Azure Security Center
Azure Security Center is Microsoft’s Cloud Security Posture Management (CSPM) tool; it provides security policy and compliance management, actionable security hardening tasks, and secure scores.
A security posture is an organization’s threat protection and response capabilities; this ensures that an organization has the ability for its systems, data, and identities to be recoverable and operational should an attack be successful. Adopting the Azure Security Center best practices and recommendations can help increase an organization’s security posture and secure score.
A security posture’s goal should be to reduce the exposure to threats, shrinking attack-surface areas and vectors while building resilience to attacks, gaining intelligence, and learning from each attack, as they cannot be prevented or eliminated. It is critical to understand that an attacker only has to be successful once, while you must protect everything, all the time.
Azure Security Center has more value to an organization than just providing recommendations and best practices; it is hybrid by design and supports an organization adopting a Zero Trust strategy and a DoD approach to protecting resources.
This is all provided from a single place for actionable insights and reports of non-conformity against any required security controls, policies, or mandated regulatory compliance standards.
The Secure Score feature in Azure Security Center measures an organization’s security posture; it is based on security recommendations and controls, whereby your score is determined by the number of security recommendations and controls you meet.
The secure score will provide you information on your current score, the maximum score available, and the potential increase by implementing the recommendations provided, as well as finding gaps for improving your score and comparing with industry standards and regulatory compliance that you may wish to conform to, such as the International Organization for Standardization (ISO) 27001 or the Payment Card Industry (PCI); these reports can also be exported.
The continuous assessments, security recommendations, and secure score are part of the Free-tier capabilities enabled by default within Azure Security Center.
Azure Security Center can also be integrated with Azure Sentinel and Azure Defender; this allows an organization to follow a layered approach to security using independent tools, seamless integration, and the ability to share threat intelligence and resources’ signal data. You will require Azure Defender to be enabled, which has cost implications outside of the Azure Security Center service. The following diagram aims to visualize this approach:
Figure 7.13 – Security center positioning
Azure Security Center can be considered the foundational or base layer in this integrated security framework, which can then feed into and enrich other security services such as Azure Sentinel and be fed and enriched by integrations from other security services such as Azure Defender, which provides a security information continuum.
Azure Security Center can operate as a Free pricing tier option; this is also known as Azure Defender Off mode. Additional capabilities are also available as part of Azure Defender integration but are not included in the free-of-charge tier; this is also known as Azure Defender On mode. As mentioned, this will have cost implications.
Only available in Azure Defender-enabled mode are security alerts generated for resources; these are triggered through advanced threat detections on your resources. Rather than view individual alerts, Azure Security Center uses a smart-alert correlation of the different alerts and creates security incidents, a collection of related alerts; this gives a single unified view of an attack chain.
The Azure Security Center dashboard, as well as displaying alerts and policy and compliance status, also has a section named Resource security hygiene; this provides a dashboard view of the security recommendations for all resources, showing those resources with the highest occurrence of recommendations and the highest-impact recommendations.
This section looked at adopting Azure Security Center to improve an organization’s security posture. The following section looks at some further solutions that, while not part of the exam objectives, have been included with brief coverage as they should be considered required knowledge for a day-to-day Azure role.