Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Microsoft Releases Azure Security Benchmark

Microsoft this week announced the availability of Azure Security Benchmark v1 (ASB), a collection of more than 90 security best practices recommendations for Azure customers.

Microsoft this week announced the availability of Azure Security Benchmark v1 (ASB), a collection of more than 90 security best practices recommendations for Azure customers.

ASB, Microsoft says, was designed to improve the consistency of security documentation for Azure services by creating a framework containing all recommendations for Azure services, in the same format.

ASB is meant to help organizations increase the overall security and compliance of their workloads in Azure, and includes 11 security controls inspired by, and mapped to, the Center for Internet Security (CIS) 7.1 control framework.

Not only are the ASB controls built on industry standards and best practices, but Microsoft also aims to add mappings to other frameworks, such as the NIST Cybersecurity Framework.

According to Microsoft, ASB preserves the value of industry standard control frameworks that are focused on on-premises and brings them to the cloud.

“This enables you to apply standard security control frameworks to your Azure deployments and extend security governance practices to the cloud,” the company says.

The controls included in ASB target network security, logging and monitoring, identity and access control, data protection, vulnerability management, inventory and asset management, secure configurations, malware defense, data recovery, incident response, and penetration tests and red team exercises.

The documentation associated with each control provides mappings to industry standard benchmarks, details and rationale for the recommendations, and links to configuration information.

The full set of controls, as well as the included recommendations, are available on Microsoft’s Azure Security Benchmark website.

The tech company also integrated ASB with Azure Security Center, to enable customers to track, report, and assess their compliance against the benchmark, directly from the Security Center compliance dashboard. ASB also has an impact on the Secure Score in Azure Security Center for subscriptions.

“ASB is the foundation for future Azure service security baselines, which will provide a view of benchmark recommendations that are contextualized for each Azure service. This will make it easier for you to implement the ASB for the Azure services that you’re actually using,” Microsoft says.

Related: NIST Releases Framework for Privacy Risk Management

Related: NIST and Microsoft Partner to Improve Enterprise Patching Strategies

Related: Microsoft Announces New Security Capabilities Across Platforms

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.