Saturday, August 18, 2018

CIS 3.1 in Azure - Azure Security Center

Continuing on with discussing the CIS Controls on Azure, the goal of this post is to talk about CIS Control 3, and specifically 3.1: Run Automated Vulnerability Scanning Tools.  On-premises, this control focuses on using tools to scan networks and systems for known vulnerabilities.  In some cases, this can include both internal and external scans, depending on your policy.

Applying this to Azure is a bit tricky.  When you think about the shared responsibility model, vulnerabilities in the underlying services that you use are technically the responsibility of the provider.  Services that you create (and place on top of) Azure resources fall under your responsibilities.

So, if I had to translate CIS 3.1, I would say that vulnerability scanning is essentially ensuring that the services you have provisioned are secured by default (ie: you have used the correct configuration) and that the configuration of those services meets your corporate policies.  There are a couple of tools in the Azure toolbox that you can use to satisfy this requirement, and today we are going to talk about Azure Security Center.

Azure security center comes in a couple of different service levels, but even in the first level, you get access to a rich dashboard and the ability to apply policy/audit to your resources (in a generic way).  Here is what my dashboard looks like currently (in my test subscription).



Oh my! I've got a lot of work to do here.  Here is a look at the current recommendations for my subscription.



Azure Security Center has a rich feature set that is only growing.  You can look at a list of the policy definitions here.  I would say that implementing Azure Security Center and working through the remediation/policy items in a timely fashion (as per your patch management policy) would suffice to meeting CIS 3.1.  It is constantly being updated by Microsoft to reference best practices for the Azure platform, and provides continuous scanning against deployed resources.

1 comment:

  1. Azure Security Center (ASC) is a unified security management system provided by Microsoft Azure that helps organizations prevent, detect, and respond to security threats across Azure and hybrid cloud environments. It provides advanced threat protection across workloads, identifies vulnerabilities, and provides actionable insights to strengthen the security posture of Azure resources. Here’s an overview of key features and capabilities of Azure Security Center:

    Cloud Security Projects For Final Year


    Key Features of Azure Security Center:
    Security Policy Management:

    Define and enforce security policies across Azure subscriptions and resource groups.
    Customize security policies based on regulatory requirements and organizational standards.
    Security Recommendations:

    Provides actionable security recommendations to improve the security posture of Azure resources.
    Recommendations include enabling specific security features, applying patches, and configuring network security rules.

    ReplyDelete