Security posture refers to the current state of an organization’s security—that is, its overall state of protection to its identities, endpoints, user data, apps and infrastructure. An organization’s security posture is not static, it changes constantly in response to emerging new threats and variabilities in the environment. Enabling protections, like multi-factor authentication (MFA) for administrators, strengthens a company’s posture. A lack of vigilance, such as failing to update endpoints or use available protections can weaken an organizations security posture.
Azure Security Center can assist you in this journey to strengthening your security posture and it does that by bringing visibility and control for your workloads. By using Azure Security Center Secure Score as the Key Performance Indicator (KPI) for security of your cloud workloads, you will be able to constantly monitor your resources and track your progress towards a more secure environment. Watch the video below for a brief intro to this subject:
The intent of this post is to provide the essential list of resources that you can use to use Secure Score as your KPI and remediate the security recommendations in order to drive your secure score up, as shown in the diagram below:
To correctly use Secure Score you need to understand what the Secure Score is. Use the resources below to learn more about that:
Azure Security Center has a list of all recommendations for each workload. Read the articles below for more information about these recommendations:
Once you finish that initial phase, evaluate the remaining ones, and prioritize accordingly. Keep in mind that this is an ongoing process. Once you finish remediating all recommendations, you need to ensure that you have good governance to lower the amount of security recommendations in the future.
Frequently Asked Questions (FAQ)
Throughout the process of identifying the security recommendations and remediating them, there are some common questions that are always asked. The list below has some common questions and if you have a question on this topic that is not here, ask in the comment section:
Q1) How can I export the list of all security recommendations that I have in my ASC subscriptions to a CSV file?
A1: You can use this sample PowerShell script to accomplish that.
Q2) There are some recommendations that are not applicable to my environment. For example, we use a third-party MFA solution and I would like to disable the MFA recommendation in ASC. How can I do that?
A2: You can use the instructions from this post.
Q3) I’m not sure if all my VMs are monitored with Azure Security Center. I would like to identify the list of VMs that are monitored and export it to a CSV file. Is that possible?
A3: Yes. Read the instructions from this post.
Q4) Is there any way to automate the remediation of some of these recommendations?
A4: Yes. For some recommendations you can use Azure Policy, for others you can use PowerShell or even Azure Logic Apps. Our team create a repository in GitHub that provides a series of examples for some of the most common recommendations. You can download the samples from here and make the appropriate change to fit your needs.
Q5) Can I quickly remmediate a security recommendation from Azure Security Center dashboard?
A5: Yes. The new "One-click fix" feature enables you to remediate a recommendation on a bulk of resources, with a single click. It is an option only available for specific recommendations. One-click fix simplifies remediation and enables you to quickly improve your secure score and increase the security in your environment. Read more about this feature here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.