The Defense Tactics of Azure Security Center for Microsoft Cloud

By CIOReview | Tuesday, July 19, 2016
613
1013
226

Overview

In today’s complex and regulated environment, Cloud computing assists in transferring some of the cost, risk, and effort of managing IT platforms and software to an independent, validated provider. Microsoft leveraged the decades-long experience in security systems to implement and continuously improve security-aware software development, operational management, and threat mitigation practices that are essential to the strong protection of services and data in the cloud. 

Azure Security Center

Staying ahead of the modern threats in cloud requires an integrated, analytics-driven approach. By combining Microsoft global threat intelligence and expertise with insights into cloud security-related events, Azure Security Center helps detect the threats, right from the initial stages of attack. Microsoft recently introduced a series of updates to position Azure as a full-fledged cloud infrastructure to run applications on Windows Server and Linux. Starting with the Security Development Lifecycle that embeds safety into every phase of the development process, security is injected into the Microsoft cloud. This ensures that the Microsoft Cloud is protected at the physical, network, host, application, and data layers making the online services resilient to any cyber attack. Continuous proactive monitoring, penetration testing, and the application of rigorous security guidelines and operational processes further increase the level of detection and protection throughout the Microsoft Cloud.

With Azure Security Centre, the users not only get a central view of the security state of resources, but also can verify that the appropriate security controls are configured correctly. By means of a global incident-response team readily working around the clock to mitigate the effects of any attacks against the Microsoft Cloud, Microsoft adopts an “assume breach” stance as a security strategy for better defense. These practices are also backed by centers of excellence that fight digital crime, react to security incidents and vulnerabilities in Microsoft software, and combat malware. Some of the other safety strategies include techniques like encryption where the communications are protected with industry-standard encrypted transport protocols between user devices and Microsoft datacenters. Offering users the flexibility to choose the most suitable solution, the Microsoft Cloud offers a wide range of encryption capabilities up to AES-256.

Azure offers an Active Directory that is a comprehensive identity and access management cloud solution that helps secure access to data and on-premises and cloud applications simplifying the management of users and groups. Azure Active Directory not only makes it easy for developers to build policy-based identity management into applications but also is a combination of core directory services, advanced identity governance, security, and application access management. This is also a significant component of Microsoft Cloud services, including Microsoft Azure, Microsoft Dynamics CRM Online, Microsoft Intune, and Microsoft Office 365 and thousands of third-party SaaS apps.

Security Portfolio at a Glance

Microsoft has evolved Azure with fully automated security methodologies, combining revolutionary strategies covering almost all the security loopholes in today’s cyber world.

Digital Certificate Management

The certificates and keys are generated with isolated application codes and are encrypted and stored in a covert repository with additional password protection.

Minimal Privileges

To provide safety from customers or third party users, the applications are run on virtual machines with minimal privileges blocking any unauthorized manipulations.

Data Access Control

Each customer is provided with a completely isolated vault with a unique password which is connected with the particular user account.

Hypervisor Isolation

The client virtual machines are isolated to maintain disk safety while shared. The hypervisor and the root OS are responsible for the isolation of guest virtual machines.

VLAN Isolation

The traffic inside the network is fully organized and verified by the router while exchanging data between networks, to prevent receipt of external traffic.

Packet Filtering and Update

The embedded packet filter clears all the unsafe packets that try to enter the internal network. The database is regularly updated and all outdated files are completely removed using scavengers.

The Highlights

Enhanced Security Policies

Microsoft Azure offers subscriptions according to the user’s cloud security needs, tailored to the type of applications or sensitivity of the data in each subscription. Security teams can define a security policy by valuing various Azure assets, and then receive recommendations and assessments of their environment. The policies in the recent release fall into the categories of patches, security configuration baselines, endpoint ACLs, network security groups, SQL auditing, Transparent Data Encryption in Azure databases, Bit Locker disk encryption and antimalware. Web application firewalls, next-generation firewalls and other enterprise security controls are available through partnerships with leading providers.

Security Alert

The Azure Security center has an integrated Security Alert system that provides targeted information about definite, possible or hypothetical issues associated with definite assets within the Microsoft cloud. This system allows Analysts to click into the prioritized alerts and see the virtual machines and assets that are affected. A detailed study can further open a new pane with more details on the alert, get a choice of recommended remediation steps and possibilities for implementing the controls. The company is also adding various basic intrusion detection and reputation scoring capabilities that supports analysis of a suspected scenario. Security teams can also immediately run anti-malware scans on systems that may be compromised. Microsoft Azure Security Center not only promises to allow organizations to collect and aggregate log and event data within the cloud but also allows integration options with leading log management and SIEM tools.

Security Recommendations

The recommendations utility built into Azure Security Center allows analysts to perform assessments against their defined policies and receive detailed ratings of the potential risks; systems may have within the Azure environment. Microsoft also offers the ability to immediately find ways to remediate the noted shortcomings by implementing built-in controls or finding partner products that can address the issues. Making the entire process of remediation much simpler, Microsoft even automates the back-end network connections and connectivity for solutions implemented through the Azure Security Center wizard.

It is apparent that the security mechanisms offered by providers are aimed at protecting valuable data and information, including the hardware and virtual machines. Since it is important to prevent further attacks in case of illegal capture of a virtual machine, Microsoft has added some impressive defense techniques to the cloud system.  While new threats are popping up every day, the security teams at Microsoft are building solid defense policies with added features and unique strategies.