As customers expand the boundaries of their environments to hybrid cloud, they often prefer to bring their trusted partners with them. Azure Marketplace includes a variety of security solutions from leading vendors. Azure Security Center takes this a step further, by partnering with these vendors to provide an integrated experience in Azure, while relying on Marketplace for partner certification and billing.
Security Center integrates with Endpoint Protection (Trend Micro), Web Application Firewall (Barracuda, F5, Imperva and soon Microsoft WAF and Fortinet), Next Generation Firewall (Check Point, Barracuda and soon Fortinet and Cisco) solutions. And just last week at Microsoft Ignite, we released integration with Vulnerability Assessment (Qualys – preview) solutions. If you missed the Azure Security Center session where these integrations were highlighted, you can catch it on demand. During FY17, Security Center will both expand the number of partners within these existing categories and introduce new categories.
So, why use Security Center to deploy and monitor security solutions from partners?
Ease of deployment: Deploying a partner solution by following the Security Center recommendation is much easier. The deployment process can be fully automated using a default configuration and network topology, or customers can choose a semi-automated option to allow more flexibility and customization of the configuration.
Integrated Detections: Security events from partner solutions are automatically collected, aggregated and displayed as part of Security Center alerts and incidents. These events are also fused with detections from other sources to provide advanced threat detection capabilities.
Unified Health Monitoring and Management: Integrated health events allow customers to monitor all partner solutions at a glance. Basic management is available with easy access to advanced configuration using the partner solution.
Export to SIEM: Customers can now export all Security Center and partners’ alerts in CEF format to on-premise SIEM systems using Microsoft Azure Log Integration (preview)
Currently, to leverage this advanced level of integration, partner solutions must be deployed from Security Center, by following a recommendation. Partner packages that are deployed directly from the Azure Marketplace or through automation, are not yet supported. Security Center plans to add this support over the next year where partner solutions will be auto discovered and connected to Security Center, regardless of their mode of deployment.
Interested in learning more on Azure Security Center and its partner ecosystem integration?
Managing security recommendations in Azure Security Center
Monitoring partner solutions with Azure Security Center
Integrating Security Center alerts with Azure log integration (Preview)
Security Resource Provider REST API Reference
Quelle: Azure
Published by