|
| 1 | +--- |
| 2 | +title: Archive of what's new in Azure Security Center |
| 3 | +description: A description of what's new and changed in Azure Security Center from six months ago and earlier. |
| 4 | +services: security-center |
| 5 | +documentationcenter: na |
| 6 | +author: memildin |
| 7 | +manager: rkarlin |
| 8 | +ms.service: security-center |
| 9 | +ms.devlang: na |
| 10 | +ms.topic: conceptual |
| 11 | +ms.tgt_pltfrm: na |
| 12 | +ms.workload: na |
| 13 | +ms.date: 05/11/2020 |
| 14 | +ms.author: memildin |
| 15 | + |
| 16 | +--- |
| 17 | + |
| 18 | +# Archive for what's new in Azure Security Center? |
| 19 | + |
| 20 | +The primary [What's new in Azure Active Directory?](release-notes.md) release notes page contains updates for the last six months, while this page contains older items. |
| 21 | + |
| 22 | +This page provides you with information about: |
| 23 | + |
| 24 | +- New features |
| 25 | +- Bug fixes |
| 26 | +- Deprecated functionality |
| 27 | + |
| 28 | +## November 2019 |
| 29 | + |
| 30 | +### Threat Protection for Azure Key Vault in Public Preview in North America Regions |
| 31 | + |
| 32 | +Azure Key Vault is an essential service for protecting data and improving performance of cloud applications by offering the ability to centrally manage keys, secrets, cryptographic keys and policies in the cloud. Since Azure Key Vault stores sensitive and business critical data, it requires maximum security for the key vaults and the data stored in them. |
| 33 | + |
| 34 | +Azure Security Center’s support for Threat Protection for Azure Key Vault provides an additional layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit key vaults. This new layer of protection allows customers to address threats against their key vaults without being a security expert or manage security monitoring systems. The feature is in public preview in North America Regions. |
| 35 | + |
| 36 | + |
| 37 | +### Threat Protection for Azure Storage includes Malware Reputation Screening |
| 38 | + |
| 39 | +Threat protection for Azure Storage offers new detections powered by Microsoft Threat Intelligence for detecting malware uploads to Azure Storage using hash reputation analysis and suspicious access from an active Tor exit node (an anonymizing proxy). You can now view detected malware across storage accounts using Azure Security Center. |
| 40 | + |
| 41 | + |
| 42 | +### Workflow automation with Logic Apps (preview) |
| 43 | + |
| 44 | +Organizations with centrally managed security and IT/operations implement internal workflow processes to drive required action within the organization when discrepancies are discovered in their environments. In many cases, these workflows are repeatable processes and automation can greatly streamline processes within the organization. |
| 45 | + |
| 46 | +Today we are introducing a new capability in Security Center that allows customers to create automation configurations leveraging Azure Logic Apps and to create policies that will automatically trigger them based on specific ASC findings such as Recommendations or Alerts. Azure Logic App can be configured to do any custom action supported by the vast community of Logic App connectors, or use one of the templates provided by Security Center such as sending an email or opening a ServiceNow™ ticket. |
| 47 | + |
| 48 | +For more information about the automatic and manual Security Center capabilities for running your workflows, see [workflow automation](workflow-automation.md). |
| 49 | + |
| 50 | +To learn about creating Logic Apps, see [Azure Logic Apps](https://docs.microsoft.com/azure/logic-apps/logic-apps-overview). |
| 51 | + |
| 52 | + |
| 53 | +### Quick Fix for bulk resources generally available |
| 54 | + |
| 55 | +With the many tasks that a user is given as part of Secure Score, the ability to effectively remediate issues across a large fleet can become challenging. |
| 56 | + |
| 57 | +To simplify remediation of security misconfigurations and to be able to quickly remediate recommendations on a bulk of resources and improve your secure score, use Quick Fix remediation. |
| 58 | + |
| 59 | +This operation will allow you to select the resources you want to apply the remediation to and launch a remediation action that will configure the setting on your behalf. |
| 60 | + |
| 61 | +Quick fix is generally available today customers as part of the Security Center recommendations page. |
| 62 | + |
| 63 | +See which recommendations have quick fix enabled in the [reference guide to security recommendations](recommendations-reference.md). |
| 64 | + |
| 65 | + |
| 66 | +### Scan container images for vulnerabilities (preview) |
| 67 | + |
| 68 | +Azure Security Center can now scan container images in Azure Container Registry for vulnerabilities. |
| 69 | + |
| 70 | +The image scanning works by parsing the container image file, then checking to see whether there are any known vulnerabilities (powered by Qualys). |
| 71 | + |
| 72 | +The scan itself is automatically triggered when pushing new container images to Azure Container Registry. Found vulnerabilities will surface as Security Center recommendations and included in the Azure Secure Score together with information on how to patch them to reduce the attack surface they allowed. |
| 73 | + |
| 74 | + |
| 75 | +### Additional regulatory compliance standards (preview) |
| 76 | + |
| 77 | +The Regulatory Compliance dashboard provides insights into your compliance posture based on Security Center assessments. The dashboard shows how your environment complies with controls and requirements designated by specific regulatory standards and industry benchmarks and provides prescriptive recommendations for how to address these requirements. |
| 78 | + |
| 79 | +The regulatory compliance dashboard has thus far supported four built-in standards: Azure CIS 1.1.0, PCI-DSS, ISO 27001, and SOC-TSP. We are now announcing the public preview release of additional supported standards: NIST SP 800-53 R4, SWIFT CSP CSCF v2020, Canada Federal PBMM and UK Official together with UK NHS. We are also releasing an updated version of Azure CIS 1.1.0, covering more controls from the standard and enhancing extensibility. |
| 80 | + |
| 81 | +[Learn more about customizing the set of standards in your regulatory compliance dashboard](update-regulatory-compliance-packages.md). |
| 82 | + |
| 83 | + |
| 84 | +### Threat Protection for Azure Kubernetes Service (preview) |
| 85 | + |
| 86 | +Kubernetes is quickly becoming the new standard for deploying and managing software in the cloud. Few people have extensive experience with Kubernetes and many only focuses on general engineering and administration and overlook the security aspect. Kubernetes environment needs to be configured carefully to be secure, making sure no container focused attack surface doors are not left open is exposed for attackers. Security Center is expanding its support in the container space to one of the fastest growing services in Azure - Azure Kubernetes Service (AKS). |
| 87 | + |
| 88 | +The new capabilities in this public preview release include: |
| 89 | + |
| 90 | +- **Discovery & Visibility** - Continuous discovery of managed AKS instances within Security Center’s registered subscriptions. |
| 91 | +- **Secure Score recommendations** - Actionable items to help customers comply to security best practices in AKS as part of the customer’s Secure Score, such as "Role-Based Access Control should be used to restrict access to a Kubernetes Service Cluster". |
| 92 | +- **Threat Detection** - Host and cluster-based analytics, such as “A privileged container detected”. |
| 93 | + |
| 94 | + |
| 95 | +### Virtual machine vulnerability assessment (preview) |
| 96 | + |
| 97 | +Applications that are installed in virtual machines could often have vulnerabilities that could lead to a breach of the virtual machine. We are announcing that the Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee. The vulnerability assessment, powered by Qualys in the public preview, will allow you to continuously scan all the installed applications on a virtual machine to find vulnerable applications and present the findings in the Security Center portal’s experience. Security Center takes care of all deployment operations so that no extra work is required from the user. Going forward we are planning to provide vulnerability assessment options to support our customers’ unique business needs. |
| 98 | + |
| 99 | +[Learn more about vulnerability assessments for your Azure Virtual Machines](security-center-vulnerability-assessment-recommendations.md). |
| 100 | + |
| 101 | + |
| 102 | +### Advanced data security for SQL servers on Azure Virtual Machines (preview) |
| 103 | + |
| 104 | +Azure Security Center’s support for threat protection and vulnerability assessment for SQL DBs running on IaaS VMs is now in preview. |
| 105 | + |
| 106 | +[Vulnerability assessment](https://docs.microsoft.com/azure/sql-database/sql-vulnerability-assessment) is an easy to configure service that can discover, track, and help you remediate potential database vulnerabilities. It provides visibility into your security posture as part of Azure secure score and includes the steps to resolve security issues and enhance your database fortifications. |
| 107 | + |
| 108 | +[Advanced threat protection](https://docs.microsoft.com/azure/sql-database/sql-database-threat-detection-overview) detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit your SQL server. It continuously monitors your database for suspicious activities and provides action-oriented security alerts on anomalous database access patterns. These alerts provide the suspicious activity details and recommended actions to investigate and mitigate the threat. |
| 109 | + |
| 110 | + |
| 111 | +### Support for custom policies (preview) |
| 112 | + |
| 113 | +Azure Security Center now supports custom policies (in preview). |
| 114 | + |
| 115 | +Our customers have been wanting to extend their current security assessments coverage in Security Center with their own security assessments based on policies that they create in Azure Policy. With support for custom policies, this is now possible. |
| 116 | + |
| 117 | +These new policies will be part of the Security Center recommendations experience, Secure Score, and the regulatory compliance standards dashboard. With the support for custom policies, you’re now able to create a custom initiative in Azure Policy, then add it as a policy in Security Center and visualize it as a recommendation. |
| 118 | + |
| 119 | + |
| 120 | +### Extending Azure Security Center coverage with platform for community and partners |
| 121 | + |
| 122 | +Use Security Center to receive recommendations not only from Microsoft but also from existing solutions from partners such as Check Point, Tenable, and CyberArk with many more integrations coming. Security Center’s simple onboarding flow can connect your existing solutions to Security Center, enabling you to view your security posture recommendations in a single place, run unified reports and leverage all of Security Center's capabilities against both built-in and partner recommendations. You can also export Security Center recommendations to partner products. |
| 123 | + |
| 124 | +[Learn more about Microsoft Intelligent Security Association](https://www.microsoft.com/security/partnerships/intelligent-security-association). |
| 125 | + |
| 126 | + |
| 127 | + |
| 128 | +### Advanced integrations with export of recommendations and alerts (preview) |
| 129 | + |
| 130 | +In order to enable enterprise level scenarios on top of Security Center, it’s now possible to consume Security Center alerts and recommendations in additional places except the Azure portal or API. These can be directly exported to an Event Hub and to Log Analytics workspaces. Here are a few workflows you can create around these new capabilities: |
| 131 | + |
| 132 | +- With export to Log Analytics workspace, you can create custom dashboards with Power BI. |
| 133 | +- With export to Event Hub, you’ll be able to export Security Center alerts and recommendations to your third-party SIEMs, to a third-party solution in real time, or Azure Data Explorer. |
| 134 | + |
| 135 | + |
| 136 | +### Onboard on-prem servers to Security Center from Windows Admin Center (preview) |
| 137 | + |
| 138 | +Windows Admin Center is a management portal for Windows Servers who are not deployed in Azure offering them several Azure management capabilities such as backup and system updates. We have recently added an ability to onboard these non-Azure servers to be protected by ASC directly from the Windows Admin Center experience. |
| 139 | + |
| 140 | +With this new experience users will be to onboard a WAC server to Azure Security Center and enable viewing its security alerts and recommendations directly in the Windows Admin Center experience. |
| 141 | + |
| 142 | + |
| 143 | +## September 2019 |
| 144 | + |
| 145 | +### Managing rules with adaptive application controls improvements |
| 146 | + |
| 147 | +The experience of managing rules for virtual machines using adaptive application controls has improved. Azure Security Center's adaptive application controls help you control which applications can run on your virtual machines. In addition to a general improvement to rule management, a new benefit enables you to control which file types will be protected when you add a new rule. |
| 148 | + |
| 149 | +[Learn more about adaptive application controls](security-center-adaptive-application.md). |
| 150 | + |
| 151 | + |
| 152 | +### Control container security recommendation using Azure Policy |
| 153 | + |
| 154 | +Azure Security Center’s recommendation to remediate vulnerabilities in container security can now be enabled or disabled via Azure Policy. |
| 155 | + |
| 156 | +To view your enabled security policies, from Security Center open the Security Policy page. |
| 157 | + |
| 158 | + |
| 159 | +## August 2019 |
| 160 | + |
| 161 | +### Just-in-time (JIT) VM access for Azure Firewall |
| 162 | + |
| 163 | +Just-in-time (JIT) VM access for Azure Firewall is now generally available. Use it to secure your Azure Firewall protected environments in addition to your NSG protected environments. |
| 164 | + |
| 165 | +JIT VM access reduces exposure to network volumetric attacks by providing controlled access to VMs only when needed, using your NSG and Azure Firewall rules. |
| 166 | + |
| 167 | +When you enable JIT for your VMs, you create a policy that determines the ports to be protected, how long the ports are to remain open, and approved IP addresses from where these ports can be accessed. This policy helps you stay in control of what users can do when they request access. |
| 168 | + |
| 169 | +Requests are logged in the Azure Activity Log, so you can easily monitor and audit access. The just-in-time page also helps you quickly identify existing VMs that have JIT enabled and VMs where JIT is recommended. |
| 170 | + |
| 171 | +[Learn more about Azure Firewall](https://docs.microsoft.com/azure/firewall/overview). |
| 172 | + |
| 173 | + |
| 174 | +### Single click remediation to boost your security posture (preview) |
| 175 | + |
| 176 | +Secure score is a tool that helps you assess your workload security posture. It reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. This helps you find the most serious security vulnerabilities to prioritize investigation. |
| 177 | + |
| 178 | +In order to simplify remediation of security misconfigurations and help you to quickly improve your secure score, we’ve added a new capability that allows you to remediate a recommendation on a bulk of resources in a single click. |
| 179 | + |
| 180 | +This operation will allow you to select the resources you want to apply the remediation to and launch a remediation action that will configure the setting on your behalf. |
| 181 | + |
| 182 | +See which recommendations have quick fix enabled in the [reference guide to security recommendations](recommendations-reference.md). |
| 183 | + |
| 184 | + |
| 185 | +### Cross-tenant management |
| 186 | + |
| 187 | +Security Center now supports cross-tenant management scenarios as part of Azure Lighthouse. This enables you to gain visibility and manage the security posture of multiple tenants in Security Center. |
| 188 | + |
| 189 | +[Learn more about cross-tenant management experiences](security-center-cross-tenant-management.md). |
| 190 | + |
| 191 | + |
| 192 | +## July 2019 |
| 193 | + |
| 194 | +### Updates to network recommendations |
| 195 | + |
| 196 | +Azure Security Center (ASC) has launched new networking recommendations and improved some existing ones. Now, using Security Center ensures even greater networking protection for your resources. |
| 197 | + |
| 198 | +[Learn more about network recommendations](recommendations-reference.md#recs-network). |
| 199 | + |
| 200 | + |
| 201 | +## June 2019 |
| 202 | + |
| 203 | +### Adaptive Network Hardening - generally available |
| 204 | + |
| 205 | +One of the biggest attack surfaces for workloads running in the public cloud are connections to and from the public Internet. Our customers find it hard to know which Network Security Group (NSG) rules should be in place to make sure that Azure workloads are only available to required source ranges. With this feature, Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. This helps our customer better configure their network access policies and limit their exposure to attacks. |
| 206 | + |
| 207 | +[Learn more about adaptive network hardening](security-center-adaptive-network-hardening.md). |
0 commit comments