Azure Security Center
Turn on protection you need
Microsoft uses a wide variety of physical, infrastructure, and operational controls to help secure Azure—but there are additional actions you need to take to help safeguard your workloads. Turn on Security Center to quickly strengthen your security posture and protect against threats.
Security posture management for your cloud workloads
Quickly assess your security posture with Secure Score. This feature provides recommendations with numeric values to help you prioritize your responses.
Ensure you’re following best practices and fix common misconfigurations for Azure infrastructure as a service (IaaS) and platform as a service (PaaS) resources that may include:
- Failure to deploy system updates on virtual machines (VMs).
- Unnecessary exposure to the Internet through public-facing endpoints.
- Unencrypted data in transit or storage.
When you address these, easily deploy Microsoft and partner solutions directly from the Azure portal.
Customize your security policy to focus on what you need to—for example, check for web application firewalls or storage encryption—and apply your policy to multiple Azure subscriptions. Gain visibility across your environment to verify compliance with regulatory requirements, such as CIS, PCI DSS, SOC, and ISO.
Get enhanced threat protection with Security Center Standard tier
Security Center gives you defense in depth with its ability to both detect and help protect against threats. Using machine learning to process trillions of signals across Microsoft services and systems, Security Center alerts you of threats to your environments, such as remote desktop protocol (RDP) brute-force attacks and SQL injections. And it provides actionable recommendations for mitigating these threats.
Standard Tier also provides features to help you reduce your attack surface area. Our more than 3,500 security experts use Standard tier and recommend that you do, too.
Security Center helps safeguard Windows servers and clients with Windows Defender Advanced Threat Protection and helps protect Linux servers with behavioral analytics. For every attack attempted or carried out, you receive a detailed report and recommendations for remediation.
Safeguard servers running in Azure and other clouds with advanced controls. Just-in-Time VM Access reduces your surface area exposed to RDP/SSH brute-force attack—one of the most common threats with more than 100,000 attack attempts on Azure VMs per month. Turn on Standard tier to mitigate this threat.
As you add applications to VMs in Azure, block malicious apps, including those not mitigated by antimalware solutions, by using adaptive application controls. Machine learning automatically applies new application whitelisting policies across your VMs.
Address vulnerabilities in web applications, such as exposed web pages and plug-ins, that are frequently targeted by attackers. Standard tier helps you protect your applications running on Azure App Service by flagging behavior that could pass through web application firewall instruments. It also helps you protect other cloud services, such as VM scale sets and containers.
Breakthroughs in big data and machine learning make it possible for Security Center to detect anomalous database access and query patterns, SQL injection attacks, and other threats targeting your SQL databases in Azure. Receive alerts on suspicious activity and recommended actions for investigating and mitigating these threats. Discover, classify, label, and protect sensitive data in your databases. Stop threats on your Azure Storage including access from an unusual location, unusual anonymous access, unusual data extraction or an unexpected delete.Try Standard tier free for 30 days
Get a unified view of security across all of your on-premises and cloud workloads, including your Azure IoT solution. Automatically discover and onboard new devices and apply security policies across your workloads (Leaf devices, Edge devices, IOT Hub) to ensure compliance with security standards. Continuously monitor the security of IoT devices, machines, networks, and Azure services, including your Azure IoT solution from edge devices to applications, using hundreds of built-in security assessments or create your own in a central dashboard. Optimize your security settings and improve your security score with actionable recommendations across virtual machines, networks, apps and data. With newly added IoT capabilities, you can now reduce attack surface for your Azure IoT solution and remediate issues before they can be exploited. Monitor your IoT solution for incoming attacks and post-breach activity.
Through partnering with members of Microsoft Intelligent Security Association, Microsoft is able to leverage a vast knowledge pool to defend against a world of increasing IoT threats in enterprise, healthcare, manufacturing, energy, building management systems, transportation, smart cities, smart homes and more. Azure Security Center for IoT's simple onboarding flow connects solutions, like Attivo Networks, CyberMDX, CyberX, Firedome and SecuriThings; enabling you to protect your managed and unmanaged IoT devices, view all security alerts, reduce your attack surface with security posture recommendations and run unified reports in a single pane of glass.
Quickly set up and extend security beyond Azure
- Extend security posture management and threat protection to on-premises VMs.
- Easily provision an agent to server workloads running on-premises.
- Assess your security through a unified view across your hybrid cloud workloads.
- Connect to existing tools and processes, like security information and event management (SIEM), or integrate partner security solutions.
- Reduce investments and reallocate resources by using built-in first-party or third-party security controls.
How Security Center works
When you activate Security Center, a monitoring agent is deployed automatically into Azure virtual machines. For on-premises VMs, you manually deploy the agent. Security Center begins assessing the security state of all your VMs, networks, applications, and data.
Our analytics engines analyze the data and machine learning synthesizes it. Security Center provides recommendations and threat alerts for protecting your workloads. You’ll know right away if there’s been an attack or anomalous activity.
Aggregate your security information in an Azure Monitor workspace for big data querying capabilities. Alternatively, you can query your data through REST APIs, PowerShell cmdlets, or integration with an existing SIEM, such as Azure Sentinel.
See how companies are protecting workloads with Security Center
Azure Security Center now integrates with your existing solutions
Use Security Center to receive recommendations not only from Microsoft but also from existing solutions from partners such as Check Point, Tenable and CyberArk, with many more integrations coming. You can now use Security Center’s simple onboarding flow to connect partner solutions to Security Center, view all your security posture recommendations in one place, run the same reports, and leverage all Security Center capabilities against both built-in and partner recommendations. You can also export Security Center recommendations to partner products.