Azure Intrusion Detection

Take Advantage of
Comprehensive Intrusion
Detection Capabilities for Your
Azure Environment

Career Builder, IPG Mediabrands, Vitacost, Pappas Restaurants, U.S. Air Force, Indiana State University
THSB, Ziosk, Save Mart Supermarkets, High Plains Bank, Epsilon Systems Solutions, Pepco Holdings Inc
Lifespan Bioscience, Arcos Dorados Holdings, Bluegrass Cellular, Bank of Ireland, Hays Medical Center, Taylor-Morrison
National Film Board of Canada, Richland Washington School District, PWC, Delta Sonic, Shake Shack, Miami Parking Authority
Brookfield Zoo, SENA Colombia, Hawaiian Telcom, City of Fargo, Rainforest Alliance, HSB
Crawford Insurance, FoleyCAT, Pittsburgh Technical College, YMCA, Payoff, Crosskey Bank
Horizon Health Services, BAE Systems, Dominos, Food Services, GameStop, OshKosh
Food Services, GameStop, OshKosh, Steelcase, Tinder, Cambridge University
Kubota, Party Delights, DHL Deutsche Post, Howard Bank, Mollie Stone's, proactiv


Explore USM Anywhere with Our Online Demo!

Azure Intrusion Detection

In establishing your Azure cloud defenses, you first need to understand that an intrusion detection system (IDS) in Azure is fundamentally different than an IDS in on-premises environments. In Azure, you don’t manage the underlying network infrastructure, making it difficult to access packet-level information using port mirroring, taps or traditional network-based methods. The one benefit to this is that Microsoft is responsible for securing their infrastructure, as they operate under the shared responsibility model. However, you are still responsible for monitoring and securing your applications running in Azure.

Azure does provide a management plane to help you monitor activity in your Azure cloud environment. The management plane is essentially the APIs that configure, monitor, and control your Azure cloud environment. Direct access to the Azure API is critical for delivering intrusion detection capabilities. For complete Azure intrusion detection, you need a comprehensive cloud IDS solution that is natively built for the Azure environment and provides essential Azure IDS and security monitoring capabilities.

AlienVault® USM Anywhere™ includes an Azure sensor that enables direct access to the Azure API. This allows you to automatically monitor your Azure environment and quickly detect assets, identify threats, and gain remediation guidance. Purpose-built for the Azure cloud, USM Anywhere delivers five essential security monitoring features, including asset discovery, intrusion detection, vulnerability scanning, behavioral monitoring, and Security Information and Event Management (SIEM). AlienVault USM Anywhere’s integrated Azure IDS approach gives you the visibility you need to detect threats across your Azure cloud environment.

AlienVault USM Anywhere delivers complete Azure intrusion detection and security monitoring with these critical capabilities:

Comprehensive Azure Intrusion Detection

  • Direct access to the Azure API and the cloud management plane
  • Purpose-built for the Azure cloud
  • Leverages the shared security model

Continuous Security Monitoring of Your Azure Environment

  • Continuous monitoring for advanced threat detection
  • Ability to monitor shadow IT
  • Helps achieve compliance with regulatory standards

Integrated Threat Intelligence

  • Spot the latest threats targeting your Azure environment with continuous threat intelligence updates
  • Pre-built correlation rules eliminate the need for you to create your own
  • Focus on remediating vulnerabilities and responding to threats rather than researching every alert

AlienVault Is Trusted & Verified

AlienVault makes compliance a top priority for your organization and for ours. We have adopted the NIST Cybersecurity Framework (CSF), aligning our security controls and processes with industry-proven security best practices. We use our own USM platform to demonstrate and maintain compliance, working with third-party auditors to regularly test our systems, controls, and processes.

See How We Secure Your Data

GDPR Ready
Hippa Complaint
PCI DSS Compliance
ISO Certified
AWS Security Competency
Microsoft Azure Certified

* The ISMS that governs USM Anywhere, USM Central

Comprehensive Azure Intrusion Detection

There are some unique aspects of intrusion detection in the Azure cloud that you need to account for. Because Microsoft controls the Azure network, you don’t have easy access to the low-level network traffic, and so you are not able to employ your traditional network IDS tools. However, as defined in the Azure shared responsibility model, Microsoft has responsibility for locking down its network. However, you’re still responsible for securing your applications and systems running in Azure. And while Microsoft provides some tools to assist you, including Azure Security Groups, you still need to do more.

This brings us to the management plane, which is the critical aspect of the cloud that affords you security control capabilities. The management plane is the web interface and the APIs that configure, monitor, and control your Azure cloud environment. This is essentially the key to your Azure kingdom, so you need to lock it down. However, access to the management plane also provides a security controls opportunity. By accessing the Azure management plane, you can ensure that every VM spun up has proper monitoring enabled and data flowing into your systems. You can analyze the complete history of every action taken with complete traceability back to the source. This gives you a new mechanism for detecting threats.

To capture the security benefits of the management plane, you need a solution that accesses the Azure API directly. USM Anywhere, with its purpose-built Azure sensor, delivers the capabilities you need for comprehensive intrusion detection in Azure. USM Anywhere has been purpose built to run in Azure and monitor the Azure cloud. It directly accesses the Azure API to monitor all activity and discover all VMs in your Azure environment. Combined with USM Anywhere’s Hyper-V and VMware sensors, USM Anywhere gives you the visibility you need across all your cloud and on-premises environments to detect and respond to threats.

Continuous Monitoring of Your Azure Environment

One of the promises of the cloud, namely the flexibility and scale it provides, is also the source of one of its security weaknesses. Specifically, your Azure cloud environment is constantly changing as you spin up new instances or change configurations. In some cases, this may be done frequently on a daily or even hourly basis. In addition, folks in your organization may be doing things that you aren’t aware of. This is called ‘Shadow IT’, which refers to employees introducing rogue services or bringing rogue assets into your corporate network. New cloud security risks may be manifesting themselves on an hourly basis.

The need to monitor for Shadow IT activity drives the need for solutions that provide continuous security monitoring of all activity in the cloud. You need a solution that continuously monitors your Azure cloud environment and delivers Azure IDS functionality.

This ongoing monitoring of your Azure environment is also important for compliance purposes. Many regulatory requirements, including PCI DSS and GLBA require continuous monitoring capabilities. As you move workloads to Azure, you need a solution that performs this continuous Azure security monitoring.

USM Anywhere with its native Azure sensor delivers continuous security monitoring of your Azure environment. With its direct Azure API integration, USM Anywhere monitors all activity and detects changes in your Azure environment to deliver critical Azure IDS capabilities and help you monitor Shadow IT. And USM Anywhere’s security monitoring capabilities help ensure compliance with many regulatory requirements.

CRN Cloud PPG 2018
CRN Security 100 2018
SC Media 3.75 -Star
SC Magazine Awards 2018 Europe Winner
Forbes Cloud 100 2017
Deloitte Fast 500
Cybersecurity Excellence Awards Winner 2018
Recognized as a “Leader” in Summer 2018
Ranked #1 for Threat Intelligence Platforms
Watch a Demo ›