4 Azure security features you must know about

Hosting on the Microsoft Azure platform is a fast and simple method to deploy and manage web-based applications. Countless organisations are already enjoying the advantages with rapid adoption seeing Azure revenue growing 98 percent year-over-year (February 2018)¹.

However, it’s still critical to secure these apps and servers with the same level of security as you would in an on-premises data centre.

Let’s take a closer look at the two security tiers Azure provides:

• The Free tier is automatically enabled on all Azure subscriptions and provides security policy, continuous security assessment and actionable security recommendations to help you protect your Azure resources.
• The Standard tier extends the capabilities to include workloads running in private and other public clouds, providing unified security management and threat protection across your hybrid cloud workloads. This tier also adds advanced threat detection capabilities, which uses built-in behavioural analytics and machine learning to identify attacks and zero-day exploits, plus access and application controls to reduce exposure to network attacks and malware, and more.

In this blog, we’ll explore the four key security capabilities that you need to understand to ensure your Azure deployments are protected:

• Integrated virtual machine security – Free tier
• Just-in-time virtual machine access – Standard tier
• Adaptive application controls – Standard tier
• File integrity monitoring – Standard Tier

Integrated VM Security

When creating VMs on Azure’s IaaS platform, you’re getting a blank canvas to work with. Enabling Azure’s Security Centre is a smart first step to quickly determine the security posture of your VMs and discover recommended actions and risk mitigations. While you can then ensure you take specific steps to configure security options, having a default security policy that is automatically applied to all new VMs protects you in the event that other teams in your organisation also create VMs without thinking about security.

You can customise that policy as needed to include protections such as what can and can’t run, what ports are open, and what is shut down. It can then be applied to all new VMs without any admin intervention at all.

The security set can also be run across existing VMs to provide detailed insights in to what protection may be missing, what risks there are and any other warnings that you wouldn’t have otherwise known about.

Just-in-Time (JIT) VM Access

As you know, the minute you connect a Public IP address to the internet it comes under brute force attacks. These attacks commonly target management ports like RDP or SSH to try and gain access to the VM.

JIT VM access allows you to limit access to virtual machine management ports. These ports are only opened when you need them and when finished, they’re automatically shut off again, reducing the vector for security attacks.

Adaptive Application Controls

There are two levels of Security Centre access you have with Azure. The default access is already included providing a comprehensive set of capabilities, while an advanced option provides additional machine learning and analytics.

By upgrading to the advanced option, you can use machine learning to recommend applications that should be whitelisted, as well as recommendations for file types such as MSIs and scripts. You can also group VMs based on the similarity of applications running on them making it easy to block unwanted applications and malware.

File Integrity Monitoring

Azure Security Centre is continuously monitoring the behaviour of the registry and configuration files to protect the integrity of your system and application software.

If an abnormal change to the files or strange behaviour is detected, Security Centre will create alerts to the administrator allowing your team to investigate and take remedial action.

Security Centre also integrates with many third-party solutions. For example, Palo Alto’s VM Series Next-Generation Firewall integrates seamlessly providing additional threat detection and unified health monitoring while simplifying deployment.

Azure Active Directory

These integration capabilities also extend to Active Directory. By integrating with a solution like Symantec Web Security Services (WSS), you can set user and group policy rules to manage access and enable rich enterprise-class single sign-on out of the box.

Azure Active Directory also includes a simple step-by-step user interface for connecting WSS, further enhancing the seamless integration.

While these are just a small set of the total security features available in Microsoft Azure, they provide some advanced security capabilities that will complement your existing security solutions. For more information contact Data^#3 today.

¹ https://techcrunch.com/2018/01/31/microsofts-azure-revenue-nearly-doubled-year-over-year-in-its-second-quarter/