Skip to main content

Azure Native and Third-Party Tools: New White Paper

May 20, 2020

Thanks in part to the ease of infrastructure implementation, public cloud service providers (CSPs) are quickly becoming more popular with enterprises. However, cybersecurity in the cloud is complex; while CSPs are responsible for the security “of” the cloud, you’re responsible for security “in” the cloud. Enterprises must still protect data and are responsible for the secure configuration of the resources provisioned.


Figure 1: Microsoft Azure shared responsibility model

Despite the many advantages offered by CSPs there are intricacies and Azure users might have a host of questions. For instance:

  • What native services does Azure offer to assess vulnerabilities and exposures?
  • How easy or difficult is it to understand Azure security data?
  • What gaps exist in Azure native tools?
  • How do third-party tools work in Azure to augment and/or strengthen cloud security?

We’ve developed IaaS Security – Azure Native and Third-Party Tools to help you better understand the cloud infrastructure assessment tools provided by Azure and third parties. The paper offers tool-specific observations that allow security practitioners to understand the interdependencies of native and third-party tools and grasp the basics of configuration, key features, metrics, reports and other capabilities. This allows practitioners to make informed decisions about how and when to use which tools in their Azure-hosted environments.

Some key takeaways:

Manageability: Microsoft has taken multiple steps to ensure Azure’s IaaS cyber security controls can be managed with relative ease. Microsoft has accelerated its rollout of Azure security solutions over the last two years, and while many features exist in preview mode, they are generally functional. Optiv has seen a pattern of continual improvement in the security products launched within Azure; organizations will want to keep up to date with Azure changes more closely than they have with legacy Microsoft products.

Security Center: Provides insight into regulatory compliance, resource health and threat protection. Crucial to securely adopting and consuming CSP resources are identity, logging, visibility and service integration. For vulnerability management, the local Qualys agent scanning within Security Center provides competent vulnerability assessment from within the target VM but does not replace the traditional approach of network scanning to visualize what a remote attacker would see.

Azure Active Directory: Microsoft has an edge when compared to the offerings of competing Cloud Service Providers. Azure AD security features and visibility for access management would be better compared to common names in the identity space like Okta. However, it does not mean that there is feature parity between the two and the maturation of the products it the same. While Azure AD Security is fairly straightforward and there is the benefit of direct integration with other Azure security services, such as Security Center, Azure AD should be one consideration in a larger identity program conversation.

Azure Sentinel: Optiv found that a lot of Sentinel’s features were in preview mode. Microsoft places features in “preview” mode before they are graduated to general availability. The edge that Azure Sentinel has on other SIEMs is that Microsoft/Azure owns the infrastructure it is delivered on, which provides a pricing advantage, as well as the delivery model offered by Azure. A few simple clicks, with no third party needed, and the cloud-native SIEM as-a-Service is running. However, its features haven’t reached parity with other enterprise SIEMs.

Both native and third-party approaches have distinct advantages and disadvantages at present. You should expect to use both native and third-party security solutions in concert for the foreseeable future, and this research paper provides a rich understanding of how this can be best accomplished.

    Woodrow Brown

By: Woodrow Brown

Director, Partner Research and Strategy

See More

Related Blogs

July 11, 2018

Agile and Proactive Security Assessments of AWS Cloud Deployments

Most companies have security personnel, but their expertise in the cloud may be limited. To have a team of highly trained AWS security experts on staf...

See Details

January 13, 2016

I Want the Cloud, But Where Do I Start?

… It is a question many admins and technology professionals are starting to ask. Well, to be fair, as long as ‘The Cloud’ has been a buzzword, people...

See Details

January 30, 2017

Cloud Powered Without Compromise

Security OF the cloud versus security IN the cloud. This by no means is intended to be a riddle. In fact, the irony is that cloud computing has solved...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

October 04, 2019

Cloud Security Service Brief

Enable secure and efficient cloud adoption with accelerated time to value.

See Details

October 11, 2019

IaaS Security - AWS Native and Third-Party Tools Executive Summary

This paper helps AWS users with Amazon, Palo Alto Networks and Tenable cloud infrastructure assessment tools.

See Details

November 04, 2019

Optiv Security Launches Services for Microsoft Azure Sentinel to Help Organizations Simplify Security Operations

Optiv offers progressive Microsoft Azure Sentinel solutions that integrate cloud and security strategies with innovative expertise.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.