Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Officially Launches Azure Security Center

Microsoft is strengthening its grip on the cloud with two major new announcements this week. The first is that the Azure Security Center is now generally available; and the second is that Azure Active Directory Identity Protection and Azure Active Directory Privileged Identity Management options will both be available within the next few months.

Microsoft is strengthening its grip on the cloud with two major new announcements this week. The first is that the Azure Security Center is now generally available; and the second is that Azure Active Directory Identity Protection and Azure Active Directory Privileged Identity Management options will both be available within the next few months.

The Security Center was preview launched in December 2015 and has been used since then by companies such as Chronodrive, Jet.com and Metro Bank. Its overarching purpose is to provide the visibility and control that users need and sometimes lose when they move to the cloud.

Microsoft Logo

“Azure Security Center provided customers more than 500,000 recommendations to improve the security health of their resources,” announced Sarah Fender, Azure Cybersecurity’s principal program manager in a blog post Thursday. “It used advanced analytics, including machine learning, and Microsoft’s vast global threat intelligence, to detect more than 140,000 threats per month – providing actionable alerts and dramatically reducing detection and response times.”

New features in Security Center include a connector to help customers export log data into SIEMs such as ArcSight, Qradar and Splunk; emailed security alerts; the ability to detect lateral movements and malicious scripts; the use of analytics to provide a single view on an attack campaign; REST API documentation to help the integration of users’ own security systems; and (shortly) vulnerability assessments from partners such as Qualys.

These new capabilities allow Microsoft to boast, “when your organization leverages the Microsoft Cloud, it can improve your security posture, versus what you are doing to protect your on-premises IT environment alone.” It claims that Azure is an holistic platform that can combine the customer’s own controls with both Microsoft’s own and those of its partners. And it adds, “Microsoft’s unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response.”

This huge resource of threat information will be used in the upcoming release of Azure Active Directory (AD) Identity Protection. The system will detect suspicious activities like brute force attacks, leaked credentials and logins from unfamiliar locations and infected devices, and will aid the creation of risk-based policies to help protect identities from future threats.

A second new development, due to be available next month, will be the Azure Active Directory Privileged Identity Management option. Privileged accounts are a major weakness: they are literally the keys to the kingdom. If an attacker gets hold of an administrator’s account, there is little that he cannot do.

“More and more organizations are realizing that they have to strictly manage privileged accounts and monitor their activities because of the risk associated with their misuse. With Azure AD Privileged Identity Management you can manage, control, and monitor access to resources in Azure AD as well as other Microsoft online services like Office 365 or Microsoft Intune,” says Microsoft.

Both the AD Identity Protection and the AD PIM will be available by including them in the new Microsoft Enterprise Mobility + Security (EMS) E5 suite. Security Center is available now.

Related Reading: Enterprises Failing to Protect Privileged Credentials

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...