What is Azure Security Center?
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on-premises.
Azure Security Center Provide:-
· Manage organization security policy and compliance
· Continuous assessments
· Network map
· Optimize and improve security by configuring recommended controls
· Protect against threats
· Integration with Microsoft Defender for Endpoint
Evaluate Vulnerability Scans & Remediations
Recommendations give you suggestions on how to better secure your resources. You implement a recommendation by following the remediation steps provided in the recommendation.
First, we will go to Azure Security Center> Recommendation and will choose the recommendation we willing to remediate first.
Now we can simply follow the remediation process.
Configure Just in Time VM Access
As with all cybersecurity prevention techniques, your goal should be to reduce the attack surface. In this case, that means having fewer open ports, especially management ports.
Your legitimate users also use these ports, so it's not practical to keep them closed.
To solve this dilemma, Azure Security Center offers JIT. With JIT, you can lock down the inbound traffic to your VMs, reducing exposure to attacks while providing easy access to connect to VMs when needed.
Open the Azure Defender dashboard and from the advanced protection area, select Just-in-time VM access.
The Just-in-time VM access page opens with your VMs grouped into the following tabs:
Configured - VMs that have been already been configured to support just-in-time VM access. For each VM, the configured tab shows:
the number of approved JIT requests in the last seven days
the last access date and time
the connection details configured
the last user
Not configured - VMs without JIT enabled, but that can support JIT. We recommend that you enable JIT for these VMs.
Unsupported - VMs without JIT enabled and which don't support the feature.
Configure Centralized Policy Management
Security Center uses Azure role-based access control (Azure RBAC), which provides built-in roles you can assign to Azure users, groups, and services. When users open Security Center, they see only information related to the resources they can access. Which means users are assigned the role of owner, contributor, or reader to the resource's subscription. There are also two specific Security Center roles:
Security reader: Has rights to view Security Center items such as recommendations, alerts, policy, and health. Can't make changes.
Security admin: Has the same view rights as security reader. Can also update the security policy and dismiss alerts.
Adaptive Network Hardening
Adaptive network hardening provides recommendations to further harden the NSG rules. It uses a machine-learning algorithm that factors actual traffic, known trusted configuration, threat intelligence, and other indicators of compromise, and then provides recommendations to allow traffic only from specific IP/port tuples.
Top comments (0)