Azure Security Center, Microsoft’s cloud security platform for Azure customer deployments, can now sniff out more threats, according to Sarah Fender, principal program manager of Microsoft Azure Cybersecurity.
The company has updated its threat-detection algorithms to single out virtual machines that may be running undesirable code. “After years of examining crash dumps that customers sent to Microsoft from more than 1 billion PCs worldwide, we are able to analyze these events to detect when a crash is the result of a failed exploitation attempt or brittle malware,” said Fender in a Feb. 25 announcement. “Azure Security Center automatically collects crash events from Azure virtual machines, analyzes the data, and alerts you when a VM is likely compromised.”
Azure Security Center will issue new alerts when it scours local security events logs and detects suspicious processes on virtual machines. It also alerts administrators to hacking attempts.
“SSH [Secure Shell] brute-force attacks are now being detected for Linux virtual machines,” stated Fender. “Much like the existing RDP [Remote Desktop Protocol] brute-force detections for Windows VMs, Azure Security Center is using Machine Learning to understand typical network traffic patterns and more effectively distinguish between legitimate remote connection attempts and those being executed by attackers.”
Microsoft also expanded the service’s management and monitoring capabilities, starting with a new policy-configuration option.
“Starting next week, in addition to configuring a Security Policy at the subscription level, you can also configure a Security Policy for a Resource Group—enabling you to tailor the policy based on the security needs of a specific workload. Azure Security Center continually monitors your resources according to the policy you set, and alerts you if a configuration drifts or appropriate controls are not in place,” stated Fender.
Power BI, the company’s cloud-based business analytics software offering, is also lending a hand.
A new, mobile-enabled Power BI allows users to visualize and filter security alerts on practically any device. “Use the Power BI dashboard to reveal trends and attack patterns—view security alerts by resource or source IP address and unaddressed security risks by resource or age,” recommended Fender.
“You can mash up Security Center recommendations and security alerts with other data in interesting ways, for example, with Azure Audit Logs and Azure SQL Database Auditing, which both offer Power BI Dashboards,” she continued. Users can also export their security data to Excel for more reporting options.
Finally, Microsoft is adding a new next-generation firewalls category to its marketplace of Azure- compatible cloud security offerings. “This extends network protections beyond Network Security Groups, which are built-in to Azure,” Fender said. “Security Center will discover deployments for which a next-generation firewall is recommended, and enable you to provision a virtual appliance from leading vendors, including Check Point and, soon after, Cisco and Fortinet, in just a few clicks.” The new firewall options are set to appear in the coming weeks, she added.