Cyber threats are evolving at an astonishing pace, and safeguarding your cloud workloads requires constant innovation. Since Azure Security Center became generally available in July 2016, we have been hard at work on new capabilities to help customers better defend against these threats. This includes expanded integration with security services from partners, along with additional monitoring of Azure services:
- Integrated Vulnerability Assessment (preview): Customers can now deploy vulnerability assessment solutions from partners like Qualys in just a few clicks. Findings from these solutions will be integrated so customers can view a prioritized list of all security vulnerabilities identified by Security Center and integrated partners in one place.
- Expanded Web Application Firewall (WAF) capabilities (preview): Streamlined deployment, monitoring and alerting of WAF solutions from partners is now available for Azure App Service Environments. In addition, customers will soon have more options when deploying WAF solutions, including solutions from Azure and additional partners.
- Azure Storage Security Assessment (preview): Security Center will begin monitoring and recommending encryption for Azure Storage in the coming weeks, and within a few clicks customers can enable built-in encryption for their Azure Storage Accounts.
To begin using these new features and gain instant visibility into the security state of your Azure resources, simply launch Security Center from the Azure portal.
In addition, Microsoft security research and data science teams are constantly monitoring the threat landscape to identify new attack vectors. As a result, Security Center detection algorithms are being continuously developed and refined. This security intelligence is also used to create richer, more actionable insights that you can use to remediate attacks more quickly – mitigating the business and financial impacts. New detection capabilities, available in the Standard tier, include:
- New Threat Detections: Ongoing security research has resulted in new analytics designed to detect insider threats and attempts to persist within a compromised system – both are achieved using behavioral analysis. Security Center is also now monitoring for outbound DDoS attacks and has enhanced brute force detection capabilities.
- Enhanced Security Incidents (preview): Incidents, which combine alerts that align to kill chain patterns, now offer insights into attack campaigns that span multiple VMs. Malicious activity detected on one VM can be correlated with similar activity on a second VM to enable customers to quickly understand what actions an attacker took and what resources are impacted. In addition, alerts from integrated antimalware and WAF solutions can now be included in incidents.
- Threat Intelligence Reports (preview): Security Center now features threat attributions reports that are built-in to security alerts – so you get valuable information in the context of active threats. Getting access to intelligence about an attacker, including their tactics and objectives, enables customers to target incident response and investigations.
To take advantage of these and other advanced detection capabilities, select the Standard tier or free 90 Day Trial from the Pricing Tier blade in the Security Center Policy. Security Center is now also available as part of the Operations Management Suite Security & Compliance solution. Learn more about pricing.
For more information on using Security Center, including details about these new capabilities, see the documentation.