• 3 min read

Azure Security Center extends advanced threat protection to hybrid cloud workloads

Azure Security Center, which helps you protect workloads running in Azure against cyber threats, can now also be used to secure workloads running on-premises and in other clouds. Managing security…

Azure Security Center, which helps you protect workloads running in Azure against cyber threats, can now also be used to secure workloads running on-premises and in other clouds. Managing security across increasingly distributed infrastructure is complex and can create gaps that are exploited by attackers. Security Center reduces this complexity by unifying security management across environments and providing intelligent threat protection using analytics and the Microsoft Intelligent Security Graph.

From simplified management to new ways to block and detect threats, Security Center continues to innovate to help solve today’s security challenges. New capabilities announced at Microsoft Ignite include:

  • Easy onboarding of hybrid cloud workloads: You can now onboard VMs and computers running on-premises and in other clouds by simply installing the Microsoft Monitoring Agent on these machines. For Operations Management Suite (OMS) Security & Compliance customers, connected computers will be automatically discovered and monitored by Security Center. Learn more about onboarding hybrid cloud workloads.

Onboarding of Hybrid Cloud Workloads

  • Enterprise-wide security policy: Leveraging Azure Policy, now in limited preview, Security Center policies can be applied across multiple subscriptions using Management Groups. This will greatly streamline policy management for customers with Enterprise Agreements and many Azure subscriptions, helping ensure that security policies are consistently applied to all of their Azure workloads. Policies can also be applied to workloads running on-premises and in other clouds for simple, central management.
  • Adaptive application controls: Security Center adaptive application controls, now in limited preview, help block malware and other unwanted or potentially vulnerable applications by applying whitelisting rules adapted to your specific workloads and powered by machine learning. By analyzing the applications running on your Azure VMs (currently Windows only), Security Center can recommend and apply a set of application whitelisting rules tailored to the specific VM or set of VMs, increasing the accuracy of whitelists while reducing management complexity.
  • Advanced threat detection for Windows and Linux: Augmenting existing threat detection capabilities, Security Center will soon include detections powered by Windows Defender Advanced Threat Protection (ATP). The advanced post-breach detections built for Windows endpoints, will be extended to Windows servers and available in Security Center. The new detections will be included in Security Center Standard and automatically enabled when you onboard resources. A preview will be available before the end of the year. In addition, Security Center has released to limited preview a new set of detections that leverage auditd records, a common auditing framework, to detect malicious behaviors on Linux machines.
  • Alert and incident investigations: Security Center has added a new visual, interactive investigation experience, now in preview, which helps you quickly triage alerts, assess the scope of a breach, and determine the root cause. Explore notable links between alerts, computers, and users that indicate they are connected to the attack campaign. Use predefined or ad hoc queries for deeper examination of security and operational events.

Investigation Dashboard (Preview)

  • Automation and orchestration: Security Center now integrates with Azure Logic Apps to automate and orchestrate security playbooks. Create a new Logic Apps workflow using the Security Center connector, and trigger incident response actions from a Security Center alert. Include conditional actions based on alert details to tailor the workflow based on alert type or other factors. Automate common workflows such as routing alerts to a ticketing system, collecting additional data to help during an investigation, and taking corrective action to remediate a threat.
  • Security data analysis: New integrated search and event monitoring capabilities in Security Center enable you to easily analyze security data from a variety of sources, including data collected by Security Center as well as connected solutions, such as network firewalls and Azure Active Directory Information Protection. Define notable events to track and custom alerts of potentially malicious activity using queries you define. A new threat intelligence map offers insight into the geographic source of attacks, and an identity and access dashboard contains data about login activity that can be used to spot potential threats.
  • Expanded security assessments: To help you identify web servers that may be at risk, Security Center now checks the .NET, ASP.NET, and IIS configurations on your Windows VMs and servers to identify vulnerabilities. During the preview, issues will appear as notable events.

With the threat landscape becoming ever more challenging, the Azure Security Center team is working hard to provide you with the solutions you need to keep pace. For more information on these new capabilities, read the documentation or open Security Center to start using them today.