We understand that security is priority number one in the cloud, and we understand how critical it is for you to find accurate and timely information about Azure security. One of the best reasons to use Azure for your applications and services is to take advantage of its wide array of security tools and capabilities. These tools and capabilities aid in the development of secure solutions on the secure Azure platform. Microsoft Azure ensures customer data confidentiality, integrity, and availability while also enabling transparent accountability.
This Blog covers:
1. What is Azure Security?
2. What is Azure Security Center?
3. How Does Azure Security Work?
4. Best Practices for Azure Security
5. Azure Security Tools
6. FAQs
What is Azure Security?
Azure Security refers to the security tools and capabilities available on Microsoft’s Azure cloud platform. According to Microsoft, the tools for securing its cloud service include “a wide range of physical, infrastructure, and operational controls.”Azure, as a public cloud computing platform, can support a wide range of programming languages, operating systems, frameworks, and devices. Customers can use Azure’s services and resources as long as they are connected to the Internet.
What is Azure Security Center?
Microsoft Security Center is a unified security management system that is available to Azure customers. Customers can enjoy the following Azure Security Center advantages:
- Providing visibility and control over Azure resource security (like Virtual Machines, Cloud Services, Azure Virtual Networks, and Blob Storage).
- Protecting hybrid workloads deployed in Azure or non-Azure environments, as well as on the premises of customers.
- Increasing security posture. The Azure Security Center monitors the cloud environment and provides customers with information about the status and security of their resources.
- Detection and prevention of cyber security threats. A single dashboard displays Azure Security Center alerts and recommendations. Security policies can be streamlined across the Security Center dashboard, which aids in regulatory compliance.
How Does Azure Security Work?
According to Azure documentation, the Microsoft Azure Security infrastructure follows a shared security responsibility model. This means that security is a collaborative effort between Azure and the customers, except in on-premise scenarios where the customers bear all responsibilities. However, as customers migrate to the cloud, some of their security responsibilities are transferred to Azure.
The following is how the division of responsibilities differs between cloud service models:
- Azure handles physical security in IaaS (infrastructure as a service) (hosts, networks, and data center).
- Azure handles physical security and the operating system in PaaS (platform as a service). Customers have access to Azure’s identity and directory infrastructure, network controls, and applications.
- Azure assumes more responsibilities in SaaS (software as a service): physical security, operating system, network controls, and application. Azure would continue to share the customer’s identity and directory infrastructure.
In a nutshell, Azure secures the physical infrastructure, after which the division of responsibilities varies according to the cloud delivery model. Customers in IaaS have more responsibilities than in PaaS or SaaS. Customers are always responsible for these three aspects, whether on-premise, IaaS, PaaS, or SaaS: data governance and rights management, account and access management, and endpoint protection.
Best Practices for Azure Security
The Azure Security documentation is also a great place to find security recommendations and best practices. Here are some pointers to help you get started quickly:
- Upgrade your Azure subscription to Azur Security Center Standard to gain access to additional features such as detecting and fixing security vulnerabilities, detecting threats with analytics and intelligence, and responding quickly to an attack.
- Keep your keys safe in the Azure Key Vault. This vault is intended to store passwords, database credentials, and other sensitive information.
- Configure a web application firewall.
- Use Azure MFA (Multi-factor Authentication) for admin accounts in particular.
- Protect virtual hard disc files with encryption.
- Place Azure VMs (virtual machines) on Azure virtual networks to connect them to other networked devices.
- To prevent and mitigate DDoS (distributed denial of service) attacks, use Azure’s DDoS services
- Put in place security policies to prevent abuse. To assist you in getting started, Azure can generate a security policy based on your Azure subscription.
- Examine the Security Center dashboard on a regular basis. The dashboard offers a centralized view of your Azure resources and suggests actions.
- Role-Based Access Control in Azure Security Center should be used (RBAC). There are five predefined roles (Subscription Owner, Resource Group Owner, Subscription Contributor, Resource Group Contributor, and Reader) as well as two additional security roles (Security Administrator and Security Reader). Permissions for these roles vary.
Azure Security Tools
-
Azure Security Center :
Azure Security Center is the platform’s native cloud security posture management (CSPM) service. It offers centralized infrastructure security management for both Azure and on-premises workloads. The Deployments are constantly checked against best practices, and any misconfigurations are flagged for correction.
Azure services are built-in, with Azure Security Center enabling cloud-speed detection and remediation. It quantifies your overall security posture by assigning a secure score to the resources in your subscription and assists customers in prioritizing risk mitigation activities to improve this score. Some of these remediation activities can be performed directly from the Security Center; others may necessitate manual intervention, for which detailed remediation instructions are provided.
Security Center includes integrated capabilities such as adaptive application controls, which define a set of known-safe applications that will trigger a security alert if any potential malware or malicious software is executed on cloud resources.
The service also includes a vulnerability assessment using Azure Defender (powered by Qualys).
However, assessing and reporting vulnerabilities is only the first step toward enabling cloud security. For security posture management, organizations must also consider specialized cyber risk-based remediation solutions, particularly in heterogeneous multi-cloud environments.![security centre]()
-
Azure Firewall:
Azure Firewall is a stateful firewall service that is fully managed for Azure workloads connected to a VNet. It is capable of supporting cloud-scale traffic because it is delivered as a highly available service that can be deployed across availability zones. It can be used to centralize rule configuration across subscriptions and networks in order to allow only legitimate traffic.
The threat intelligence capabilities of the firewall aid in the protection of your workloads from traffic generated by or directed at malicious domains and IP addresses. This data is obtained by Azure Firewall from the Microsoft Threat Intelligence feed, which is powered by the Intelligent Security Graph service. To limit outbound traffic, Azure Firewall also offers application FQDN-based filtering.
![azure firewall]()
-
Azure DDoS Protection:
Azure provides DDoS protection that is always on for all workloads hosted on the platform. While basic protection is enabled by default, customers can also choose DDoS Protection Standard for enhanced DDoS protection. Logging, telemetry, alerting, mitigation reports, and cost protection are some of the additional features available only with DDoS Standard.
DDoS Standard provides native integration and turnkey protection for Azure VNet workloads. It defends your workloads against Layer 3 and Layer 4 attacks, and when combined with Azure Web Application Firewall, it also provides Layer 7 (application) protection. The service also offers detailed attack analytics reports, which can be used to gain additional insight into the type and nature of the attack. Azure DDoS Protection provides extensive mitigation at scale by detecting and mitigating 60 different types of attacks.
![ddos-protection-overview-architecture]()
-
Azure Sentinel:
Azure Sentinel is the platform’s native SIEM solution, capable of ingesting telemetry data from multiple sources for analysis and threat detection. The data sources can be Azure resources, or they can be hosted on other cloud platforms or on-premises.
There are numerous connectors available for streaming telemetry data, either provided by Microsoft or developed by third-party ISVs, SIs, or even the community. Sentinel thus provides a centralized repository for telemetry data and threat intelligence. Customers can, for example, use Microsoft’s AWS Cloud connector to stream data from AWS CloudTrail to Azure Sentinel.
In addition to being a SIEM solution, Azure Sentinel includes security orchestration and automated response (SOAR) capabilities out of the box. Customers can use automation rules and playbooks to respond to identified threats. The playbooks are built on Azure logic applications and can trigger a defined workflow when a threat is detected. Sentinel also includes built-in hunting queries for detecting anomalies in log data. Furthermore, security analysts can easily create custom queries from the Azure portal for tailored detection.
![Sentinel-core-capabilities]()
-
Azure Web Application Firewall (WAF):
The Azure Web Application Firewall (WAF) protects web applications from a variety of known vulnerabilities. It provides centralized protection against such vulnerabilities, which could go undetected during the development phase. Any known threats, new or old, are centrally patched and updated at the WAF level before attackers can exploit them. This also reduces the administrative overhead for individual applications.
The prebuilt WAF rules can protect business applications from attack patterns such as SQL injection, cross-site scripting (XSS), PHP injection, and remote command execution. WAF can be enabled with popular Azure frontend services such as Application Gateway, Azure Front Door, and CDN (in preview). WAF for Application Gateway is based on the OWASP ModSecurity Core Rule Set and is automatically updated to protect against newly discovered vulnerabilities without the need for manual intervention.
![waf overview]()
FAQ’s
Q.1) What is Azure security?
Ans) Azure Security refers to Microsoft’s Azure cloud platform’s security tools and capabilities. Microsoft’s tools for securing its cloud service include “a wide range of physical, infrastructure, and operational controls.”Azure, as a public cloud computing platform, supports a wide range of programming languages, operating systems, frameworks, and devices. Customers can use Azure’s services and resources as long as they have an Internet connection.
Q.2)What comes under Azure security?
Ans) Here are the following which come under Azure Security
- Microsoft Sentinel.
- Microsoft Defender for Cloud.
- Protect your Azure resources from distributed denial-of-service (DDoS) attacks.
- Azure Bastion. Fully managed service that helps secure remote access to your virtual machines.
- Web Application Firewall. …
- Azure Firewall. …
- Azure Firewall Manager.
Q.3) How does Azure handle security?
Ans) With unique intelligence, you can detect threats early on.
Microsoft data scientists analyze the flood of data in the Microsoft Intelligent Security Graph using machine learning, behavioral analytics, and application-based intelligence. The resulting insights inform Azure services and assist you in detecting threats more quickly.
Q.4) Does Azure have good security?
Ans.) Azure protects data at rest with 256-bit AES encryption and in transit with TLS 1.2. You can even have double encryption by securely managing your keys and encrypting them using Azure Key Vault.
Q.5) How does Azure security work?
Ans.) The Azure Security Center monitors the cloud environment and provides customers with information about the status and security of their resources. Detection and prevention of cyber security threats. A single dashboard displays Azure Security Center alerts and recommendations.
References:
- Microsoft Azure Secure Network Connectivity: Firewall, DDOS, & NSG
- Microsoft Azure Security Technologies: Step By Step Activity Guides
- Microsoft Azure Security Technologies Certification
Next Task For You
In this blog, we discussed the overview of Azure Security Center; if you want to know more about Microsoft Azure Security Technologies and certification. Click on the below image and Register for our FREE CLASS Now!
The post What is Azure security? appeared first on Cloud Training Program.