Azure Security Center provides a unified view of security across Azure subscriptions. It enables customers to define security policies, gain visibility into their security state, and detect cyber attacks. The tool monitors resources for vulnerabilities, provides prioritized recommendations to remediate issues, and detects threats using advanced analytics. It also integrates partner security solutions for a comprehensive approach to security on Azure.

1. Azure Security Center
Daniel Alon, Principal Group Program Manager
Namgyal Dolker, Senior Program Manager

2. Sourc:e Gartner Reveals Top Predictions for IT Organizations and Users for 2016 and Beyond, October
2015, http://www.gartner.com/newsroom/id/3143718
“Through 2020, 95 percent of cloud
security failures will be the
customer's fault” – Gartner

3. Encryption
Secure Networking
Identity & Access
Partner Solutions
Azure Security Center
Security
Privacy and Control
Transparency
Compliance

4. Cloud Presents Unique Security Challenges
Cloud environments are more
dynamic: resources are being
spun up (and down) frequently,
it’s not just about VMs – there’s
also PaaS to consider
CIOs and CISOs lack visibility and
control: management is
increasingly distributed and
physical networks no longer define
the perimeter
Enterprises bring on-premises
security issues to the cloud:
disconnected point solutions,
noisy alerts, and advanced
threats

5. Azure Security Center Helps you Prevent,
Detect, and Respond to Threats
Enable security
at cloud speed
Gain visibility
and control
Detect cyber
attacks
Integrate partner
solutions

6. Provides a unified view of security across all your Azure subscriptions, including
vulnerabilities and threats detected
Enables you to define security policies for hardening cloud configurations
APIs, SIEM connector and Power BI dashboards make it easy to access, integrate, and
analyze security information using existing tools and processes
Gain visibility and control

7. Monitor the
security state of
resources –
quickly identify
vulnerabilities

8. Enable security at
cloud speed
Continuously assesses the security of your workloads even as they change
Creates policy-driven recommendations and guides users through the process
of remediating security vulnerabilities
Enables rapidly deployment of security services and appliances from Microsoft
and partners (firewalls, endpoint protection, and more)

9. Prioritized
recommendations
take the
guesswork out of
security for
resource owners

10. Integrate partner
solutions
Recommends and streamlines provisioning of partner solutions
Integrates signals for centralized alerting and advanced detection, including fusion
Leverages Azure Marketplace for commerce and billing
Closes security gaps created by disconnected point solutions

11. Analyzes security data from your Azure virtual machines, Azure services (like Azure
SQL databases), the network, and connected partner solutions
Leverages security intelligence and advanced analytics to detect threats more
quickly and reduce false positives
Creates prioritized security alerts and incidents that provide insight into the attack
and recommendations on how to remediate
Detect cyber attacks

14. Azure Security Center

15. Azure Security Center
Demo

16. 16
Azure log integration

17. Roadmap for Azure log
integration
Private Preview (Released
May 2016)
•Windows Events log
•Azure Management Plane Operations
Log
Public Preview (July 2016)
•ASC Alerts
•Supportability and HA, DR and
Reliability
Ignite Release - refresh
•Eventhub integration - Azure Keyvault
and NSG logs
•IBM DSM release
GA (Dec 2016)
•Linux Logs
•AAD logs(Authentication and Tenant
changes)

18. Azure Role Based Access Control
Assign roles to users and groups at
subscription, resource group, or resource
level
Assignments inherit down the hierarchy
Use built-in roles with pre-configured
permissions 20 built-in roles
AAD Privileged Identity Management
• Discover current admin permissions in
one view
• Set temporary authorization policies for
Azure AD management roles
• Global, billing, password, service, and
user administrators can use PIM
• Collect justification & work item
reference for every elevation/activation
Subscription
Reader ContributorOwner
Accomplished so far –AAD Security Roles
https://azure.microsoft.com/en-us/documentation/articles/active-directory-assign-admin-roles/
• Security reader
• Security administrator
Currently rationalizing the roles for Azure Security

19. Cost Comparison Azure AWS
Security Management (policy, recommendations, etc) Security Center (Free) Marketplace Partners ($10-$20/VM)
Vulnerability Assessment Security Center (Free) Inspector ($.03-$.05/Assessment)
Threat Detection & Investigation Security Center ($15/VM) Marketplace Partners ($10-$15/VM)
Total Cost $15 Per VM Per Month $25-$40 Per VM Per Month
Intelligence and Expertise
Shared insights from Microsoft products
and cloud services
Global threat intelligence from the
Digital Crimes Unit, Incident Response
Centers and third party feeds
World class security engineers with
unique expertise in cloud security
Integrated Approach
Central security management across
subscriptions, native to Azure
Seamless deployment and monitoring
of partner security solutions
APIs and SIEM connector for
integration with existing security tools
and processes
Speed, Scale, and Savings
Zero setup required
Scales seamlessly as new workloads and
subscriptions are added (vs security
monitoring appliances or SIEMs)
Significant time and cost savings versus
cobbling together solutions from
multiple providers

20. Roadmap
• Ongoing security research resulting in new and
refined detection algorithms
• Linux VM behavioral detections
• Geo expansion - Europe, Australia, and Azure
Government
• Additional dashboards and actionable security
incidents to simplify/expedite investigation and
remediation
• Additional integrated security partners along with
the ability to connect partner solutions previously
deployed
• Expanded baselines (VM, SQL, Web) and
application controls
• Parity across Windows and Linux VMs
• Expanded security roles
• Enterprise-wide security policies
• More granular policies, including custom baselines
Microsoft Confidential

22. Hybrid Cloud Workload Protection
Microsoft Operations Management SuiteAzure Security CenterOMS Security
Security for OMS Log Analytics
Threat detection using advanced analytics
Collection of security data from virtually any
source (Azure or AWS, Windows Server or Linux,
VMware or OpenStack)
Insight into security status (antimalware, system
updates)
Correlations to detect malicious activities and
search for rapid investigation
Integrates operational and security
management
Security for Azure
Threat detection using advanced analytics
Asset discovery and ongoing security assessment
(OS configurations, system updates, SQL Db
configurations, virtual network configurations)
Actionable security recommendations with easy
remediation
Security policy for IT governance
Integrated management and monitoring
of partner security solutions
&