The Ignite 2019 conference is in full flow, with Microsoft already having dropped a ton of goodies at the start of this event. And for the Azure cloud platform, security remains a paramount focus.
To protect Azure customers even further, the cloud giant has announced a whole bunch of security related enhancements and improvements.
First of these is Azure Sentinel, which is the the security information and event management (SIEM) offering available on the Microsoft cloud. It offers better threat protection for cloud resources, and allows for any threat to be investigated, hunted and correlated with other signals.
Sentinel now has built-in hunting queries for Linux and network events, as well as the ability to launch Azure Notebooks straight from the solution itself. Users also get new analytics and investigation tools to offer better insights on suspicious URLs.
Redmond also announced that Azure Security Center is in line to get a number of enhancements, including workflow automation using Azure Logic Apps, better integrations with continuous export, as well as better alerts and recommendations overall.
Users can also expect streamlined onboarding of on-premises services to Security Center via the Admin Center and the Azure Security Center Community, which is a centralized GitHub open to contributors.
All of the abovementioned features are now available in preview.
Also announced in preview is a set of extensive data security features for SQL Server databases running on Azure virtual machines. Azure Security Center has now picked up support for vulnerability assessment and threat protection of these databases.
This allows for continuous monitoring of suspicious activity, with the platform also able to serve up recommendations of any actions that can mitigate or investigate the detected threat.
In case you are wondering, this vulnerability assessment features are powered by Qualys, and they are also coming (for now in public preview) to the Security Center Standard tier at no additional charge.
Last but not least, we also have Azure Firewall Manager in public preview which is essentially a cloud-native firewall-as-a-service that allows enterprise clients to govern and log traffic flows, with support for application and network level filtering rules.
It also integrates with the Microsoft Threat Intelligence feed.