Azure Security Center that was launched in December 2015
, offering security monitoring and management for cloud resources, earlier for public preview, is now generally available
. During its preview period, Azure Security Center had sent more than 500,000 recommendations to its customers in order to improve the security health of its resources. It used advanced analytics, including machine learning, and Microsoft’s global threat intelligence, to detect more than 140,000 threats per month, providing actionable alerts and dramatically reducing detection and response times.
Microsoft claims that, Azure Security Center provides additional security that is simple to find, arrange and organize controls that are build into Azure as well as solutions from partners. Microsoft has many partners for its Azure Security Center ranging from Barracuda, Check Point, F5, Fortinet, Imperva, and Trend Micro, and aims to welcome Cisco and Qualys in the coming weeks.
from Microsoft states that, “No other public cloud offers the continuous monitoring provided by Azure Security Center. And no other vendor can match the breadth and diversity of threat intelligence that Microsoft can gather from its wide range of enterprise and consumer products and services.”
New features of Azure Security Center:
- Log integration: A new connector for Azure claims to streamline the process of getting security data, including Azure Security Center alerts, into security information and event management solutions, such as HP ArcSight, IBM Qradar, Splunk, and others.
- Support for more Azure resource types: Security Center states to extensively monitor the security of RedHat and many more Linux Distros, including system update status, OS configurations, and disk encryption. It can also monitor security health for Cloud Services (Web and Worker Roles) and recommend outdated OS instances be updated.
- Email notifications: That allows to respond to threats more quickly with email notification when a new high severity security alert is detected.
New detections: Security Center also claims to have improved ability to detect lateral movement, outgoing attacks, and malicious scripts, and researchers are constantly adding new capabilities.
- Security incidents: By using analytics to connect the dots between distinct security alerts, Security Center can now provide a single view of an attack campaign and all of the related alerts so user can quickly understand what actions the attacker took and what resources were impacted.
REST APIs: For customers who want to integrate with their existing change management or security operations systems, it has published REST API documentation.