Azure Security Center

Azure Security Center is an advanced integrated security management platform that Microsoft provides to all Azure subscribers. Standard product features include security integrity monitoring for cloud and local workloads. Block security threats with access control and applications. An adjustable security policy to maintain compliance with regulations and standards. Security vulnerability discovery tools and patches. Advanced threat detection with alerts and security scans. Here is an overview of Azure Security Center and how to leverage its rich set of features to enhance the security of cloud and on-premise implementations.

Security Roles & Policies

Azure Security Center allows you to assign roles to specific members of your team in order to grant them access to particular sets of tools within Security Center that correspond to their different areas of responsibility. Security Center’s role system is built on Role-Based Access Control (RBAC), which provides Azure subscribers with control over user access and permissions throughout Azure. The RBAC system comes with three built-in user roles—Owner, Contributor, and Reader—which work across Azure. The Owner and Contributor roles come in two types (Subscription and Resource Group). Azure Security Center has also added two additional roles that are unique to its security offering: Security Reader and Security Administrator. Altogether, this brings the total to seven available roles:

• Subscription Owner
• Subscription Contributor
• Resource Group Owner
• Resource Group Contributor
• Security Administrator
• Security Reader
• Reader

 

 

Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It provides integrated security monitoring and policy management across your Azure subscriptions, helps detect threats that might otherwise go unnoticed, and works with a broad ecosystem of security solutions. Security Center delivers easy-to-use and effective threat prevention, detection, and response capabilities that are built in to Azure. Key capabilities are:

 

Prevent

  • Monitors the security state of your Azure resources.
  • Defines policies for your Azure subscriptions and resource groups based on your company’s security requirements, the types of applications that you use, and the sensitivity of your data.
  • Uses policy-driven security recommendations to guide service owners through the process of implementing needed controls.
  • Rapidly deploys security services and appliances from Microsoft and partners.

 

Detect

  • Automatically collects and analyzes security data from your Azure resources, the network, and partner solutions like antimalware programs and firewalls.
  • Leverages global threat intelligence from Microsoft products and services, the Microsoft Digital Crimes Unit (DCU), the Microsoft Security Response Center (MSRC), and external feeds.
  • Applies advanced analytics, including machine learning and behavioral analysis

Respond

  • Provides prioritized security incidents/alerts.
  • Offers insights into the source of the attack and impacted resources.
  • Suggests ways to stop the current attack and help prevent future attacks