Microsoft Azure Security Center News

Feb 11, 2021

Security Center is in active development and receives daily improvements that help you strengthen your environment and your hybrid cloud posture while tracking compliance with the policies and standards.

The added enhancements are explained in details below.

  • Azure Defender for SQL servers on machines: Azure Security Center offers two Azure Defender plans for SQL Servers to protect your databases and their data wherever they are located.
  • Azure Defender for Azure SQL database servers – defends your Azure-native SQL Servers.
  • Azure Defender for SQL servers on machines– extends the same protections to your SQL servers in hybrid, multi-cloud, and on-premises environments.

Azure Defender for SQL includes vulnerability assessment capabilities.

The vulnerability assessment tool includes the following advanced features:

  • Baseline configuration to intelligently refine the results of vulnerability scans to those that might represent real security issues.

After you have established your baseline security state, the vulnerability assessment tool only reports deviations from that baseline state.

Results that match the baseline are considered as passing subsequent scans.

This lets you and your analysts focus your attention where it matters.

  • Detailed benchmark information to help you understand the discovered findings, and why they

      relate to your resources.

  • Remediation scripts to help you mitigate identified risks.
  • Two new Azure Defender plans have been newly added.

Microsoft Azure has added two new cloud-native breadth threat protection capabilities for your Azure environment. These new protections greatly enhance your resiliency against attacks from threat actors, and significantly increase the number of Azure resources protected by Azure Defender.

  • Azure Defender for DNS – continuously monitors all DNS queries from your Azure resources.
  • Azure Defender for Resource Manager – automatically monitors all resource management operations performed in your organization.
  • Revitalized Security Center experience in Azure SQL Database & SQL Managed Instance

The Security Center experience within SQL provides access to the following Security Center and Azure Defender for SQL features:

  • Security recommendations

Security Center periodically analyzes the security state of all connected Azure resources to identify potential security misconfigurations.

It then provides recommendations on how to remediate those vulnerabilities and improve organizations’ security posture.

  • Security alerts

A detection service that continuously monitors Azure SQL activities for threats such as SQL injection, brute-force attacks, and privilege abuse.

This service triggers detailed and action-oriented security alerts in Security Center and provides options for continuing investigations with Azure Sentinel, Microsoft’s Azure-native SIEM solution.

  • Findings

A vulnerability assessment service that continuously monitors Azure SQL configurations and helps remediate vulnerabilities.

Assessment scans provide an overview of Azure SQL security states together with detailed security findings.

 

  • Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool:

Azure Synapse Analytics is an analytics service that combines enterprise data warehousing and big data analytics.

Azure Defender for SQL protects your dedicated SQL pools with:

  • Advanced threat protection to detect threats and attacks.
  • Vulnerability assessment capabilities to identify and remediate security misconfigurations.

 

  • Recommendations page has new filters for environment, severity, and available responses:

Azure Security Center monitors all connected resources and generates security recommendations. You can use these recommendations to strengthen your hybrid cloud posture and track compliance with the policies and standards relevant to your organization, industry, and country.

As Security Center continues to expand its coverage and features, the list of security recommendations is growing every month.

With the growing list, there is a need to be able to filter to the recommendations of greatest interest. You can now filter the list of security recommendations according to a range of criteria.

In the following example, the recommendations list has been filtered to show recommendations that:

  • are generally available (that is, not preview)
  • are for storage accounts.
  • support quick fix remediation.

The filters that were recently added provide options to refine the recommendations list according to:

  • Environment– View recommendations for your AWS, GCP, or Azure resources (or any combination)
  • Severity– View recommendations according to the severity classification set by Security Center.
  • Response actions– View recommendations according to the availability of Security Center response options: Quick fix, Deny, and Enforce. 

Here’s what you need to know about Microsoft security Updates

Dec 2, 2020

To help organizations protect all their assets against evolving digital security threats, Microsoft is unifying all Extended Detection and Response (XDR) technologies under the Microsoft Defender brand.

Microsoft Defender prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

With Microsoft Defender, Microsoft is rebranding the existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.

Microsoft Defender is delivered in two tailored experiences:

Microsoft 365 Defender

  • Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents.
  • It uses artificial intelligence to reduce the SOC’s work items.
  • Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.

The branding changes to unify the Microsoft 365 Defender technologies:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

New features available within Microsoft 365 Defender:

  • Extending mobile threat defense capabilities in Microsoft Defender for Endpoint to iOS, Android and macOS.
  • Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information.

Customers can customize prioritized account workflows to offer these users an added layer of protection.

Microsoft 365 Defender

Azure Defender

Azure Defender delivers XDR capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more.

Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.

Microsoft has announced brand changes for these capabilities under Azure Defender as well:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

New features now available within Azure Defender:

  • To help defenders identify and mitigate unprotected resources, Microsoft is delivering a new unified experience for Azure Defender that makes it easy to see which resources are protected and which need further protection.
  • Added protection for SQL servers on-premises and in multi-cloud environments as well as virtual machines in other clouds, and improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
  • Support for operational technology networks with the integration of Cyber X into Azure Defender for IoT.