• 3 min read

Azure Security Center adds new partners, detections, and more

We made some exciting enhancements to Azure Security Center, including more partners, detections, and security management capabilities.

Since we launched the public preview of Azure Security Center, we have been hard at work building new capabilities and integrating additional partner solutions. Today, in Bret Arsenault’s progress report, we announced some of the results of that work. I’m pleased to share additional details here.

New integrated partner solutions

Azure Security Center already makes it easy to bring trusted Web Application Firewall (WAF) and antimalware solutions with you to the cloud. In the next few weeks, we will add a new category of solutions: Next Generation Firewalls. This extends network protections beyond Network Security Groups, which are built-in to Azure. Security Center will discover deployments for which a Next Generation Firewall is recommended, and enable you to provision a virtual appliance from leading vendors, including Check Point and soon after Cisco and Fortinet, in just a few clicks.

In addition, you will soon have more options when deploying a WAF from Security Center, including Imperva SecureSphere and Imperva Incapsula solutions along with the ability to connect multiple web applications to a single WAF appliance and provision a WAF for applications running on Classic Virtual Machines. This builds on existing capabilities, which help you deploy Barracuda Web Application Firewall and F5 BIG-IP solutions as well as endpoint protection from Trend Micro. Alerts from all these partner solutions are integrated in Security Center so you can view and respond to security issues impacting your Azure resources in one place.

Advanced threat detection capabilities

In Azure Security Center, we leverage Microsoft’s unique ability to gather security intelligence from trillions of signals to help you detect threats sooner. For example, we have updated and expanded the detection algorithms in Security Center to discover compromised machines through analysis of crash dumps. After years of examining crash dumps that customers sent to Microsoft from more than one billion PCs worldwide, we are able to analyze these events to detect when a crash is the result of a failed exploitation attempt or brittle malware. Azure Security Center automatically collects crash events from Azure virtual machines, analyses the data, and alerts you when a VM is likely compromised.

Additional network and behavioral analytics are also available. SSH brute force attacks are now being detected for Linux virtual machines. Much like the existing RDP brute force detections for Windows VMs, Azure Security Center is using Machine Learning to understand typical network traffic patterns and more effectively distinguish between legitimate remote connection attempts and those being executed by attackers. If unusual access attempts are identified, a security alert is generated. New alerts are also being surfaced when suspicious processes are detected on virtual machines, based on collection and analysis of local security events logs.

Centralized security management

You may be running a variety of workloads in Azure with different security requirements. For example, you may have an application that contains sensitive data and requires additional security controls such as encryption. Starting next week, in addition to configuring a Security Policy at the subscription level, you can also configure a Security Policy for a Resource Group – enabling you to tailor the policy based on the security needs of a specific workload. Azure Security Center continually monitors your resources according to the policy you set, and alerts you if a configuration drifts or appropriate controls are not in place.

To help you do more with insights from Azure Security Center, we have released a Power BI Dashboard that enables you to visualize, analyze, and filter recommendations and security alerts from anywhere, including your mobile device. Use the Power BI dashboard to reveal trends and attack patterns – view security alerts by resource or source IP address and unaddressed security risks by resource or age. You can mash up Security Center recommendations and security alerts with other data in interesting ways, for example with Azure Audit Logs and Azure SQL Database Auditing, which both offer Power BI Dashboards, or you can export this data to Excel for easy reporting on the security state of your cloud resources.

PowerBI-ASC-Dashboard

As we continue to innovate to add new security and vulnerability management capabilities to Security Center, your input is incredibly valuable. Please share your ideas and suggestions on our feedback forum or email asc-feedback@microsoft.com.

If you are new to Azure Security Center and want to quickly get up to speed, don't miss the latest Microsoft Mechanics show for a short but informative introduction.

If you have more time, check out the documentation articles and videos. Or even better, you can start using it today for free – simply sign in to the Azure portal and browse to Security Center.