High-profile cyber-attacks have been making the news recently. Distributed Denial of Service (DDoS) attacks on business such as eBay and LinkedIn have caused service outages, and the devastating ransomware ‘WannaCry’, which ground the NHS to a halt almost overnight holding private files hostage.
These attacks have only highlighted the need for more robust protection on the internet; with new technologies such as the cloud, big data, and the Internet of Things (IoT) influencing businesses on a global scale, there is an ever-increasing need for businesses to invest in cybersecurity, in order to protect themselves from attacks.
The first step in protecting a business on the cloud is to correctly configure the cloud environment according to the cloud provider’s best practices - any configuration mishaps when configuring security for your cloud environment could leave you wide open to attackers, and not using well established practice such as multi factor authentication makes brute force attacks that much easier for hackers.
The second step would be, to continually update and monitor the security on your cloud environment. Having the latest security patches on virtual machines in the cloud, and ensuring that the systems that you are using meet the required security standards is an ongoing process.
Third; quick, remedial reaction when alerted to a security breach is vital, and knowing how to fix issues as they arise is very important.
Fortunately, Azure has its own security centre - a built-in tool that can help prevent, detect, and respond to threats quickly as soon as they arise.
This post will detail some of the features and benefits of using Azure Security Centre to secure your cloud based solution and protect it from threats.
The Azure Security Centre can be accessed through the main menu of the Azure Portal.
When you open the security centre dashboard, you are faced with the ‘Overview’, a summary of the status of your subscriptions, their level of protection, and any recommendations that the security centre might have, in order to tighten security in your cloud network.
Clicking the ‘Recommendations’ tile will list them in a new blade, and you can select each one to view more information about each recommendation and take steps to resolve any issues.
Some examples of recommendations in Azure:
For each recommendation, you are given a brief description, the scale of the recommendation, the severity of the issue, and information as to whether it has been resolved or not yet.
For example, it could be as simple as the fact that you have not installed the latest security patch on one of your virtual machines - this could leave you wide open to attacks from the outside, but Azure Security Centre recommendations can alert you to this gap in your security, and guide you through the process of installing the latest security update. This function allows you to correctly configure your cloud based network.
Follow this link to find out more.
Instantly on the Security Centre home page, the largest tiles in the centre of the screen are the ‘Security State’ icons - these give a brief summary of your entire cloud network, and the level of protection you have on each computing, virtual networks, storage, and your hosted applications. If you click on any one of these, you can get a more detailed breakdown for each section.
For example, clicking on the web applications tab might let you know that the security state of one of your virtual machines is critical - you do not have a firewall installed. There will be a description of the VM, and the security warning - combined with another blade appearing when you click on the fault in order to remedy the issue before it becomes a problem.
This allows you to continually monitor your cloud-based network.
Follow this link to find out more about managing security alerts in Azure
The security alerts tile will create alerts when threats are detected by software such as anti-malware programs and firewalls. Security alerts could be triggered for varying reasons, such as:
The Security Centre will prioritise security alerts, and give suggestions on how to react to them when you click on them.
For example, if some malware is detected on a VM, it may be that a high priority alert comes into the security centre. This alert will allow the system administrator to know that malware has somehow gotten into the system, but an automatic anti-malware software may have already neutralised the threat, meaning there is no need to find and remove it yourself, only to diagnose the root cause.
Data collected by the security centre will allow you to identify the weaker, or more frequently targeted points within your system - and allow you to take further preventative steps to safeguard your network.
The statistics collected can provide an overview of any potential flaws in your cloud network, and allow you to prioritise based on what is important to you.
If you’d like to know more about the Azure Security centre, and how it is continually improving,
follow this link to see the Azure Security Blog.
Microsoft Azure boasts more security endorsements than any other cloud provider, gaining the trust of multiple security organisations, and allowing you to place your trust in them.