Microsoft is strengthening its grip on the cloud with two major new announcements this week. The first is that the Azure Security Center is now generally available; and the second is that Azure Active Directory Identity Protection and Azure Active Directory Privileged Identity Management options will both be available within the next few months.
The Security Center was preview launched in December 2015 and has been used since then by companies such as Chronodrive, Jet.com and Metro Bank. Its overarching purpose is to provide the visibility and control that users need and sometimes lose when they move to the cloud.
“Azure Security Center provided customers more than 500,000 recommendations to improve the security health of their resources,” announced Sarah Fender, Azure Cybersecurity’s principal program manager in a blog post Thursday. “It used advanced analytics, including machine learning, and Microsoft’s vast global threat intelligence, to detect more than 140,000 threats per month – providing actionable alerts and dramatically reducing detection and response times.”
New features in Security Center include a connector to help customers export log data into SIEMs such as ArcSight, Qradar and Splunk; emailed security alerts; the ability to detect lateral movements and malicious scripts; the use of analytics to provide a single view on an attack campaign; REST API documentation to help the integration of users’ own security systems; and (shortly) vulnerability assessments from partners such as Qualys.
These new capabilities allow Microsoft to boast, “when your organization leverages the Microsoft Cloud, it can improve your security posture, versus what you are doing to protect your on-premises IT environment alone.” It claims that Azure is an holistic platform that can combine the customer’s own controls with both Microsoft’s own and those of its partners. And it adds, “Microsoft’s unique insights into the threat landscape, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response.”
This huge resource of threat information will be used in the upcoming release of Azure Active Directory (AD) Identity Protection. The system will detect suspicious activities like brute force attacks, leaked credentials and logins from unfamiliar locations and infected devices, and will aid the creation of risk-based policies to help protect identities from future threats.
A second new development, due to be available next month, will be the Azure Active Directory Privileged Identity Management option. Privileged accounts are a major weakness: they are literally the keys to the kingdom. If an attacker gets hold of an administrator’s account, there is little that he cannot do.
“More and more organizations are realizing that they have to strictly manage privileged accounts and monitor their activities because of the risk associated with their misuse. With Azure AD Privileged Identity Management you can manage, control, and monitor access to resources in Azure AD as well as other Microsoft online services like Office 365 or Microsoft Intune,” says Microsoft.
Both the AD Identity Protection and the AD PIM will be available by including them in the new Microsoft Enterprise Mobility + Security (EMS) E5 suite. Security Center is available now.
Related Reading: Enterprises Failing to Protect Privileged Credentials