Security Center is in active development and receives daily improvements that help you strengthen your environment and your hybrid cloud posture while tracking compliance with the policies and standards.
The added enhancements are explained in details below.
- Azure Defender for SQL servers on machines: Azure Security Center offers two Azure Defender plans for SQL Servers to protect your databases and their data wherever they are located.
- Azure Defender for Azure SQL database servers – defends your Azure-native SQL Servers.
- Azure Defender for SQL servers on machines– extends the same protections to your SQL servers in hybrid, multi-cloud, and on-premises environments.
Azure Defender for SQL includes vulnerability assessment capabilities.
The vulnerability assessment tool includes the following advanced features:
- Baseline configuration to intelligently refine the results of vulnerability scans to those that might represent real security issues.
After you have established your baseline security state, the vulnerability assessment tool only reports deviations from that baseline state.
Results that match the baseline are considered as passing subsequent scans.
This lets you and your analysts focus your attention where it matters.
- Detailed benchmark information to help you understand the discovered findings, and why they
relate to your resources.
- Remediation scripts to help you mitigate identified risks.
- Two new Azure Defender plans have been newly added.
Microsoft Azure has added two new cloud-native breadth threat protection capabilities for your Azure environment. These new protections greatly enhance your resiliency against attacks from threat actors, and significantly increase the number of Azure resources protected by Azure Defender.
- Azure Defender for DNS – continuously monitors all DNS queries from your Azure resources.
- Azure Defender for Resource Manager – automatically monitors all resource management operations performed in your organization.
- Revitalized Security Center experience in Azure SQL Database & SQL Managed Instance
The Security Center experience within SQL provides access to the following Security Center and Azure Defender for SQL features:
Security Center periodically analyzes the security state of all connected Azure resources to identify potential security misconfigurations.
It then provides recommendations on how to remediate those vulnerabilities and improve organizations’ security posture.
A detection service that continuously monitors Azure SQL activities for threats such as SQL injection, brute-force attacks, and privilege abuse.
This service triggers detailed and action-oriented security alerts in Security Center and provides options for continuing investigations with Azure Sentinel, Microsoft’s Azure-native SIEM solution.
A vulnerability assessment service that continuously monitors Azure SQL configurations and helps remediate vulnerabilities.
Assessment scans provide an overview of Azure SQL security states together with detailed security findings.
- Azure Defender for SQL support for Azure Synapse Analytics dedicated SQL pool:
Azure Synapse Analytics is an analytics service that combines enterprise data warehousing and big data analytics.
Azure Defender for SQL protects your dedicated SQL pools with:
- Advanced threat protection to detect threats and attacks.
- Vulnerability assessment capabilities to identify and remediate security misconfigurations.
- Recommendations page has new filters for environment, severity, and available responses:
Azure Security Center monitors all connected resources and generates security recommendations. You can use these recommendations to strengthen your hybrid cloud posture and track compliance with the policies and standards relevant to your organization, industry, and country.
As Security Center continues to expand its coverage and features, the list of security recommendations is growing every month.
With the growing list, there is a need to be able to filter to the recommendations of greatest interest. You can now filter the list of security recommendations according to a range of criteria.
In the following example, the recommendations list has been filtered to show recommendations that:
- are generally available (that is, not preview)
- are for storage accounts.
- support quick fix remediation.
The filters that were recently added provide options to refine the recommendations list according to:
- Environment– View recommendations for your AWS, GCP, or Azure resources (or any combination)
- Severity– View recommendations according to the severity classification set by Security Center.
- Response actions– View recommendations according to the availability of Security Center response options: Quick fix, Deny, and Enforce.
To help organizations protect all their assets against evolving digital security threats, Microsoft is unifying all Extended Detection and Response (XDR) technologies under the Microsoft Defender brand.
Microsoft Defender prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.
With Microsoft Defender, Microsoft is rebranding the existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.
Microsoft Defender is delivered in two tailored experiences:
Microsoft 365 Defender
- Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents.
- It uses artificial intelligence to reduce the SOC’s work items.
- Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.
The branding changes to unify the Microsoft 365 Defender technologies:
- Microsoft 365 Defender (previously Microsoft Threat Protection)
- Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
- Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
- Microsoft Defender for Identity (previously Azure Advanced Threat Protection)
New features available within Microsoft 365 Defender:
- Extending mobile threat defense capabilities in Microsoft Defender for Endpoint to iOS, Android and macOS.
- Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information.
Customers can customize prioritized account workflows to offer these users an added layer of protection.
Microsoft 365 Defender
Azure Defender delivers XDR capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more.
Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.
Microsoft has announced brand changes for these capabilities under Azure Defender as well:
- Azure Defender for Servers (previously Azure Security Center Standard Edition)
- Azure Defender for IoT (previously Azure Security Center for IoT)
- Azure Defender for SQL (previously Advanced Threat Protection for SQL)
New features now available within Azure Defender:
- To help defenders identify and mitigate unprotected resources, Microsoft is delivering a new unified experience for Azure Defender that makes it easy to see which resources are protected and which need further protection.
- Added protection for SQL servers on-premises and in multi-cloud environments as well as virtual machines in other clouds, and improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
- Support for operational technology networks with the integration of Cyber X into Azure Defender for IoT.
Azure adds new constrained vCPUs, capable virtual machines to reduce software licensing costs without impacting performance
Azure offers various VM sizes for which you can constrain the VM vCPU count to reduce the cost of software licensing, while maintaining the same memory, storage, and I/O bandwidth.
This may be crucial for some database workloads like SQL Server or Oracle that require high memory, storage, and I/O bandwidth, but not a high core count since many database workloads are not CPU-intensive.
So, by deploying the latest Azure Virtual Machines, you can further increase the efficiency of your cloud infrastructure.
The vCPU count can be constrained to one half or one quarter of the original VM size. These new VM sizes have a suffix that specifies the number of active vCPUs to make them easier for you to identify.
The Esv4, Edsv4, and Easv4 memory optimized Azure VM series now offer new constrained vCPU VM sizes.
For example, the current VM size ‘’E8s_v4’’ comes with 8 vCPUs, 64 GB RAM, 16 disks and 12,800 IOPs. The new VM sizes ‘’E8-4s_v4’’ and ‘’E8-2s_v4’’ comes with 4 and 2 active vCPUs respectively, while maintaining the rest of the specs of the ‘’E8s_v4’’ for memory, storage, and I/O bandwidth.
The licensing fees charged for SQL Server or Oracle are constrained to the new vCPU count, and other products should be charged based on the new vCPU count. This results in a 50% to 75% increase in the ratio of the VM specs to active (billable) vCPUs. These new VM sizes allow customer workloads to use the same memory, storage, and I/O bandwidth while optimizing their software licensing cost. Currently, the compute cost, which includes OS licensing, remains the same one as the original size.
Microsoft Azure is delivering a broad and extensive range of services, advancing organizations across a variety of areas from 60+ Azure Regions. These services are often considered as a go-to option for applications, running businesses and freeing up time and capabilities, enhancing work, and providing scalability.
There are benefits too with data residency provided from Azure UAE Regions, as data can be kept in the two UAE datacenter regions, in Dubai and Abu Dhabi.
From the day that Microsoft has announced global availability of Azure UAE Regions, Microsoft strived to make this more useful for customers and partners such as the recent availability of M and Mv2 Series Virtual Machines to provide SAP S4/HANA high performance, scalability and security along with the addition of new Azure Services to the UAE Regions recently.
Whatever your Application Modernization strategy, Azure is the platform that you need. You can now run App Services, Functions, Azure Red Hat OpenShift, Azure Files Premium tier and Azure DevTest Labs in UAE regions.
- Azure App Service: Azure App Service is a fully managed platform for building, deploying, and scaling web apps to enable productivity and innovation. App Service helps for building, deploying, and scaling web apps quickly and easily by supporting APIs .NET, .NET Core, Node.js, Java, Python or PHP, in containers or running on Windows or Linux.
- Azure Functions: Azure Functions allows developers to act by connecting to data sources or messaging solutions thus making it easy to process and react to events. Developers can leverage Azure Functions to build HTTP-based API endpoints accessible by a wide range of applications, mobile and IoT devices.
- Azure Red Hat OpenShift: Azure Red Hat OpenShift provides a flexible, self-service deployment of fully managed OpenShift clusters. You can maintain regulatory compliance and focus on your application development, while your master, infrastructure, and application nodes are patched, updated, and monitored by both Microsoft and Red Hat. You have the option to choose your own registry, networking, storage, or CI/CD solutions. Or you can get going immediately using built-in solutions with automated source code management, container and application builds, deployments, scaling, health management, and more.
- Azure Files Premium Tier: Azure Files premium tier storage offers high-performance, easily accessible file services, built on solid-state drives (SSD). Premium tier is optimized to deliver consistent performance for IO-intensive workloads that require high-throughput and low latency.
- Azure DevTest Labs: Azure DevTest Labs make it possible to quickly provision development and test environments, which minimizes waste with quotas and policies. The service allows automated shutdowns to be set to minimize costs. Additionally, Windows and Linux environments can be built.
Hybrid cloud is a term that describes when an organization uses the services of a public cloud provider which can be usually Microsoft Azure, IBM BlueMix… in addition to its private cloud. By having parallel cloud networks accessible through the same architecture, businesses have the ability to utilize the benefits of both, including faster data transfer and increased privacy.
Hybrid networks generally offer more flexibility, scalability and security over other types of hosting, whilst also being able to perform in ways that cloud and traditional hosting can’t.
Some major hybrid cloud advantages include:
- Increased data speeds – hybrid networks can be configured to push essential data through private servers instead of public ones, greatly improving load times and data transfer speeds.
- Improved security – Sensitive data can be secured on private servers with many layers of encryption that can only be accessed in house, whilst non-sensitive and publicly-accessible data and applications can be accessed through a public server.
- Decreased spending – Utilizing the public cloud for applications that don’t require security is likely to be more economical in the long run.
- Better cost visibility – Leveraging the power of a public cloud will showcase the exact amount of expenditures your are incurring making it easier to estimate your total cost and therefore estimating the right margin that is more likely to generate profit.
- Lowering downtime risk – Most of the time, having both private and public cloud at your disposal means your end customers don’t have to worry about downtime.
- Improving local network operations – Hybrid hosting also allows you the added advantage of being able to shift resource heavy processes through a separate private or public cloud network, greatly improving local network operations.