Microsoft’s Azure cloud has recently expanded its native security features, making protecting your virtual machines (VMs) more capable. There are two sets of services which mimic what it has long had on the on-premises Windows Server side of things. If you are serious about your Azure deployments, you should consider using both of them to protect your cloud resources.
The first is called Azure Security Center. It analyzes your cloud data, including running Azure services, samples of network traffic across Microsoft’s cloud infrastructure, and VM configuration and security event and audit logs. All information is controlled in the web-based Security Center portal page that is part of the main Azure control center.
When you enable this service, Azure monitoring agents are installed in each of your VMs to collect data on their operation. Once these agents are installed, information is collected automatically and continuously from all your VMs. In addition to Windows Servers (2008 R2, 2012 and 2012 R2), Security Center also has agents for various Linux VMs (Ubuntu, Debian, CentOS, SUSE and Red Hat) too.
Once Security Center is up and running, it starts looking for threats to your VM collection. (Here is a more detailed explanation of what it detects.) If it finds something, it then makes recommendations to improve your security posture. This can include setting up anti-malware software, making changes to your network security groups, turning on a web application firewall, deploying system updates or changing other OS configurations. This could be instructive or annoying, depending on how far behind your VMs are with current patches and other updates, and how much they differ from Microsoft’s best practices.
Security Center can detect lateral threat movements as well as outgoing attacks and can be integrated into other security systems via a documented REST API. Microsoft is also working on other integrations, such as with the Qualys vulnerability scanners.
Speaking of anti-malware, one caveat is that the Security Center agents don’t recognize all anti-malware programs, especially those that have been pre-installed on your own images. They are designed to work with tools that support Azure extensions only. Another caveat is that you might have to install the agents manually if your VM was created several years ago and doesn’t recognize the automated installs.
The service is offered in two tiers: free and paid. For free, you can set up security policies, receive alerts, and monitor the state of your cloud VM collection. For an additional fee of $15 per VM per month, you get more advanced detection, threat intelligence and additional analysis and anomaly detection. You can try out the paid features for free for the first 90 days.
The second series of services is part of Microsoft’s Operations Management Suite (OMS). Think of this as a cloud version of the System Center tools that have been long available on Windows Servers, but that can handle both cloud and on-premises servers. It covers a wide range of activities, including log analytics, backups, site-to-site recovery and configuration tools for both Windows and Linux VMs. It also can manage VMs that are located on Amazon Web Services and Azure clouds too.
OMS consolidates four separate services that have been around for a while, making them easier to manage and extending their features. Taken together, OMS gives you more of a global worldview than the Security Center tool mentioned above. For example, like Security Center, you can view your security posture and detect security threats. However, OMS can look across your entire hybrid cloud environment. You can also examine how to optimize your data storage pools and other VM configurations.
Given the complexity of this particular service, Microsoft has wisely set up a couple of different ways to learn about its features. First is a guided tour of a pre-populated demo environment, where you can see how it works and have a support person guide your own installation. You can also look around on your own at their pre-set environment.
There are two pricing plans. For new subscriptions, OMS will cost $35 per VM per month. If you already have an existing System Center software assurance license, the cost is $23 per VM per month. These include a certain amount of data storage for logs and transaction fees: once these are exceeded, additional surcharges apply. You can also purchase services separately. For example you can pay just for backups of your VMs at $10 per VM per month.
Azure-based VM security products have been available for many years from a number of third party security vendors, including Illumio Adaptive Security Platform, SafeNet ProtectV, Trend Micro Deep Security, Dome9 and CloudPassage Halo. Many of these products support a wide variety of cloud collections from other providers such as Amazon, Google and OpenStack. With these two services, Microsoft is trying to widen their support for building more secure VMs in its Azure cloud.