Security is always high on the agenda for any IT Administrator. New vulnerabilities and threats are being identified every day, with Microsoft reporting a rapid rise in cyber crime in the past year.
With this in mind, it is important to keep your Azure environment secured to protect your business from threats, vulnerabilities, and data breaches. Microsoft consider security a shared responsibility between themselves and their Azure customers.
Microsoft is responsible for the physical security at their Azure Datacentres. Access is only granted if there is a valid business justification, and to the specific area of the datacentre required. The entire facility perimeter is comprised of a high steel or concrete wall, with a specific access point all staff and visitors must go through. Once inside, two factor authentication with biometrics must be completed to continue to move through each area of the building. Cameras and security staff are posted all around the building, inside and out, and full metal body scans must be completed when entering and exiting the building.
For your Azure platform, there is a joint responsibility and as such Microsoft provides the necessary tools to help secure your virtual infrastructure, with the primary being Microsoft Defender for Cloud.
Microsoft Defender for Cloud is designed to help you gain an understanding and improve the overall security posture of your environment.
The tool continuously scans every Azure resource you deploy to assess the resource configuration, identifying risks and providing security hardening recommendations such as the ones shown below.
You can drill down into each recommendation, which provides a detailed justification, a list of relevant resources associated, and the remediation steps. For many of the recommendations, the tool can automatically perform the remediation task for you.
The recommendations are organised into three colour coded categories, helping you identify the most severe and critical security issues in your environment.
There are some platform designs the tool cannot account for, so consideration needs to be made when following the recommendations to ensure they are appropriate for your individual needs.
These factors include the type of workload, are the resources being assessed running in a dev/test environment or are they running a mission critical workload, and whether there are any cost implications of configuring the recommended changes.
If implementation is not required, the recommendations can be overridden so you are no longer alerted about them.
Another important feature of Microsoft Defender for Cloud is the real time threat intelligence capability.
Microsoft’s dedicated Cyber Security teams, comprising of thousands of security experts located across 70 countries, leverage Artificial Intelligence (AI) to monitor billions of signals across the Azure ecosystem every day to identify vulnerabilities, detect threats, and prevent attacks. Microsoft Defender for Cloud taps into this telemetry to help protect your workloads and provide security alerts notifying you of any potential threats.
These alerts are arranged by severity, with the highest meaning there is a high probability your environment is compromised and must be investigated as a priority, and the lowest meaning there is potential suspicious activity.
Defender for Cloud Threat Intelligence also includes anomaly detection, which is specific to your deployment. Using machine learning, it creates a baseline of normal behavioral patterns in your environment, and any activity determined to be outside of these conditions will trigger a security alert.
Other features of Defender for Cloud include analysing your resources for compliance with industry and regulatory standards, such as ISO 27001, and Azure Firewall Manager to protect your infrastructure.
Ensuring your Azure platform is secure is a shared responsibility between Microsoft and you, with Microsoft giving you the necessary tools and information required to help achieve this.
To learn more, or if you would like assistance digesting and interpreting the information provided by Microsoft Defender for Cloud in your environment contact us (email@example.com) who will be happy to put you in touch with a member of the Cobweb Azure team.
Microsoft report: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWMFIi.