One of the main pillars of Azure Security Center is threat detection. Threat detection isn’t new, we’ve been doing that for a long time on-premises. We have decades of experience with Intrusion Detection/Intrusion Prevention devices, be they host IDS/IPS or network IDS/IPS. We’re comfortable using them, pretty much understand how they work, and have integrated them into our security processes, policies and procedures.
With that said, things have changed with public cloud computing.
In the past, attackers would leverage common methods that are no longer as effective as they once were due to how public clouds operate. For example, the following methods are not as relevant in the cloud as they are on-premises:
- Reconnaissance through social networks
- Delivery through physical and client-centric applications
- Exploitation of client-side applications
- Lateral movement through traditional account hash attacks
While Azure Security Center is definitely in the position to help you in these areas, we are looking forward to addressing the types of attacks that align with the modern attackers mindset. These new attacks are focused on:
- Secret reconnaissance
- Resource abuse
- Resource pivoting
- Management port exploitation
Azure Security Center can help you detect these attacks by using:
- Virtual machine analysis
- Network analysis
- Resource analysis
- Blink spot analysis
Want to know more? Then check out the great article by Tomer Teller, Senior Security Program Manager, Detecting Threats with Azure Security Center.