Cyber-attacks have been making the news recently. Distributed Denial of Service (DDoS) attacks on business such as LinkedIn and eBay have caused service outages, and the devastating ransomware ‘WannaCry’, which ground the NHS to a halt almost overnight holding private files as a hostage.
Such attacks have only highlighted the need for more robust protection on the internet; with new technologies such as the cloud, big data, and the Internet of Things (IoT) influencing businesses on a global scale, there is an ever-increasing need for businesses to invest in cybersecurity, in order to protect themselves from Cyber attacks.
The first step towards protecting a business on the cloud is to correctly configure the cloud environment according to the cloud provider’s best practices – any configuration mishaps when configuring security for your cloud environment could leave you wide open to attackers, and not using well-established practice such as multi-factor authentication makes brute force attacks that much easier for hackers to gain access.
The second step would be, to constantly update and monitor the security on your cloud farm. Having the latest security patches on virtual machines in the cloud farm and protect that the systems that you are using meet the required security standards is an ongoing process.
The Third step is a quick, remedial reaction when alerted to a security breach is vital, and knowing how to fix issues as they arise is very important.
Well, Azure has its own security centre – a built-in tool that can help prevent, detect, and respond to threats quickly as soon as they appear.
Will show some of the features and benefits of using Azure Security Centre to secure your cloud-based solution and protect it from threats.
The Azure Security Centre (ASC) can be accessed through the main menu of Azure Portal.
When you open the security centre dashboard, you are allowed with the ‘Overview’, a summary with the status of your subscriptions, their level of protection, and any suggestion that the security centre might have, in order to harden security in your cloud network.
By Clicking the ‘Recommendations’ tile will list them in a new window, and you can select each one to view more information about each recommendation and take steps to resolve any issues.
Some examples for recommendations in Microsoft Azure:
- Design network security groups and rules controlling Azure traffic.
- Addressing operating system configurations that do not meet the recommended baseline.
- Provisioning web application firewalls to defend against attacks on your web applications.
For each recommendation, you are given a brief description, the scale of the recommendation, the severity of the issue, and information as to whether it has been resolved or not yet.
Such as, it could be as simple as the fact that you have not installed the latest security patch on one of your virtual machines – this could leave you wide open to attacks from the outside, but Azure Security Centre (ASC) recommendations can alert you to this gap in your security, and guide you through the process of installing the latest security patch. Such activity allows you to correctly configure your cloud-based network.
On the Security Centre home page, the largest tiles in the centre of the screen are the ‘Security State’ icons – these give a brief summary of your entire cloud network, and the level of protection you have on every computing, virtual networks, storage, and your hosted applications. If you click on any one of these, you can get a more detailed breakdown for each section.
Such as, clicking on the web applications tab might let you know that the security state of one of your virtual machines is critical – you do not have a firewall installed. There will be information on each VM, and the security warning – combined with another blade appearing when you click on the fault in order to remedy the issue before it becomes a problem.
The security alerts window will create alerts when threats are detected by software such as anti-malware programs and firewalls. Security alerts could be triggered for varying reasons, such as:
- Compromised VM’s communicating with known malicious IP addresses.
- Advanced malware detected by using Windows error reporting.
- Brute force attacks against VM’s.
- Security alerts from integrated anti-malware programs and firewalls.
The Security Centre will process security alerts, and give recommendation on how to react to them when you click on them.
Such as, a malware is detected on a VM, it may be that a high priority alert comes into the security centre. This alert will allow the system administrator to know that malware has somehow gotten into the system, but an automatic anti-malware software may have already neutralised the threat, meaning there is no need to find and remove it yourself, only to diagnose the root cause.
Data collected by the security centre will allow you to identify the weaker, or more frequently targeted points within your system – and allow you to take further preventative steps to safeguard your network.
The statistics collected can provide an overview of any potential flaws in your cloud network, and allow you to prioritise based on what is important to you.
If you’d like to know more about the Azure Security centre, and how it is continually improving