Keep the feedback coming!
Azure. Invent with purpose.