Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1

Public Cloud is all about trust which security is key pillar to keep the customer trust. There is a misconception about Cloud Security. This post will be part of my Azure Security blog post series. In this series we will dispell some of the myths and discuss how to mitigate the risks.

Based on Gartner 2014 survey, 25% Enterprises have made significant cloud investments and 72% Enterprises have made cloud investments. 47% have IaaS running which the trends will increase significantly for upcoming years. Top three spending for IT budgets in Australia: Mobile, Analytics and Cloud.

Security and Compliance are still major concerns for Cloud adoption. Very often myth of Cloud computing security mixed with negativity built the pre-assumption of Cloud Computing security.

Security in the Public Cloud in general is joint responsibility. There are few security features which we inherit from our Cloud Provider. Azure for this post and there are few security responsibility gaps which we are responsible for them.

For more information regarding Microsoft Azure Security and what Microsoft provides security out of the box —> here.

Below is the common scenario which I found out there.

Scenario

Let’s say We have Azure subscription which has site to site connectivity to our On-Prem with System Center VMM. We have HYBRID here! YES!

Now I feel like testing the performance SharePoint 2013 on Azure. Why? Because We CAN 🙂 with Azure PowerShell script – We can spin those three tier SharePoint 2013 farm on Azure VMs very quickly. On day Zero, those VMs are ‘green’.  Those VMs have enough patch level and have no malware. Days turn weeks and those VMs left un-managed / partially managed with no anti-malware protection, unpatched and no server hardening on those VMs.

Who is the party responsible for this VMs security? Azure? Yes partially. Mark Russinovich ? Probably…NO. We ? YES to manage this VMs.

The same manner if I spin up some Hyper-V VMs using my System Center VMM, I need to manage those VMs and keep them on ‘Green’ state.

Now how do we provide protection from day Zero ? The answer is Azure Anti-Malware Extension!

Currently Azure provides three new security extensions:

  • Microsoft Anti-Malware
  • Symantec Endpoint Protection
  • Trend Micro Deep Security as a Service

vmsecurityextension

Surely We want that to meet our compliance requirements to protect our VMs especially on Production.

How do we install one of the extension to our existing VMs ? Worry not! Below Azure Powershell scripts can help us to install Microsoft Anti-Malware extension:

Add Microsoft Anti-Malware Extension

 

How do we check whether the Anti-Malware has been enabled on VM, Azure PowerShell script below can help us to confirm:

Get Microsoft Anti-Malware Extension Status

 

To uninstall Microsoft Anti-Malware extension, Azure PowerShell script below can help to uninstall the agent:

Uninstall Microsoft Anti-Malware Extension

 

Next post we will look further how to secure our Azure Environment using System Center Configuration Manager 2012 R2 to keep our Azure VMs ‘Green’. We will cover few sections below:

  • Patch Management
  • Anti-Malware with Endpoint Protection
  • Firewall
  • Compliance Settings
  • Reporting to comply with Enterprise requirement
Advertisements

One response to “Secure Azure VM from day Zero with Azure Security Extension – Azure Security Part 1

  1. Pingback: Remove Microsoft Antimalware Service form a VM | Proxima's Techie Corner·

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s