Save to My DOJO
The following article will give you a brief intro into Azure Security or Azure Secure Score.
First, let’s learn about Azure Security Center which the secure score solution is based on.
What is Azure Security Center?
Microsoft Azure Security Center is a cloud-based infrastructure security management system. It is built to strengthen cloud and datacenter security and provides advanced threat protection across on-prem and cloud workloads including Azure, AWS and Google.
The platform where Azure Security Center is located learns from and provides protection to all Azure and Customer workloads. Using those workloads, Security Center can improve itself for better and more efficient protection and security.
Security Center is built to support customers solving the following three most common and urgent security challenges:
- Rapidly changing workloads – In the cloud everything is changing all the time, that is a strength but also a challenge we face with such workloads. On one hand, end-users and customers are able to do more and deploy workloads themselves offloading work from IT departments to business owners, on the other hand, support and IT people need to implement certain standards and security best practices. They also need to get reported on violations or need to work against certain security breaches.
- Increasingly sophisticated attacks – Wherever a customer runs workloads, the attacks keep getting more sophisticated and harder to detect. Customers need to secure public cloud workloads since they are Internet-facing and as such are extremely vulnerable to attacks.
- Security skills are in short supply – If you compare the number of security alerts and alerting systems to the number of administrators with the necessary knowledge and background, alerts totally outnumber the administrators capable of interpreting them and who need to protect environments. To stay up-to-date and informed on the latest attacks and how to work against them is an impossible task for a single human. These permanent and drastic changes sometimes make it impossible to keep abreast in the world of security.
Security Center provides you with tools to protect your environment against those challenges.
- Strengthen security posture – Security Center assesses a customer environment and enables the security representatives to understand the status of resources and whether they are secure or open to a possible threat.
- Protect against threats – Security Center assesses workloads and raises threat prevention recommendations and security alerts. Those assessments are also the base for Azure Secure Score.
- Get secure faster – In Security Center everything is processed as Software, as a Service solution with the massive computing power of Azure in its backend. Azure Security Center is natively integrated into Azure Services and it is easy to deploy Security Center. You can also create automated provisioning to protect your Azure Services and Resources.
Azure Security Center currently comes with two SKUs / Tiers. You can have the free tier and the standard tier. The features covered by every tier can be found in the two links below:
In the next step, I will show you how to enable Azure Security Center standard.
How to enable Azure Security Center?
Go to portal.azure.com and search for Security Center in the search bar on top.
As you can see in Pricing & Settings, the free tier is enabled by default.
To change the Pricing Tier you select a subscription and switch to Standard. You can then choose the service on which you want to use the Standard Plan. After that, hit save and you’ve successfully changed the Pricing Tier for that service.
That is a short intro to Security Center. Now let us take a look into the Azure Secure Score.
What is Azure Secure Score?
Azure Security Center has two primary goals:
- to help customers with their current security situation.
- to help customers efficiently and proactively improve their overall security.
The main component to achieve these goals is the Azure Secure Score. The Score is shown as a percentage value across all of your subscriptions and per subscription. For my customers where I work with Security Center and Secure Score, I try to achieve an overall secure score of 80% or more. I also encourage my customers to reach an overall score of 80% and more when they are finishing off a Microsoft Azure Migration Program Project.
As you can see in my subscription, I have an overall score of 12% with my strongest subscription having 88% and my lowest having 0%.
Now let’s understand how you can access your secure score.
How do I access Azure Secure score?
There are several ways to access the score, the primary one is via the Azure Security Center within the Azure Portal
Another option would be to use the Rest API which is now (September 2020) currently in preview.
Get – Get secure score for a specific Security Center initiative within your current scope. For the ASC Default initiative, use ‘ascScore’.
List – List secure scores for all your Security Center initiatives within your current scope.
There is also a view per resource like the one shown with my sample virtual machine below. Here Azure Advisor and Azure Security Center combine their recommendations to improve the overall Azure Security and usability.
The benefit of the per resource advisory is that you gain additional optimization suggestions as well as security ones. As you can see in the screenshot below, for my example it also suggests options on how to improve resiliency. These changes do not have any impact on the security score but your overall environment will benefit from the changes.
These additional changes can for example impact costs, resiliency, redundancy and even performance in general.
How can I improve my Azure Secure Score?
Now let’s work on our Secure and increase it. First, let’s access the recommendations by clicking on the subscription we want to improve. I would try to choose the most recently created one.
Now choose a security risk you want to remove. Different resolutions will give you different percentages of improvement. You should always hunt for the ones with the highest priority, those are also the ones most likely to be used by bad actors to attack your workload.
In my case, I will do a simple improvement and encrypt the disk of one of my older VMs which had no support for Disk Encryption in the past.
You only need to click on the recommendation, select the resource you want to update, and activate the logic app.
After you’ve selected the right subscription and with a few minutes of waiting, you can trigger the pre-configured Logic App you created to remediate that threat.
But you can always do this manually as shown in the link, Azure Disk Encryption for Windows VMs.
How is the Azure Secure Score Calculated?
Microsoft also publishes a good calculation example.
Microsoft is very detailed on how the calculation is performed in its documentation. I would suggest giving it a deeper look to understand how the threats and risks are given value: Calculations – understanding your score
To summarize Security Center and the Secure Score; I would hope you agree, that these two tools are more than just a nice-to-have for your Azure Environment. The Security Center itself gives you a great overview on the security status of your environment and it helps you mitigate and automate actions when you are under attack or open to security risks. There are some very useful tools like Threat Protection and Security Alerts, Mitigation Automation and triggering from task already included. One other thing that you can create is a Security Baseline which you can then configure on how to respond when those Baselines are crossed and a potential threat appears.
Another thing I really like is the Secure Score. If the past, with IT security you needed to scan your environment and be aware of every possible point of entry and threat to these environments. It was also very hard work to mitigate and resolve those security risks. The most worrying thing I still see is the lack of knowledge from so-called “Security Experts”. Nearly every security guy I talk to still thinks security is based on vulnerabilities related to the network and a firewall can solve every threat. We now live in an age of Zero Trust Architecture, Social Engineering and Identity protection and these have to be taken into consideration. The Secure Score and the recommendations it offers are the best way of showing additional threats and security risks outside of the classic network first mentality, and it also (hopefully) improves the learning curve of those lone administrators.
Nice to read
If you want to go deeper into the topic I would like to provide you with a number of links to do that:
- Azure security baseline for Security Center
- Tutorial: Respond to security incidents
- Understanding just-in-time (JIT) VM access
- Threat protection in Azure Security Center
- Automate onboarding of Azure Security Center using PowerShell
- Security alerts – a reference guide
As always I hope my short article was helpful for someone out there in the community. Please feel free to leave me a comment. If you have a project that focuses around Azure, do not hesitate to nominate yourself for the free assistance on the Microsoft FastTrack for Azure Team. Here you can find more details along with the nomination page.
Microsoft FastTrack for Azure – Move to Azure efficiently with customized guidance from Azure engineering
And lastly, thanks to my friends from Altaro who give me a platform to write down some of my thoughts and share them with you guys.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!