Security is without question one of the largest pain points for companies of all sizes right now — for a spectrum of reasons.
For small businesses, it’s typically a question of resources. If you have an IT team at all, having a team member devoted to security full time is typically not a reasonable option.
For mid-sized and larger businesses, the challenge becomes one of scale and complexity. The more software, platforms, data, devices, and end users you have to manage, the harder it is to keep everything updated and secured.
That’s why tools that make security easier are a precious thing. In September, Microsoft announced that Azure Security Center would be extended to help companies protect not only workloads running in Azure but those that are on-premises and cloud-based as well. It’s a welcome feature set that’s perfectly in step with the growing trend toward hybrid multi-cloud strategies.
Azure Security Center Features
The great news about the Azure Security Center updates is that it reduces the complexity of securing distributed infrastructure by “unifying security management across environments and providing intelligent threat protection using analytics and the Microsoft Intelligent Security Graph.” Even though it is from Microsoft, it is a truly agnostic, cross-platform technology supporting multiple OSes and clouds including AWS, Windows, Linux, and more.
What do the new features amount to?
Monitor workloads that are on-premise or in other clouds: Simply install the Microsoft Monitoring Agent on on-premises machines and other clouds, and Security Center will automatically discover and monitor them.
Streamline policy management: Now you can apply security policies across multiple subscriptions using a Management Group feature called Azure Policy. This is particularly good news for enterprises with many Azure subscriptions, as it makes sure security policies are applied consistently across all hybrid multi-cloud workloads.
Block malware with whitelisting: Security Center is using machine learning to recommend and apply adaptive whitelisting rules that are tailored to VMs and sets of VMs.
Automatically enabled advanced threat detection for Windows and Linux: Security Center is enhancing its threat detection capabilities by extending protection not only to Windows endpoints but Windows servers and Linux machines.
Visual, interactive investigation experience: Security Center’s new investigation interface helps you “quickly triage alerts, assess the scope of a breach, and determine the root cause.” It makes it easier to identify which alerts, computers, and users might be connected to an attack campaign.
Azure Logic App integration for security automation and orchestration: You can now trigger conditional incident response actions based on Security Center alerts. This may range from simply routing alerts to a ticketing system to full-on remediation.
Analyze security data from a variety of sources: You can use the Security Center as a central dashboard for analyzing data from not only the Security Center but network firewalls, Azure Active Directory Information Protection, and other connected solutions. See the geographic source of attacks, login activity data, and other insights you can use to spot potential threats.
Identify vulnerable web servers: Security Center checks the .NET, ASP.NET, and IIS configurations on your Windows VMs and servers and marks potential issues as notable events so you can review them.
If you’re worried about the complexities that come with a hybrid multi-cloud strategy, Azure Security Center is a great way to streamline security management across platforms and vendors. It may not solve every security challenge you’ll face, but it can take some of the sting out of securing a distributed infrastructure.Still wondering if a hybrid multi-cloud strategy is right for your company? Get in touch with our team to open up a dialogue. We’ll give you a platform-agnostic assessment based on your goals and needs so you can move forward with confidence.