Azure Security Center Generally Available, Promises Real-Time Threat Response

By: Dann Anthony Maurno

Cyber attackers are a clever lot, says Microsoft on its Azure Blog. Author Sarah Fender described that on average, it takes more than 200 days for an organization to detect a breach, with the average cost of a breach reaching into the millions. In essence, the malefactor has enjoyed seven months of free rein in your system. Why can’t they be caught coming in the window?

That’s the idea of Azure Security Center, which reached general availability yesterday (July 22, 2016). Microsoft CEO Satya Nadella announced the Center in November last year in a kind of stump speech about Microsoft’s “Operational Security Posture.” Microsoft described the aims of Azure Security Center as real-time threat detection and response – when the threat is at the window, not ensconced in your network for months.

During its intensive seven-month preview, Azure Security Center “helped customers such as Chronodrive, and Metro Bank gain visibility into the security state of their Azure resources, let them take control of cloud security policies, and monitored security configurations while helping them detect and respond to active attacks,” Fender claims.

In that time, Microsoft’s global threat intelligence detected more than 140,000 threats per month, all while providing 500,000 recommendations to customers to improve the security of their resources, says the company. Azure Security Center used Microsoft’s own advanced analytics tools, including machine learning, to provide actionable alerts and “dramatically [reduce] detection and response times.”

Azure Security Center is designed for easy deployment and configuration, and includes an in-line engine to identify add-ons where specific security controls are needed. Solutions are available from, amog others, Barracuda, Check Point, F5, Fortinet, Imperva, and Trend Micro, with Cisco and Qualys ready to join the mix in the coming weeks.

User and partner feedback was considerable during the preview, so the general release includes numerous new features, among them:

A log integration connector for Azure that streamlines the process of getting security data (e.g., including Azure Security Center alerts), into security information and event management solutions like HP ArcSight, IBM Qradar and Splunk.

Support for more Azure resource types, enabling Security Center to monitor the security of RedHat and more Linux.

Email notifications when a new high-severity security alert is detected.

New detections, with improved ability to detect lateral movement, outgoing attacks, and malicious scripts.

Security incidents – analytics that “connect the dots” between distinct security alerts. Security Center provides a single view of an attack campaign (see graphic for the level of detail available).

Integrated vulnerability assessment from partners like Qualys.