Azure Intrusion Detection (IDS) | AlienVault

Azure Intrusion Detection

Take Advantage of
Comprehensive Intrusion
Detection Capabilities for Your
Azure Environment

Career Builder
IPG Mediabrands
Dole Foods
Pappas Restaurants
U.S. Air Force
Indiana State University
Save Mart Supermarkets
High Plains Bank
Epsilon Systems Solutions
Pepco Holdings Inc
Lifespan Bioscience
Arcos Dorados Holdings
Bluegrass Cellular
Bank of Ireland
Hays Medical Center
National Film Board of Canada
Richland Washington School District
Delta Sonic
Shake Shack
Miami Parking Authority
Brookfield Zoo
Southwest Bank
Hawaiian Telcom
City of Fargo
Rainforest Alliance
Crawford Insurance
Pittsburgh Technical College
Apple Bank
Horizon Health Services
BAE Systems
Food Services


Explore USM Anywhere with Our Online Demo!

Azure Intrusion Detection

In establishing your Azure cloud defenses, you first need to understand that an intrusion detection system (IDS) in Azure is fundamentally different than an IDS in on-premises environments. In Azure, you don’t manage the underlying network infrastructure, making it difficult to access packet-level information using port mirroring, taps or traditional network-based methods. The one benefit to this is that Microsoft is responsible for securing their infrastructure, as they operate under the shared responsibility model. However, you are still responsible for monitoring and securing your applications running in Azure.

Azure does provide a management plane to help you monitor activity in your Azure cloud environment. The management plane is essentially the APIs that configure, monitor, and control your Azure cloud environment. Direct access to the Azure API is critical for delivering intrusion detection capabilities. For complete Azure intrusion detection, you need a comprehensive cloud IDS solution that is natively built for the Azure environment and provides essential Azure IDS and security monitoring capabilities.

AlienVault® USM Anywhere™ includes an Azure sensor that enables direct access to the Azure API. This allows you to automatically monitor your Azure environment and quickly detect assets, identify threats, and gain remediation guidance. Purpose-built for the Azure cloud, USM Anywhere delivers five essential security monitoring features, including asset discovery, intrusion detection, vulnerability scanning, behavioral monitoring, and Security Information and Event Management (SIEM). AlienVault USM Anywhere’s integrated Azure IDS approach gives you the visibility you need to detect threats across your Azure cloud environment.

AlienVault USM Anywhere delivers complete Azure intrusion detection and security monitoring with these critical capabilities:

Comprehensive Azure Intrusion Detection

  • Direct access to the Azure API and the cloud management plane
  • Purpose-built for the Azure cloud
  • Leverages the shared security model

Continuous Security Monitoring of Your Azure Environment

  • Continuous monitoring for advanced threat detection
  • Ability to monitor shadow IT
  • Helps achieve compliance with regulatory standards

Integrated Threat Intelligence

  • Spot the latest threats targeting your Azure environment with continuous threat intelligence updates
  • Pre-built correlation rules eliminate the need for you to create your own
  • Focus on remediating vulnerabilities and responding to threats rather than researching every alert
  • PCI DSS Level 1 Service Provider
  • SOC 2 Type 2 Certified Compliant
  • Attestation of HIPAA Compliance
  • AWS Security Competency Achieved
  • Microsoft Azure Certified

We’re Trusted & Verified.

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices.

We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes. AlienVault is certified compliant for several regulatory and cybersecurity standards, including PCI DSS and HIPAA, among others.

see How We Secure your data

Comprehensive Azure Intrusion Detection

There are some unique aspects of intrusion detection in the Azure cloud that you need to account for. Because Microsoft controls the Azure network, you don’t have easy access to the low-level network traffic, and so you are not able to employ your traditional network IDS tools. However, as defined in the Azure shared responsibility model, Microsoft has responsibility for locking down its network. However, you’re still responsible for securing your applications and systems running in Azure. And while Microsoft provides some tools to assist you, including Azure Security Groups, you still need to do more.

This brings us to the management plane, which is the critical aspect of the cloud that affords you security control capabilities. The management plane is the web interface and the APIs that configure, monitor, and control your Azure cloud environment. This is essentially the key to your Azure kingdom, so you need to lock it down. However, access to the management plane also provides a security controls opportunity. By accessing the Azure management plane, you can ensure that every VM spun up has proper monitoring enabled and data flowing into your systems. You can analyze the complete history of every action taken with complete traceability back to the source. This gives you a new mechanism for detecting threats.

To capture the security benefits of the management plane, you need a solution that accesses the Azure API directly. USM Anywhere, with its purpose-built Azure sensor, delivers the capabilities you need for comprehensive intrusion detection in Azure. USM Anywhere has been purpose built to run in Azure and monitor the Azure cloud. It directly accesses the Azure API to monitor all activity and discover all VMs in your Azure environment. Combined with USM Anywhere’s Hyper-V and VMware sensors, USM Anywhere gives you the visibility you need across all your cloud and on-premises environments to detect and respond to threats.

Continuous Monitoring of Your Azure Environment

One of the promises of the cloud, namely the flexibility and scale it provides, is also the source of one of its security weaknesses. Specifically, your Azure cloud environment is constantly changing as you spin up new instances or change configurations. In some cases, this may be done frequently on a daily or even hourly basis. In addition, folks in your organization may be doing things that you aren’t aware of. This is called ‘Shadow IT’, which refers to employees introducing rogue services or bringing rogue assets into your corporate network. New cloud security risks may be manifesting themselves on an hourly basis.

The need to monitor for Shadow IT activity drives the need for solutions that provide continuous security monitoring of all activity in the cloud. You need a solution that continuously monitors your Azure cloud environment and delivers Azure IDS functionality.

This ongoing monitoring of your Azure environment is also important for compliance purposes. Many regulatory requirements, including PCI DSS and GLBA require continuous monitoring capabilities. As you move workloads to Azure, you need a solution that performs this continuous Azure security monitoring.

USM Anywhere with its native Azure sensor delivers continuous security monitoring of your Azure environment. With its direct Azure API integration, USM Anywhere monitors all activity and detects changes in your Azure environment to deliver critical Azure IDS capabilities and help you monitor Shadow IT. And USM Anywhere’s security monitoring capabilities help ensure compliance with many regulatory requirements.

alienvault labs

Actionable Threat Intelligence Delivered Directly to You

Most teams don’t have unlimited resources to research the latest threats in the wild. That’s why the AlienVault Labs Security Research Team works on your behalf to scour the global threat landscape for emerging latest attack methods, bad actors, and vulnerabilities that could impact your security. This team analyzes hundreds of thousands of threat indicators daily and delivers continuous threat intelligence updates automatically to your USM environment, in the form of actionable IDS signatures, correlation rules, remediation guidance, and more. With this integrated threat intelligence subscription, you always have the most up-to-date threat intelligence as you monitor your environment for emerging threat.

To provide deeper and wider insight into attack trends and bad actors, the AlienVault Labs Security Research Team leverages the power of the Open Threat Exchange® (OTX™)—the world’s first truly open threat intelligence community. This community of security researchers and IT professionals collaborate and share millions of threat artifacts as they emerge “in the wild,” so you get global insight into attack trends and bad actors that could impact your operations.

Learn More About Threat Intelligence ›

SC Media 5-Star
CRN Security 100 2017
CRN Cloud PPG 2017
SC Magazine Awards 2017 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2017
Watch a Demo ›