You can view your companys regulatory compliance report from Azure monitor

Azure Event Hubs collect data and logs from Azure services. InsightIDR connects to Event Hubs to access and ingest data, including log data from:

- Azure Active Directory, which manages the identities and permissions of users in the enterprise’s Azure environment and tracks user sign-in activities
- Azure Monitor, which provides insight into Azure Resource Manager (ARM) activities, including administrative actions such as provisioning objects, standing up new virtual machines (VMs), and changing Azure permissions
- Azure Security Center, which monitors security events and creates alerts
- Office365, Exchange, and SQL databases, including administrator and user activity
- Microsoft DNS, which services domain name requests and logs connections to domains on the internet

InsightIDR combines log data acquired from Event Hubs and the Azure Activity Log API with information from endpoints, networks, on-premises data centers, and other cloud platforms such as Amazon AWS. Data from across the enterprise’s entire digital footprint is available for searching, reporting, and analysis.

Uncovering Anomalous Behaviors and Attacks

InsightIDR’s User Behavior Analytics (UBA) measure baseline activities by users identified in Azure Active Directory, then flag unusual behaviors. This would include behaviors that indicate compromised user credentials, such as atypical authentication requests and unusual single sign-on (SSO) activities.

Besides generating its own alerts, InsightIDR provides flexible dissemination of alerts generated by the Azure Security Center.

Reporting and Regulatory Compliance

InsightIDR supports cloud reporting and compliance requirements for monitoring, audit logging, and data retention. It offers a source of log data during compliance audits and provides proof of log retention. It can show auditors where logs are stored, confirm the appropriate log history, and demonstrate that the right log sources are represented.

InsightIDR’s intuitive dashboard can provide executives and board members with high-level information about the enterprise’s threat landscape, such as trending attacks, applications and areas of the network most subject to attack, and threats that have been remediated.

Keep Pace with Cloud Growth

Go ahead and ramp up your applications. As a native cloud-based tool, InsightIDR can scale up immediately to support increased activity and new applications while maintaining continuous security coverage.

InsightIDR is also designed to integrate quickly and seamlessly with new data sources, wherever they are. Through integrations with Azure, AWS and on-premises environments, InsightIDR is prepared to serve enterprises with hybrid environments as they move applications and services onto additional platforms.

Azure platform offers a number of services that can be broadly categorized under Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-service(SaaS) delivery models. It supports multiple operating systems, application stacks, the most popular DB platforms, and container-hosting solutions. Irrespective of whether your application is built using .NET, PHP, Python, Node.JS, Java, MySQL, SQL, MariaDB, Docker, Kubernetes—it can find a home in Azure.

As you migrate applications from data centers completely managed by you to Azure, you will greatly depend on the platform to protect these workloads. The shared responsibility model for security thus becomes very relevant here for the demarcation of roles and responsibilities.

Microsoft owns the physical infrastructure of the Azure platform and handles its security, covering several aspects like the physical data center, access control, mandatory security training for staff, background checks, etc. But as you deploy workloads on the Azure platform, a division of responsibilities—between you and your provider—should be taken into consideration, as summarized below:

As depicted in the image above, some security responsibilities, including for the physical data center, network, and host, are taken care of by cloud providers. But, depending on whether you are using an IaaS, PaaS, or SaaS model, you need to address the OS application stack and additional network-layer security requirements.

Microsoft Azure Security Overview

The security requirements of every organization are unique and would need extensive customizations to ensure the security of each specific workload. Advanced threat vectors in the cloud demand a zero-trust security approach, where nothing is trusted by default and everything is verified. This proactive approach to cloud security helps reduce the attack surface and limit damage in the event of an attack.

Security has to be implemented at each layer of your application stack, starting from compute, storage, and networking all the way up to application-specific controls and identity and access management. Visibility into the status of your environment’s security is also important, as any malicious activity has to be detected in real time for optimal protection.

Azure enables workload security through multiple configurable tools and services you can leverage to meet varying security demands and enhance your cloud security posture. You can also use partner security solutions wherever applicable to further augment this stance.

Azure Security Center

is Azure’s centralized security management solution that helps you adapt your security controls to a changing threat landscape and proactively protect your organization against multiple kinds of attacks. Azure services are automatically onboarded to Security Center and monitored against defined security baselines. Default as well as tailored policies can be used to monitor the status of your Azure subscription and included resources. Based on the continuous assessment of your Azure environments, Security Center provides actionable recommendations that can be used to proactively address security gaps.

Azure Security Center also offers comprehensive threat protection and uses cyber kill chain analysis to give you end-to-end visibility into the attack vector. You can additionally use Microsoft Defender for Endpoint to protect your Azure servers. It provides advanced breach-detection sensors that quickly adapt to evolving threats through the power of big data and analytics and provides superior threat intelligence to protect your workloads.

Plus, thezautomated onboarding capability for Windows servers and single-pane visibility make life easy for cloud security teams by reducing operational overhead. Azure Security Center integrates with solutions like Azure Policy, Azure Monitor Logs, and Azure Cloud App Security as well for in-depth security.

Cloud Security Posture Management (CSPM)

Threats in the cloud are not the same as on-premises. The cloud needs born-in-the-cloud solutions to ensure security hygiene and that the best security practices are being implemented. Azure’s Cloud Security Posture Management helps you with this, letting you proactively manage your security workloads in Azure.

The ”secure score” option in Security Center helps to quantify the security posture of your environments using multiple pre-built security controls against which the environments are assessed. If any of these controls are not implemented or if there are any misconfigurations, Security Center offers prescriptive recommendations to improve your score. Meanwhile, the regulatory compliance score assesses workloads against standards like PCI DSS, HIPAA, Azure’s own CIS, and NIST, helping you take stock of your official compliance status.

Security Center enables CSPM by providing a bird’s-eye view of vulnerabilities and generating alerts on potential attacks. Each alert is tagged with a level of severity so you can prioritize mitigation activities. Along with cloud-native workloads, IoT services, and data services, Security Center can protect Windows and Linux machines across environments from threats, thereby reducing the attack surface.

Container Security

Azure Security Center offers security baselining and assessment of container hosting environments such as AKS as well as VMs running Docker to identify potential misconfigurations and security loopholes. The hardening of Docker environments is enabled by monitoring against CIS Benchmarks with recommendations consolidated in Security Center. Similarly, monitoring and advanced threat detection are available for AKS nodes and clusters. You can also enable the Azure policy add-on for Kubernetes clusters to monitor requests for Kubernetes API servers against defined best practices before servicing them.

Meanwhile, Azure Defender protects AKS nodes and clusters from run-time vulnerabilities and infiltration by detecting suspicious activities like web shell detection, connection requests from suspicious IPs, privileged container provisioning, etc. Azure Defender also includes a Qualys integration to scan images pulled or pushed to Azure Container Registry. Any findings are classified and displayed in Security Center, allowing you to differentiate between healthy and unhealthy images.

Network Security Groups (NSGs)

NSGs act as the first line of network defense for workloads connected to Azure VNets. It filters inbound and outbound traffic via five tuple rules using source, source port, destination, destination port, and protocol. These groups can be associated with subnets or the NIC cards of virtual machines and come with a few default rules to allow inter-network communication and internet access. Network Security Groups additionally let you achieve fine-grained control over east-west and north-south traffic and help segregate your application component communication.

Azure Virtual Network

Azure VNet is the basic building block of networking in Azure and helps with the micro-segmentation of workloads, enabling the secure communication of connected workloads with other Azure resources, on-premises resources, and the internet. Resources in one Azure VNet cannot communicate with resources in a different VNet by default, unless explicitly connected through options like Peering, VPN, Private Link, etc. Another layer of security can be added by enabling NSGs in subnets inside the VNet. Additionally, you can use traffic shaping within the VNet by creating custom route tables, for example, if you want all traffic to be routed through a network virtual appliance for packet inspection.

VPN and Application Gateway

Azure VPN lets you securely connect to Azure resources from on-premises data-center networks through site-to-site connection or from individual machines using point-to-site connection. The traffic to Azure goes over the internet but through a secure, encrypted tunnel using SSTP, OpenVPN, or IPSec. While VPN connection works well in branch office scenarios, for assured connectivity backed by Azure SLAs, customers can opt for ExpressRoute, which is a dedicated connection from your on-premises data center to Azure Cloud.

Azure Application Gateway is a load balancer that operates at the application layer (OSI Layer 7) and redirects traffic to resources in the backend pool based on HTTP attributes. It features a web application firewall (WAF) that helps protect your application from common attacks, such as SQL injection attacks, cross-site scripting, HTTP request splitting, remote file inclusion, etc. It comes with a predefined set of security rules but also provides the flexibility to define your own rules. The service is based on OWASP ModSecurity Core Rule Set and is capable of automatically updating itself to protect your applications from new and evolving vulnerabilities.

Identity and Access Management (IAM)

In a cloud-driven world, Identity has emerged as the new security perimeter. Azure provides role-based access control (RBAC) enabled by Azure Active Directory (AD) to control access to hosted applications. It is recommended to follow the principle of least privilege (PoLP) so that users are given only the minimum access required for their work. This authorization is decided by the role assigned to the user, which can either be one of the built-in roles or a custom role defined by the administrator.

You can further tighten IAM through options like Just-in-time (JIT) access for VMs, shared access signature for storage, multi-factor authentication, etc. It is also important to log and track user activity through Azure AD audit logs and Azure activity logs to identify compromised identities and rogue users.

Enhancing Azure Security

While native tools and services often provide a good starting point, you also need tools with advanced capabilities to guardrail your applications from evolving threat actors in the cloud. The following additional capabilities are essential to ensure comprehensive cloud security:

• Visibility: Real-time cloud intrusion detection, network traffic visualization, and user activity analytics that deliver contextual information will help proactively identify and mitigate anomalies.
• Automation: Integrating automation into cloud security operations from day one through options like predefined templates and self-adaptive security policies will help avoid human error and misconfigurations.
• Compliance and Governance: Security reports tailored to showcase compliance and governance against industry standards will simplify your reporting and audit process.
• Minimizing Misconfiguration: Continuous assessment of your environment configurations against defined security standards and the automation of workflows and policy implementations will help minimize misconfigurations.
• Intelligence and Predictive Analytics: Threat hunting and predictive analytics powered by AI can help detect anomalies faster and generate real-time alerts on malicious activities.
• Workload/ Storage Protection (for Container and Serverless): Extend your security capabilities to containers and serverless to protect modern, microservices-based workloads.

CloudGuard can help you with all of the above, as it comes prebuilt with these features. It seamlessly integrates with your Azure-native tools and augments the security of your data and workloads hosted in Azure.

Can you view the regulatory compliance of your Azure resources in Azure Security Center?

Where can you go to check the regulatory compliance of your organization's Azure environment?

Can I download the regulatory compliance report from the Azure Security Center?

Can we download a regulatory compliance report from Microsoft Defender for cloud?