Azure Native and Third-Party Tools: New White Paper

Thanks in part to the ease of infrastructure implementation, public cloud service providers (CSPs) are quickly becoming more popular with enterprises. However, cybersecurity in the cloud is complex; while CSPs are responsible for the security “of” the cloud, you’re responsible for security “in” the cloud. Enterprises must still protect data and are responsible for the secure configuration of the resources provisioned.

Figure 1: Microsoft Azure shared responsibility model

Despite the many advantages offered by CSPs there are intricacies and Azure users might have a host of questions. For instance:

• What native services does Azure offer to assess vulnerabilities and exposures?
• How easy or difficult is it to understand Azure security data?
• What gaps exist in Azure native tools?
• How do third-party tools work in Azure to augment and/or strengthen cloud security?

We’ve developed IaaS Security – Azure Native and Third-Party Tools to help you better understand the cloud infrastructure assessment tools provided by Azure and third parties. The paper offers tool-specific observations that allow security practitioners to understand the interdependencies of native and third-party tools and grasp the basics of configuration, key features, metrics, reports and other capabilities. This allows practitioners to make informed decisions about how and when to use which tools in their Azure-hosted environments.

Some key takeaways:

Manageability: Microsoft has taken multiple steps to ensure Azure’s IaaS cyber security controls can be managed with relative ease. Microsoft has accelerated its rollout of Azure security solutions over the last two years, and while many features exist in preview mode, they are generally functional. Optiv has seen a pattern of continual improvement in the security products launched within Azure; organizations will want to keep up to date with Azure changes more closely than they have with legacy Microsoft products.

Security Center: Provides insight into regulatory compliance, resource health and threat protection. Crucial to securely adopting and consuming CSP resources are identity, logging, visibility and service integration. For vulnerability management, the local Qualys agent scanning within Security Center provides competent vulnerability assessment from within the target VM but does not replace the traditional approach of network scanning to visualize what a remote attacker would see.

Azure Active Directory: Microsoft has an edge when compared to the offerings of competing Cloud Service Providers. Azure AD security features and visibility for access management would be better compared to common names in the identity space like Okta. However, it does not mean that there is feature parity between the two and the maturation of the products it the same. While Azure AD Security is fairly straightforward and there is the benefit of direct integration with other Azure security services, such as Security Center, Azure AD should be one consideration in a larger identity program conversation.

Azure Sentinel: Optiv found that a lot of Sentinel’s features were in preview mode. Microsoft places features in “preview” mode before they are graduated to general availability. The edge that Azure Sentinel has on other SIEMs is that Microsoft/Azure owns the infrastructure it is delivered on, which provides a pricing advantage, as well as the delivery model offered by Azure. A few simple clicks, with no third party needed, and the cloud-native SIEM as-a-Service is running. However, its features haven’t reached parity with other enterprise SIEMs.

Both native and third-party approaches have distinct advantages and disadvantages at present. You should expect to use both native and third-party security solutions in concert for the foreseeable future, and this research paper provides a rich understanding of how this can be best accomplished.