Microsoft Azure enables you to deploy a variety of infrastructure, web application and automation resources. These resources are generally a part of a larger infrastructure or an application service that your organization provides to its internal and external users. In addition to the networking endpoints of an overarching service that your users interact with, the different resources in an infrastructure or application service interact with each other through their own networking endpoints. These interactions depend on the underlying networking services provided by the Azure cloud to communicate with other tiers and with its users. This communication internally within Azure and to Azure from external networks is protected with resource specific ACLs and with the cloud native network security services such as DDoS Protection, Web Application Firewall (WAF), Network Security Groups (NSG) and Firewall in Azure. With all network security controls in place, and each one implemented in a different dashboard, it becomes challenging for customers to have a single view of their entire Azure Network Security state, and that is what this workbook aims to solve.
As your footprint in the Azure Cloud grows, the number of services and the infrastructure, application and automation resources involved in these services increases significantly which results in the number of endpoints which are exposed internally and externally, with or without the required security controls.This represents the attack surface of your organization which can be exploited by an attacker.To appropriately secure your attack surface, you require better monitoring and governance of your resources, services, and their endpoints. The first step in this process is to inventory and gain visibility into the networking and security configuration your endpoints across your environment, along with the network security services they utilize or those which maybe inline. This helps you understand all the different paths an attacker can utilize to compromise your boundary and infiltrate into your environment plus the protections you already have against or those that need to put in place to prevent them.
Up until now, there was no single view with which you could visualize all your externally or internally exposed endpoints, their networking and security configuration or the network security services you had setup in Azure. You had to browse through many different blades in Azure to assess and obtain this information. With the availability of the new Network Security Dashboard for Security Center, you can now quickly get real time visibility of the security configuration of your networking and network security services, across multiple subscriptions in Azure.
The Network Security Dashboard is free to use for all customers and does not require you to be a paid customer of Azure Security Center.