In 2024, it is safe to say that many organizations have embraced a cloud strategy in some way. Whether that is a hybrid cloud model or multi-cloud model that uses some of the most common approaches like Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS). One thing is clear, the need to protect and secure these environments is crucial for all businesses. Microsoft Azure offers many of these cloud services to users depending on their needs, but did you know they also have tools available to help secure the environment and data as well? Let’s dive into some of the security tools and features you can find available in Microsoft Azure.
It is important to remember that just because you have offloaded the management duties of maintaining a physical data center, it’s still your responsibility to keep the data safe and available. Protect your data on Microsoft Azure with Veeam Data Platform.
For a more comprehensive look at what is cloud security look at cloud security glossary.
Understanding Azure Security Tools & Features
Data breaches and unauthorized access to systems can put organizations at risk of paying hefty fines, loss in company reputation, and in some cases, loss of employment. That is why having a strong security posture in the cloud is so important. Security in Azure is a multi-layered approach, consisting of people, technology, and controls that are implemented to lower risk and mitigate threats. This keeps data safe from loss, malicious actors, and insider threats. The layered approach ensures that if a breach were to occur, there is another layer in place to either stop or slow down the threat. This can minimize the impact of the most common types of threats that can occur. For example, if a user’s credentials were to be compromised, having roles and permissions in place ensure that the compromised user doesn’t provide the attacker access to the whole system.
There are multiple layers when it comes to security. First there are the Azure layers of security, which revolve around the technology and controls that can be implemented in building a secure cloud environment. Those technologies include physical, network, perimeter, endpoint, application, and data. The responsibility for who takes ownership in securing these types is dependent on the service you are consuming. For a quick break down, let’s refer to the image provided by Microsoft on who is responsible for each:
In the illustration above, when it comes to securing the physical components like the data center, hosts, and physical network components the responsibility falls onto the cloud provider. As you move upwards in the stack, the responsibility can be shared between both customer and cloud provider. What I want you to note is regardless of cloud technology you are using the information and data, accounts and identities, and devices used to access, will always remain the responsibility of the customer.
Top 10 Azure Security Tools List
Now that we have covered some of the basics and the need for Azure security let’s discuss some of the technologies that are available in Microsoft Azure and how you can put them to use secure your cloud environment.
Azure Defender (Previously known as Azure Security Center): Azure Defender is a security management tool that is available through the Microsoft Azure Marketplace and is a great starting point to gain higher visibility on your security state across all your hybrid cloud workloads, on-premises, Azure, and even some cloud platforms. Not only can you monitor your workloads via an agent, but you can also take advantage of controls that use machine learning and threat intelligence to block malware and detect attacks. Some capabilities include:
- Centralized Policy Management: Create a security policy that outlines the conditions you want the environment to adhere to. Quickly identify if resource configurations violate the security policies in place.
- Secure Score: High-level overview of how resources deployed across all environments score determined by Microsoft Cloud Security Benchmark (MCSB) when it comes to adhering to the security controls. Ex: Azure subscription missing Multi-factor Authentication (MFA)
- Protect Multiple Workloads: This can include cloud servers, cloud databases, containers, and even identifying threats to storage resources. Receive real-time alerts based on events that threaten the security of your environment.
Microsoft Entra ID Protection formerly known as Azure Active Directory (AD) Identity Protection: A tool that helps customers protect their organizations from identity compromises. Users can quickly identify attacks, report risks, and even remediate vulnerabilities with specific actions. Features include:
- Dashboard to help analyze security posture and any vulnerabilities. Key metrics and insights give you access to greater visibility, even a map that pinpoints locations of potential risks.
- Detect risks in real-time like leaked credentials, password sprays, and anonymous IP address usage. Investigate risky users and sign-ins to prevent unauthorized access.
- Automatic and Manual Remediation actions leveraging access controls like multi-factor authentication, or password resets. Data from risk-based actions can be forwarded to SIEM tools as well.
Azure Key Vault: a centralized cloud service that is used to securely manage, monitor, store, and access secrets, keys, and certificates. There are two services offered, standard which encrypts with a software key, and Premium which includes hardware security module (HSM) protected keys. Benefits of Azure Key Vault include:
- Centralization and control of application secrets distribution. It will remove the possibility of secrets being leaked due to users no longer storing in code. Simplify the steps that need to be taken to securely store contents in the key vault that can be made highly available by replicating region to region.
- Monitor the access and use of keys and secrets by enabling logging for your vaults. Logs can be sent to an event hub, Azure Monitor Logs, or to a storage account.
- Improve overall security by requiring proper authentication and authorization for a user or application to get access. Authentication can be configured via Microsoft Entra ID, while authorization can be configured using Azure role-based access control (RBAC) or key vault access policy.
Microsoft Sentinel formerly Azure Sentinel: Microsoft Sentinel is very similar to Azure Defender. They are both cloud-native and aim to increase an organization’s security posture. Sentinel takes it one step further by providing additional enhancements when it comes to connecting to broader security applications not related to Microsoft products. Microsoft Sentinel can be used by security teams for security information and event management (SIEM) and security orchestration, automation, and response (SOAR). Some benefits include:
- Scalability for organizations that have large environments and are looking to take advantage of REST-API, Syslog, or event format to connect their data sources to collect, detect, investigate, and respond to threats.
- Threat hunting with built-in queries to proactively search for security threats across different data sources.
- Playbooks that can be customized to automate workflows based off certain alerts or incidents.
Azure Firewall: Azure Firewall is a cloud-native fully stateful security service that provides threat protection for your cloud workloads running in Azure. There are three options that are offered depending on the size of organization with restrictive features depending on option chosen.
- Traffic Inspection is supported for all three options and is done by both east-west and north-south directions. This means traffic is monitored from within a trusted boundary and then moves outside of the trust to possible malicious external networks and vice-versa.
- Deny traffic and get alerts from known malicious IP addresses and domains to protect against possible attacks.
- Premium Edition support for rapid detection of attacks by looking for specific patterns that can include byte sequences in network traffic or known malware instruction sequences.
Azure DDoS Protection: Azure DDoS Protection, aims to mitigate and defend against a distributed denial-of-service (DDoS) attack which is an attempt to shut down a resource like a machine or network by overwhelming it with network traffic or causing it to crash with multiple tools. When it comes to running workloads in Azure it’s important to know that Azure DDoS Protection is automatically tuned and simple to enable on any new or existing virtual network. There are two tiers — DDoS Network protection, which is designed for the virtual network, and DDoS IP Protection, which adds some additional services. Benefits to DDoS Protection include:
- Simple configuration as all resources on a virtual network will immediately be protected as soon as DDoS Network Protection is enabled.
- Real-time traffic monitoring which will look for indicators of attack and automatically mitigate once detected.
- Analytics which can be used for organization investigation as a full detailed reports including a summary will be sent during and after an attack. Flow logs can also be sent to SIEM tools of your choosing.
Azure Information Protection formerly Microsoft Information Protection (MIP): AIP is part of Microsoft Purview which helps organizations to discover, classify, protect, and govern sensitive information. Benefits of Azure Information Protection include:
- Know your data and identify what sensitive information exists within the organization to put protective measures in place.
- Protect your data with sensitivity labels across apps, services, and devices as data traverses the organization internally and externally.
- Scan on-premises file repositories to identify and label sensitive files to ensure they are protected.
Microsoft Defender for Identity formerly known as Azure Advanced Threat Protection (ATP): A cloud-based security solution integrated with Microsoft Defender XDR that helps secure your identity monitoring across your organization. Gain insights on identity configurations with security best practices that make it harder to compromise user credentials.
- Real time analytics and data intelligence to help detect possible threats.
- Automated responses to compromised user credentials.
- Integration with Microsoft Defender XDR makes it easier to identify alerts with meaningful data to investigate anomalous activity.
Azure Policy: Helps organizations to assess regulatory compliance, security, cost, consistency, and management of their Azure environment and enforce standards at scale. Policy definitions are in JSON format and can be customized for the environment but there are common use cases already available in Azure to help get started. Some benefits include:
- Define parameters for policy definitions to evaluate resources and act for non-compliance.
- Respond to non-compliant resources through effects which are set in the policy rule. This can be as simple as blocking actions or denying a resource change.
- Remediate resources that are non-complaint through remediation tasks that deploy via template or modify operations.
Azure Bastion: Azure Bastion is a fully managed PaaS service that provides connectivity to your virtual machines via RDP/SSH and is hardened internally. When you use Azure Bastion, there is no need for a public IP address, therefore you limit the risk of having to expose your machines outside of the network and port scanning by malicious users. Some benefits include:
- Connection via private IP means no need to configure/manage NSGs to connect to machines.
- RDP and SSH session directly in the Azure Portal
- PaaS no need to manage a separate bastion host on a VM.
Azure Security Tool Integration
All the tools mentioned above can help organizations strengthen their overall security posture and take the best steps forward to reduce their vulnerability when it comes to cyber threats or non-compliance. I would suggest starting with Azure Defender first to get a baseline and adopting the other tools to help create a holistic security strategy. There are third party security tools that are compatible with Microsoft Azure, like Trend Micro, Cloud One, Check Point CloudGuard, etc. These third party security tools, when used with Azure security tools, follow the principle of defense in depth, which refers to having multiple layers of defense to protect against multiple types of threats. This defense system will prove challenging for any attacker, as they would have to overcome many defense mechanisms to penetrate the systems.
Leveling Up Your Azure Security With Veeam
Regardless of where the data lives, it will continue to be the responsibility of the organization and its users to not only secure it but also ensure it is available for business continuity. There are built-in features in Azure that can help any organization of size to secure their most important assets and meet regulatory compliance. However, opting for third party tools and layering Azure security tools can provide organizations with a robust and flexible security framework. Finally, when it comes to data protection, Veeam Data Platform can help to ensure that your data is recoverable wherever and whenever you need it most.
Check out a demo or download a trial today:
To learn more about security in Azure check out the helpful links below:
