Security Center is in active development and receives daily improvements that help you strengthen your environment and your hybrid cloud posture while tracking compliance with the policies and standards.
The added enhancements are explained in details below.
- Azure Defender for SQL servers on machines: Azure Security Center offers two Azure Defender plans for SQL Servers to protect your databases and their data wherever they are located.
- Azure Defender for Azure SQL database servers – defends your Azure-native SQL Servers.
- Azure Defender for SQL servers on machines– extends the same protections to your SQL servers in hybrid, multi-cloud, and on-premises environments.
Azure Defender for SQL includes vulnerability assessment capabilities.
The vulnerability assessment tool includes the following advanced features:
- Baseline configuration to intelligently refine the results of vulnerability scans to those that might represent real security issues.
After you have established your baseline security state, the vulnerability assessment tool only reports deviations from that baseline state.
Results that match the baseline are considered as passing subsequent scans.
This lets you and your analysts focus your attention where it matters.
- Detailed benchmark information to help you understand the discovered findings, and why they
relate to your resources.
- Remediation scripts to help you mitigate identified risks.
- Two new Azure Defender plans have been newly added.
Microsoft Azure has added two new cloud-native breadth threat protection capabilities for your Azure environment. These new protections greatly enhance your resiliency against attacks from threat actors, and significantly increase the number of Azure resources protected by Azure Defender.
- Azure Defender for DNS – continuously monitors all DNS queries from your Azure resources.
- Azure Defender for Resource Manager – automatically monitors all resource management operations performed in your organization.
- Revitalized Security Center experience in Azure SQL Database & SQL Managed Instance
The Security Center experience within SQL provides access to the following Security Center and Azure Defender for SQL features:
- Security recommendations
Security Center periodically analyzes the security state of all connected Azure resources to identify potential security misconfigurations.
It then provides recommendations on how to remediate those vulnerabilities and improve organizations’ security posture.
- Security alerts
A detection service that continuously monitors Azure SQL activities for threats such as SQL injection, brute-force attacks, and privilege abuse.
This service triggers detailed and action-oriented security alerts in Security Center and provides options for continuing investigations with Azure Sentinel, Microsoft’s Azure-native SIEM solution.
A vulnerability assessment service that continuously monitors Azure SQL configurations and helps remediate vulnerabilities.
Assessment scans provide an overview of Azure SQL security states together with detailed security findings.
- Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool:
Azure Synapse Analytics is an analytics service that combines enterprise data warehousing and big data analytics.
Azure Defender for SQL protects your dedicated SQL pools with:
- Advanced threat protection to detect threats and attacks.
- Vulnerability assessment capabilities to identify and remediate security misconfigurations.
- Recommendations page has new filters for environment, severity, and available responses:
Azure Security Center monitors all connected resources and generates security recommendations. You can use these recommendations to strengthen your hybrid cloud posture and track compliance with the policies and standards relevant to your organization, industry, and country.
As Security Center continues to expand its coverage and features, the list of security recommendations is growing every month.
With the growing list, there is a need to be able to filter to the recommendations of greatest interest. You can now filter the list of security recommendations according to a range of criteria.
In the following example, the recommendations list has been filtered to show recommendations that:
- are generally available (that is, not preview)
- are for storage accounts.
- support quick fix remediation.
The filters that were recently added provide options to refine the recommendations list according to:
- Environment– View recommendations for your AWS, GCP, or Azure resources (or any combination)
- Severity– View recommendations according to the severity classification set by Security Center.
- Response actions– View recommendations according to the availability of Security Center response options: Quick fix, Deny, and Enforce.