Strengthening Microsoft Azure Cloud Security
Organizations that migrate application workloads to Microsoft Azure may have to worry less about availability, productivity, and scalability, but they also have to come up with strategies for monitoring and defending data and applications in environments where many of their existing security tools may not extend to today.
As a Microsoft strategic partner, Rapid7 offers tools that strengthen Microsoft Azure cloud security and give security teams visibility into vulnerabilities and threats across their entire IT footprint.
クラウドリスクコンプリート
Rapid7のクラウドリスクコンプリートは、ダイナミックなクラウド環境全体のリスク軽減を支援します。統合、最適化、自動化をベースにした実務者ファーストのアプローチで、継続的なセキュリティとコンプライアンスを活用してワークロードリスクを低減するオールインワンソリューションです。
Monitor for Breaches with InsightIDR
InsightIDR is Rapid7’s cloud SIEM for modern detection and response. In an Azure environment, InsightIDR enables security teams to:
- Connect to Azure Event Hubs and aggregate cloud logs from important Azure services such as Azure Active Directory, Azure Monitor, the Azure Resource Manager (ARM), the Azure Security Center, and Office365.
- Combine Azure log data with information from endpoints, networks, on-premises data centers, and other cloud platforms such as Amazon AWS.
- Leverage User Behavior Analytics to uncover anomalous and potential malicious activities, including behaviors that indicate compromised user and administrative credentials.
- Surface alerts from Azure Security Center alongside alerts from other third-party environments and platforms.
- Support cloud reporting and compliance requirements for monitoring, audit logging, and data retention.
InsightIDR also prevents Azure from becoming a security information silo. It aggregates, normalizes, and enriches data from multiple on-premises and cloud platforms to give security teams comprehensive visibility into indicators of advanced attacks. It provides in-depth context to evaluate alerts and helps track lateral movement by attackers across environments.
InsightIDR is a fast-to-deploy SIEM. It integrates quickly with Azure cloud services, does not require extensive customization or rules, and provides automated workflows out of the box to speed up incident response and remediation.
Automate Actions with InsightConnect
Rapid7 InsightConnect is a security orchestration and automation tool that enables security and operations teams to accelerate processes and perform repetitive tasks quickly, with little or no code. For example:
- Integration with Azure AD enables teams to deploy automated workflows that involve creating users, adding users to groups, enabling and disabling user accounts, forcing users to change passwords, and removing users from groups. This not only speeds up onboarding new employees and de-provisioning departing ones, it can be used to immediately disable users when suspicious activity from their accounts is detected, and to quickly re-enable them when the threat has been mitigated.
- Integration with Azure Compute supports workflows that list, capture, start, stop, restart, and delete virtual machines when attacks are detected.
Integration with Azure Admin and Office365 can automate tasks related to collecting and analyzing data to investigate and respond to email phishing campaigns.