Take control of your Azure security monitoring, management and risks
In establishing your Azure cloud defenses, you first need to understand that an intrusion detection system (IDS) in Azure is fundamentally different than in on-premises environments. In Azure, you don’t manage the underlying network infrastructure, making it difficult to access packet-level information using port mirroring, taps or traditional network-based methods. Microsoft is responsible for securing their infrastructure, as they operate under the shared responsibility model. However, you are still responsible for monitoring and securing your applications running in Azure.
USM Anywhere™ includes an Azure sensor that enables direct access to the Azure API, allowing you to automatically monitor your Azure environment and quickly detect assets, identify threats, and gain remediation guidance. Purpose-built for the Azure cloud, USM Anywhere delivers five essential security monitoring features, including asset discovery, intrusion detection, vulnerability scanning, behavioral monitoring, and Security Information and Event Management (SIEM).
Comprehensive Azure intrusion detection
Provides a comprehensive cloud IDS solution natively built for Azure, offering direct access to the Azure API and the cloud management plane.
Continuous Azure security monitoring
Offers essential Azure IDS and security monitoring capabilities, helping to centralize threat visibility and achieve regulatory compliance.
Integrated threat intelligence
Integrated threat intelligence from AT&T Alien Labs helps you focus on real threats in your Azure environment rather than researching every alert
There are some unique aspects of intrusion detection in the Azure cloud that you need to account for. Because Microsoft controls the Azure network, you don’t have easy access to the low-level network traffic, and so you are not able to employ your traditional network IDS tools. However, as defined in the Azure shared responsibility model, Microsoft has responsibility for locking down its network. However, you’re still responsible for securing your applications and systems running in Azure. And while Microsoft provides some tools to assist you, including Azure Security Groups, you still need to do more.
This brings us to the management plane, which is the critical aspect of the cloud that affords you security control capabilities. The management plane is the web interface and the APIs that configure, monitor, and control your Azure cloud environment. This is essentially the key to your Azure kingdom, so you need to lock it down. However, access to the management plane also provides a security controls opportunity. By accessing the Azure management plane, you can ensure that every VM spun up has proper monitoring enabled and data flowing into your systems. You can analyze the complete history of every action taken with complete traceability back to the source. This gives you a new mechanism for detecting threats.
To capture the security benefits of the management plane, you need a solution that accesses the Azure API directly. USM Anywhere, with its purpose-built Azure sensor, delivers the capabilities you need for comprehensive intrusion detection in Azure. USM Anywhere has been purpose built to run in Azure and monitor the Azure cloud. It directly accesses the Azure API to monitor all activity and discover all VMs in your Azure environment. Combined with USM Anywhere’s Hyper-V and VMware sensors, USM Anywhere gives you the visibility you need across all your cloud and on-premises environments to detect and respond to threats.
One of the promises of the cloud, namely the flexibility and scale it provides, is also the source of one of its security weaknesses. Specifically, your Azure cloud environment is constantly changing as you spin up new instances or change configurations. In some cases, this may be done frequently on a daily or even hourly basis. In addition, folks in your organization may be doing things that you aren’t aware of. This is called ‘Shadow IT’, which refers to employees introducing rogue services or bringing rogue assets into your corporate network. New cloud security risks may be manifesting themselves on an hourly basis.
The need to monitor for Shadow IT activity drives the need for solutions that provide continuous security monitoring of all activity in the cloud. You need a solution that continuously monitors your Azure cloud environment and delivers Azure IDS functionality.
This ongoing monitoring of your Azure environment is also important for compliance purposes. Many regulatory requirements, including PCI DSS and GLBA require continuous monitoring capabilities. As you move workloads to Azure, you need a solution that performs this continuous Azure security monitoring.
USM Anywhere with its native Azure sensor delivers continuous security monitoring of your Azure environment. With its direct Azure API integration, USM Anywhere monitors all activity and detects changes in your Azure environment to deliver critical Azure IDS capabilities and help you monitor Shadow IT. And USM Anywhere’s security monitoring capabilities help ensure compliance with many regulatory requirements.