With being able to bring up and tear down VMs in a matter of minutes in Azure, it’s easy to lose visibility of our VM workloads.
This is where Azure Security Center fills that gap. When enabled, it constantly collects data and reports about your VM workloads and provides you recommendations, risks, and potential security issues. Security Center comes in two flavors, a free tier and paid tier. The only difference between the two is advanced detection instead of basic. Below is the general dashboard you see within the Azure portal.
Microsoft has provided a free anti-malware VM extension which can feed information from your VMs directly into the Security Center dashboard. They have also partnered up with various third party vendors in the event you would prefer something other then their endpoint protection. The Security Center dashboard gives you a list of items in your subscription which require attention, rates them by severity and the current state. The dashboard allows you to to dig pretty deep into each of the recommendations. For “Apply system updates,” you can see exactly which updates are missing from the OS and the severity of them. For “Add a Next Generation Firewall” it points you to the public IP address and then gives you the option of selecting an existing firewall or creating a new one.
When you move into the paid tier, you’re provided with” advanced threat detection” features which include integrated threat intelligence, behavioral analytics and anomaly detection.
All of these additional features leverages Microsoft’s global security infrastructure and applies them directly to your Azure subscription in some way. Threat intelligence information spans across all of Microsoft’s global services such as outlook.com, msn.com, bing.com and additional third party intelligence feed and is applied to your subscription when assessments are made. Behavior analytics compares data collected through logs such as crash dumps, system, network and compares them to a set of known compromised patterns which are generated through machine learning and massive data sets. Then you have anomaly detection which is probably the best detection and prevention technique. It uses uses machine learning specific to your network only to detect things which seem “out of place.” It would start by creating a baseline of what’s considered “normal” to your environment such as what time users normally access your machine, what region, how often incorrect credentials are entered. Once a baseline is established, it is constantly cross referenced with the current activity which would then trigger an alert in Security Center for further investigation.
If you’ve invested heavily into cloud computing and moved mission critical workloads into Azure, $15 per node per month is hardly much. Take into consideration the last time you have heard about a security breach or compromise at Microsoft. Now remember, with their paid tier you are leveraging their security infrastructure and technology which they use themselves.
Lastly Microsoft has done a nice job integrating Security Center with Power BI. You’re able take the information generated through Security Center and process it in Power BI for a well polished dashboard.
More information about Power BI integration can be found here.