Azure Defender 简介Introduction to Azure Defender

Azure 安全中心的功能涵盖了云安全性的两大重要领域:Azure Security Center's features cover the two broad pillars of cloud security:

  • 云安全态势管理 (CSPM) - 安全中心对所有 Azure 用户均免费。Cloud security posture management (CSPM) - Security Center is available for free to all Azure users. 免费体验包括 CSPM 功能,如安全功能分数、Azure 计算机中的安全错误配置检测、资产清单等。The free experience includes CSPM features such as secure score, detection of security misconfigurations in your Azure machines, asset inventory, and more. 使用这些 CSPM 功能增强混合云态势,并跟踪内置策略的合规性。Use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies.

  • 云工作负载保护 (CWP) - 集成到安全中心内部的云工作负载保护平台 (CWPP),用于为 Azure 和混合资源及工作负载提供高级智能的保护。Cloud workload protection (CWP) - Security Center's integrated cloud workload protection platform (CWPP), Azure Defender, brings advanced, intelligent, protection of your Azure and hybrid resources and workloads. 启用 Azure Defender 可带来一系列其他安全功能,如本页所述。Enabling Azure Defender brings a range of additional security features as described on this page. 启用任何 Azure Defender 计划后,除了内置策略,还可以添加自定义策略和计划。In addition to the built-in policies, when you've enabled any Azure Defender plan, you can add custom policies and initiatives. 可以添加法规标准(例如 NIST 和 Azure CIS)以及 Azure 安全基准,以获得真正的合规性自定义视图。You can add regulatory standards - such as NIST and Azure CIS - as well as the Azure Security Benchmark for a truly customized view of your compliance.

可在你的环境中使用安全中心的 Azure Defender 仪表板显示和控制 CWP 功能:The Azure Defender dashboard in Security Center provides visibility and control of the CWP features for your environment:

Azure Defender 仪表板示例

Azure Defender 可以保护哪些资源类型?What resource types can Azure Defender secure?

Azure Defender 为虚拟机、SQL 数据库、容器等提供安全警报和高级威胁防护。Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, and more.

从 Azure 安全中心的“定价和设置”区域启用 Azure Defender 时,将同时启用以下 Defender 计划,并为环境的计算、数据和服务层提供全面防护:When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously and provide comprehensive defenses for the compute, data, and service layers of your environment:

安全中心的文档对其中每个计划单独进行了介绍。Each of these plans is explained separately in the Security Center documentation.

Azure Defender 安全警报Azure Defender security alerts

当 Azure Defender 检测到环境中的任何区域遭到威胁时,会生成安全警报。When Azure Defender detects a threat in any area of your environment, it generates a security alert. 这些警报会描述受影响资源的详细信息、建议的修正步骤,在某些情况下还会提供触发逻辑应用作为响应的选项。These alerts describe details of the affected resources, suggested remediation steps, and in some cases an option to trigger a logic app in response.

无论警报是由安全中心生成,还是由安全中心从集成的安全产品接收,你都可以导出该警报。Whether an alert is generated by Security Center, or received by Security Center from an integrated security product, you can export it. 若要将警报导出到任何第三方 SIEM 或任何其他外部工具,请按照将警报流式传输到 SIEM、SOAR,或 IT 服务管理解决方案中的说明操作。To export your alerts to any third-party SIEM, or any other external tool, follow the instructions in Stream alerts to a SIEM, SOAR, or IT Service Management solution.

备注

来自不同源的警报可能在不同的时间后出现。Alerts from different sources might take different amounts of time to appear. 例如,需要分析网络流量的警报的出现时间,可能比虚拟机上运行的可疑进程的相关警报要晚一些。For example, alerts that require analysis of network traffic might take longer to appear than alerts related to suspicious processes running on virtual machines.

Azure Defender 高级保护功能Azure Defender advanced protection capabilities

Azure Defender 在定制与资源相关的建议时会使用高级分析。Azure Defender uses advanced analytics for tailored recommendations related to your resources.

保护措施包括使用实时访问和自适应应用程序控件保护 VM 的管理端口,创建允许列表来确定在计算机上应或不应运行哪些应用。Protections include securing the management ports of your VMs with just-in-time access and adaptive application controls to create allow lists for what apps should and shouldn't run on your machines.

使用 Azure Defender 仪表板中的高级保护磁贴来监视和配置每种保护措施。Use the advanced protection tiles in the Azure Defender dashboard to monitor and configure each of these protections.

漏洞评估和管理Vulnerability assessment and management

Azure Defender 为你的虚拟机和容器注册表提供漏洞扫描,且无需额外付费。Azure Defender includes vulnerability scanning for your virtual machines and container registries at no extra cost. 扫描程序由 Qualys 提供支持,但你无需具备 Qualys 许可证,甚至也不需要 Qualys 帐户 - 所有操作都在安全中心内无缝执行。The scanners are powered by Qualys but you don't need a Qualys license or even a Qualys account - everything's handled seamlessly inside Security Center.

查看这些漏洞扫描程序中的发现结果,并相应从安全中心内部作出全部响应。Review the findings from these vulnerability scanners and respond to them all from within Security Center. 这使安全中心更接近于用于集中了解所有云安全工作情况的统一视窗。This brings Security Center closer to being the single pane of glass for all of your cloud security efforts.

通过以下页面了解详细信息:Learn more on the following pages:

后续步骤Next steps

本文介绍了 Azure Defender 的优点。In this article, you learned about the benefits of Azure Defender.