BT

New Security Capabilities Available in Azure Operations Management Suite

by Kent Weare on Mar 13, 2016 |

 

On February 25th, 2016 Microsoft announced updates to their Operations Management Suite (OMS).  The updates, in this particular iteration of the service, are focused on the security and audit portions of the suite and target user experience, additional capabilities and features.

Microsoft has introduced OMS to address customer needs in the areas of monitoring and managing their on-premises and cloud based workloads. The suite is a collection of tools that support the orchestration and deployment of applications, automation through the use of runbooks, audit and compliance, site backup, disaster recovery and analyzing threats.  Technology journalist, Mary Branscombe, considers the suite to be more than just a collection of tools: “OMS is an Azure cloud service, rather than a tool you need to install in your own servers. And it's not just for managing Azure; it works with any instance in Amazon Web Services and other clouds, managing Windows Server, Linux, VMware and OpenStack. Plus, you can integrate your own servers, including Linux hosts, as well as PowerShell DSC nodes.”

In a recent blog post, the Microsoft Server and Cloud Platform Team have provided details on the new capabilities in the service.

New Security Dashboard

The entry point for Security and Audit information has changed.  The dashboard contains an array of widgets which target the most recent 24 hours of activity.  OMS is still collecting data beyond 24 hours and you can configure different time windows to better suit your needs. The widgets focus on Threat Intelligence, Notable Issues, Security Domains and other capabilities. 

Image Source: https://blogs.technet.microsoft.com/systemcenter/2016/02/25/new-security-capabilities-in-operations-management-suite/

Threat Intelligence

Microsoft runs a lot of public and private cloud bases services.  As a result, they have some insight into the global threat landscape. Microsoft feels that as a result of the amount of information they collect, they can provide additional value to their customers through this service: “the insights we derive, informed by trillions of signals from billions of sources, create an intelligent security graph that we use to inform how we protect all endpoints, better detect attacks and accelerate our response. We know, for example, where attacks came from and able to identify malicious IP addresses. Our goal is to enable our customers to benefit from this knowledge to protect their resources.”

Both inbound and outbound customer threats are highlighted on a map.  A yellow pushpin is an indicator of inbound traffic coming from a malicious IP address.  Red pushpins indicate outbound traffic to malicious IP addresses.

In both inbound and outbound traffic scenarios, Microsoft will use data collected from IIS, WireData and Windows Firewall logs to determine communication patterns. Using the information highlighted in on the map, security administrators can then blacklist, or prevent, communication to these malicious IP Addresses.

Image Source: https://blogs.technet.microsoft.com/systemcenter/2016/02/25/new-security-capabilities-in-operations-management-suite/

Notable Issues

Another feature, called Notable Issues, will display issues that aid in administrators enforcing compliance policies. For example, machines that do not have current security updates or are missing anti-malware software can be flagged.

Image Source: https://blogs.technet.microsoft.com/systemcenter/2016/02/25/new-security-capabilities-in-operations-management-suite/

Security Domains

In this feature, security logs are collected from machines in a customer's environment.  Events such as key file operations, cryptographic operations, successful and unsuccessful login attempts and others will be tracked. Administrators also have the ability to query for specific events across a set of machines or users.

Microsoft plans to further evolve the service and is working on its next set of features that will be released, including:

  • Harmonization with other Microsoft security offerings including Azure Security Center, Advanced Threat Analytics and Office Advanced Threat Production.
  • Linux support currently exists in the areas of authentication and authorization event collection, but Microsoft will add additional collection capabilities to cover additional scenarios.
  • Third-party Security Solutions data may be ingested into OMS which will allow customers to use a single pane of glass to monitor their overall security landscape.
  • Additional domain dashboards will be added to OMS including dashboards focusing on identity and network.

Rate this Article

Relevance
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss
General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2016 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT