Security Center is segmented as a Cloud Security Posture Management (CSPM) and Cloud Workload protection Platform product (CWPP). CWPPs is defined by workload-centric security protection solutions, which are typically agent-based. To be able to protect IaaS VM's, on-premises servers and other clouds server’s security Center uses agent-based monitoring.
In this blogpost, we want to help you understand the options available to protect your resources and the advantages and disadvantages.
There are two types of agents:
The direct agent is a standalone installation. This installation is an MSI\EXE file hence, organizations can leverage a deployment tool such as System Center Configuration Manager or other scripted way to deploy it.
To extend visibility and security center capabilities, we can install the agent on computers running outside of Azure, including resources running on-premises and in other clouds.
When installing the direct agent, we will need to supply two parameters:
Here is how you obtain and install the Direct Agent from the Azure security center portal:
For additional details on how to extend visibility for resources running outside of Azure, please refer to the following links:
The extension installs the Log Analytics agent on Azure virtual machines and enrolls virtual machines into an existing Log Analytics workspace.
For details on supported Windows and Linux operating systems, check out the following documents:
Resource Group: DefaultResourceGroup-[geo]
For additional details, read the data collection document.
Below is an example of Linux policy assignment
4.ARM template – We can integrate the Log Analytics agent extension to a VM creation process by leveraging ARM template.
Template Example for Log analytics agent (MMA extension) installation of Windows VM, this part should integrate in VM deployment template:
5. System Center Configuration (SCCM)
6. SCOM Agent
The recommended practice is to utilize the Log Analytics VM extension. The Log Analytics VM extension has the following advantages over using the Direct Agent:
In this blogpost, we provided details on the options available to provide protection for your hybrid resources and the advantage and disadvantage. For more information on how Azure Security Center provides co visit our documentation below:
Kudos to @Yaniv Shasha for the great collaboration!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.