Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge
Find out how HCI cuts down virtualization costs and complexity

How can you Leverage the Azure Security Center and the Vulnerability Assessment

  • December 26, 2016
  • 5 min read
Augusto Alvarez
Augusto is currently working as Principal Consultant in Dell EMC, originally from Argentina and now based in the US. His role currently is designing customer requirements into specific systems and processes; also performing technical briefings; leading architectural design sessions and proofs of concept. Augusto is also the author from two published App-V books: “Getting Started Microsoft Application Virtualization 4.6” and “Microsoft Application Virtualization Advanced Guide”.
Augusto is currently working as Principal Consultant in Dell EMC, originally from Argentina and now based in the US. His role currently is designing customer requirements into specific systems and processes; also performing technical briefings; leading architectural design sessions and proofs of concept. Augusto is also the author from two published App-V books: “Getting Started Microsoft Application Virtualization 4.6” and “Microsoft Application Virtualization Advanced Guide”.

We’ve discussed in previous posts about Azure and the security topic as being one of the most critical ones for customers and therefore to Microsoft as well. Because of that, the Redmond based company has been including several new enhancements and features into Azure Security Center. One of the latest is the integrated vulnerability assessment.

Azure Security Center

The vulnerability assessment is nothing more than a recommendation within Azure Security Center, and currently this assessment is provided by Qualys on a subscription base (free trial available). You can enable the vulnerability assessment on VM basis by using an agent.

Some of the key features available in this vulnerability assessment are:

  • Identify, classify and monitor assets and vulnerabilities
  • Prioritize their remediation
  • Comply with internal and external policies
  • Automatically find and eradicate malware infections on your websites

Once deployed, Qualys agent will start reporting vulnerability data to the partner’s management platform which in turn, provides vulnerability and health monitoring data back to Azure Security Center.

Here’s a simple step-by-step to enable Azure’s vulnerability assessment within Security Center:

  1. In the Resource security health tile, click Virtual Machines.
  2. In the Virtual machines blade, select “Vulnerability assessment not installed

Azure Security Center

  1. In the Add a vulnerability assessment solution – PREVIEW blade, select the VMs that you want to install the vulnerability assessment solution.
  1. In the Add a vulnerability assessment solution – PREVIEW blade, click Install on the VMs option and the Add Vulnerability Assessment blade appears: azure security center
  2. In this blade you can choose to create a new vulnerability assessment, which allows you to select a partner solution from Azure Marketplace or you can select an existing partner solution under use existing solution, in this case Qualys.
  3. The partner’s blade will open. The fields shown in this blade may change according to the partner, for this example using Qualys should show something like this: Qualys
  4. Complete the information related to the subscription (you can use the free trial option here to add the license and public key).
  5. Once enabled, it is recommended to wait 12 hours until the agents have completed the analysis and are being able to inform back to Azure Security Center.
  6. These issues will be surfaced under the Virtual Machines Recommendations options.

Azure Security Center Virtual Machines Recommendations

  1. Accessing to that selected recommendation shows that the detection was performed by Qualys. If you click on this recommendation, a new blade with a list of vulnerabilities will appear:

Qualys Remediate vulnerabilities

For this example, the vulnerability Enable DCOM was selected and a new blade appears with the recommended steps to address this vulnerability.

Vulnerability found by Qualys

Related materials:

Tags
Found Augusto’s article helpful? Looking for a reliable, high-performance, and cost-effective shared storage solution for your production cluster?
Dmytro Malynka
Dmytro Malynka StarWind Virtual SAN Product Manager
We’ve got you covered! StarWind Virtual SAN (VSAN) is specifically designed to provide highly-available shared storage for Hyper-V, vSphere, and KVM clusters. With StarWind VSAN, simplicity is key: utilize the local disks of your hypervisor hosts and create shared HA storage for your VMs. Interested in learning more? Book a short StarWind VSAN demo now and see it in action!