News

Microsoft Launches Azure Security Center

• By Kurt Mackie
• July 21, 2016

Microsoft's Azure Security Center, designed to protect virtual machines and other elements that a tenant may use when tapping Azure datacenter infrastructure, reached general availability on Thursday.

Azure Security Center is a security monitoring service that shows up as an option in the Azure portal. The product previously was released at the preview stage back in December, but it's notable for using the so-called "operational security graph" machine learning technology that was highlighted last year by CEO Satya Nadella.

The security graph essentially is signals data that gets collated at Microsoft's Cyber Defense Operations Center in Redmond, Wash. Azure Security Center users get threat assessments in a dashboard view, based on that data. They may also get remediation advice to address the detected threats, as illustrated in this Microsoft video.

During the preview period, Microsoft dispensed "more than 500,000 recommendations to improve the security health" of Azure tenants, according to its announcement. The system detected more than "140,000 threats per month," Microsoft claimed.

Microsoft's threat information can be imported into a Power BI dashboard, Azure audit logs or other software programs, such as security information and event management (SIEM) solutions, according to Microsoft's video. REST-based APIs are available for integration purposes.

Azure Security Center also provides hooks for Microsoft's security solutions providers. Partners engaged in building so-called "next-generation firewalls" for the Azure Security Center include Cisco, Check Point and Fortinet, according to Microsoft. There's also Web application firewall support from Barracuda, F5, Imperva and Trend Micro.

Microsoft added new features to Azure Security Center along the way. It streamlined getting security information into SIEM solutions from "HP, ArcSight, IBM, Qradar, Splunk, and others." Linux distro monitoring now is more extensive. Users will get e-mail notifications for high-severity security alerts with the new product. The dashboard view was improved to show "a single view of an attack campaign."

Microsoft also is promising that vulnerability assessment solutions from Qualys and other vendors will be available for integration in the Azure Security Center "in the coming weeks."

Microsoft offers a "free" 90-day trial to test Azure Security Center, but you don't get to see the advanced threat detection information during the trial, and users have to pay for the data storage costs, so it's not exactly free. The Standard offering of Azure Security Center costs $15 per node per month, with storage of 500 MB per day included in that cost. A "node," according to Microsoft's pricing page, is a virtual machine in an Azure tenant, but other elements, such "Azure Cloud Services or SQL databases," could get counted as nodes, the pricing page warned.

Lots of Azure Security Center documentation resources are currently available. A quick guide to them can be found in this Microsoft blog post.