This is an exciting week for us at Microsoft. At RSA Conference 2019, we are announcing new and exciting capabilities in Azure and Microsoft 365. With this blog post, we wanted to share with you what we have been working on for Azure Security Center. Azure Security Center now leverages machine learning to reduce the attack surface of internet facing virtual machines. Its adaptive application controls have been extended to Linux and on-premises servers, and extends the network map support to peered virtual network (VNet) configurations.
Leveraging machine learning to reduce attack surface
One of the biggest attack surfaces for workloads running in the public cloud are connections to and from the public Internet. Our customers find it hard to know which Network Security Group (NSG) rules should be in place to make sure that Azure workloads are only available to required source ranges. Security Center can now learn the network traffic and connectivity patterns of your Azure workload and provide you with NSG rule recommendations for your internet facing virtual machines. This helps you better configure your network access policies and limit your exposure to attacks.
Azure Security Center uses machine learning to fully automate this process, including an automated enforcement mechanism, enabling its customers to better protect their internet facing virtual machines with only a few clicks. These recommendations also use Microsoft’s extensive threat intelligence reports to make sure that known bad actors are blocked.
Extending adaptive application controls
Adaptive application control is an intelligent, automated end-to-end application whitelisting solution from Azure Security Center. It helps you control which applications can run on your VMs located in Azure, which, among other benefits, helps harden your VMs against malware. Security Center uses machine learning to analyze the applications running on your VMs and helps you apply the specific whitelisting rules using this intelligence.
We are extending adaptive application controls in Azure Security Center to include Linux VMs and servers/VMs external to Azure (Windows and Linux) in audit mode. This means that Azure Security Center will identify applications running on your servers which are not in compliance with the Azure Security Center generated whitelisting rules and will audit those violations. This will enable you to detect threats that might otherwise be missed by antimalware solutions; to comply with your organization's security policy that dictates the use of only licensed software and to audit unwanted software that is being used in your environment.
Network map support for VNet peering
Azure Security Center’s network map has added support for virtual network peering, a configuration in which traffic flows between Azure Virtual Networks through the Microsoft backbone, as if they were virtual machines in the same virtual network, through private IP addresses only. The support includes displaying allowed traffic flows between peered VNets and peering related information on Security Center’s network map.
With these additions, Azure Security Center strengthens its role as the unified security management and advanced threat protection solution for your hybrid cloud workloads. We encourage you to take advantage of these new capabilities for all your Internet-exposed Azure resources. If you have not started using Azure Security Center in your Azure subscription, get started today.