Azure 安全中心的新增功能有哪些?What's new in Azure Security Center?

Azure 安全措施正处于积极开发阶段,并不断地获得改进。Azure Security is in active development and receives improvements on an ongoing basis. 为了让大家随时了解最新的开发成果,本页将提供以下方面的信息:To stay up to date with the most recent developments, this page provides you with information about:

  • 新增功能New features
  • Bug 修复Bug fixes
  • 已弃用的功能Deprecated functionality

本页面会定期更新,请不时回来查看。This page is updated regularly, so revisit it often. 如果要查找早于 6 个月的项,可以在 Azure 安全中心新增功能存档中找到它们。If you're looking for items older than six months, you'll find them in the Archive for What's new in Azure Security Center.

2020 年 5 月May 2020

对实时 (JIT) 虚拟机 (VM) 访问的更改Changes to just-in-time (JIT) virtual machine (VM) access

安全中心包含一项可选功能,用于保护 VM 的管理端口。Security Center includes an optional feature to protect the management ports of your VMs. 这可针对最常见的暴力攻击形式提供防护。This provides a defense against the most common form of brute force attacks.

此更新对此功能进行了以下更改:This update brings the following changes to this feature:

  • 建议你在 VM 上启用 JIT 的建议已重命名。The recommendation that advises you to enable JIT on a VM has been renamed. 以前的“应在虚拟机上应用实时网络访问控制”现在是:“应通过实时网络访问控制来保护虚拟机的管理端口”。Formerly, "Just-in-time network access control should be applied on virtual machines" it's now: "Management ports of virtual machines should be protected with just-in-time network access control".

  • 此建议已设置为仅当存在打开的管理端口时才触发。The recommendation has been set to be triggered only if there are open management ports.

详细了解 JIT 访问功能Learn more about the JIT access feature.

自定义建议已移到单独的安全控件中Custom recommendations have been moved to a separate security control

随增强的安全评分功能引入的安全控件之一是“实现安全最佳做法”。One of the security controls introduced with the enhanced secure score was "Implement security best practices". 为你的订阅创建的任何自定义建议都会自动放置在该控件中。Any custom recommendations created for your subscriptions were automatically placed in that control.

为了更轻松地查找自定义建议,我们已将它们移到专用安全控件“自定义建议”中。To make it easier to find your custom recommendations, we've moved them into a dedicated security control, "Custom recommendations". 此控件不会对安全评分产生任何影响。This control has no impact on your secure score.

若要详细了解安全控件,请参阅 Azure 安全中心内的增强安全评分(预览版)Learn more about security controls in Enhanced secure score (preview) in Azure Security Center.

添加了查看建议时用于在控件视图与平面列表视图之间进行切换的一个开关Toggle added to view recommendations in controls or as a flat list

安全控件是相关安全建议的逻辑组。Security controls are logical groups of related security recommendations. 它们反映了你的受攻击面。They reflect your vulnerable attack surfaces. 控件是一组安全建议,其中包含有助于实现这些建议的说明。A control is a set of security recommendations, with instructions that help you implement those recommendations.

若要立即查看你的组织对每个单独攻击面的保护力度,请查看每个安全控件的分数。To immediately see how well your organization is securing each individual attack surface, review the scores for each security control.

默认情况下,你的建议显示在安全控件中。By default, your recommendations are shown in the security controls. 从此更新起,还可以将它们显示为列表。From this update you can also display them as a list. 若要将它们显示为按受影响资源的运行状况排序的简单列表,请使用新开关“按控件分组”。To view them as simple list sorted by the health status of the affected resources, use the new toggle 'Group by controls'. 此开关在门户中位于列表上方。The toggle is above the list in the portal.

安全控件(和此开关)是新的安全评分体验的一部分。The security controls - and this toggle - are part of the new secure score experience. 请记得从门户中向我们发送你的反馈。Remember to send us your feedback from within the portal.

若要详细了解安全控件,请参阅 Azure 安全中心内的增强安全评分(预览版)Learn more about security controls in Enhanced secure score (preview) in Azure Security Center.

帐户安全建议已移到“安全最佳做法”安全控件中Account security recommendations moved to "Security best practices" security control

随增强的安全评分功能引入的安全控件之一是“安全最佳做法”。One of the security controls introduced with the enhanced secure score is "Security best practices". 如果某个建议位于此控件中,则它不会影响安全评分。When a recommendation is in this control, it doesn't impact the secure score.

通过此更新,三个建议移出了它们最初所在的控件,移到了此最佳做法控件中。With this update, three recommendations have moved out of the controls in which they were originally placed, and into this best practices control. 我们执行此步骤是因为我们已确定这三个建议的风险比最初想象的要低。We've taken this step because we've determined that the risk of these three recommendations is lower than was initially thought.

这三个建议是:The recommendations are:

  • 应在对订阅拥有读取权限的帐户上启用 MFA(最初在“启用 MFA”控件中)MFA should be enabled on accounts with read permissions on your subscription (originally in the "Enable MFA" control)
  • 应从订阅中删除拥有读取权限的外部帐户(最初在“管理访问和权限”控件中)External accounts with read permissions should be removed from your subscription (originally in the "Manage access and permissions" control)
  • 最多为订阅指定 3 个所有者(最初在“管理访问和权限”控件中)A maximum of 3 owners should be designated for your subscription (originally in the "Manage access and permissions" control)

若要详细了解安全控件,请参阅 Azure 安全中心内的增强安全评分(预览版)Learn more about security controls in Enhanced secure score (preview) in Azure Security Center.

采用自定义元数据的自定义策略已正式发布Custom policies with custom metadata generally available

自定义策略现在是安全中心建议体验、安全评分和合规性标准仪表板的一部分。Custom policies are now part of the Security Center recommendations experience, secure score, and the regulatory compliance standards dashboard. 此功能现已正式发布,可让你在安全中心扩展组织的安全评估覆盖范围。This feature is now generally available and allows you to extend your organization's security assessment coverage in Security Center.

在 Azure 策略中创建自定义计划,向其添加策略并将其加入到 Azure 安全中心,然后将其可视化为建议。Create a custom initiative in Azure policy, add policies to it and onboard it to Azure Security Center, and visualize it as recommendations.

现在,我们还添加了用于编辑自定义建议元数据的选项。We've now also added the option to edit the custom recommendation metadata. 元数据选项包括严重性、修正步骤、威胁信息,等等。Metadata options include severity, remediation steps, threats information, and more.

详细了解如何利用详细信息增强你的自定义建议Learn more about enhancing your custom recommendations with detailed information.

2020 年 4 月April 2020

动态合规性包现已正式发布Dynamic compliance packages now generally available

Azure 安全中心合规性仪表板现在包括了动态合规性包(现已正式发布),用于跟踪更多行业和法规标准。The Azure Security Center regulatory compliance dashboard now includes dynamic compliance packages (now generally available) to track additional industry and regulatory standards.

可以通过安全中心安全策略页将动态合规性包添加到订阅或管理组。Dynamic compliance packages can be added to your subscription or management group from the Security Center security policy page. 如果你已加入某个标准或基准,则该标准会显示在你的合规性仪表板中,所有关联的合规性数据都会映射为评估。When you've onboarded a standard or benchmark, the standard appears in your regulatory compliance dashboard with all associated compliance data mapped as assessments. 已加入的所有标准的汇总报表将可供下载。A summary report for any of the standards that have been onboarded will be available to download.

现在,你可以添加如下标准:Now, you can add standards such as:

  • NIST SP 800-53 R4NIST SP 800-53 R4
  • SWIFT CSP CSCF-v2020SWIFT CSP CSCF-v2020
  • UK OFFICIAL 和 UK NHSUK Official and UK NHS
  • 加拿大联邦 PBMMCanada Federal PBMM
  • Azure CIS 1.1.0(新) (这是 Azure CIS 1.1.0 的更完整表示形式)Azure CIS 1.1.0 (new) (which is a more complete representation of Azure CIS 1.1.0)

此外,我们最近添加了 Azure 安全基准,它是由 Microsoft 基于公用合规性框架编写的特定于 Azure 的安全性和合规性最佳做法准则。In addition, we've recently added the Azure Security Benchmark, the Microsoft-authored Azure-specific guidelines for security and compliance best practices based on common compliance frameworks. 当有更多标准可用时,仪表板会支持它们。Additional standards will be supported in the dashboard as they become available.

详细了解如何在合规性仪表板中自定义标准集Learn more about customizing the set of standards in your regulatory compliance dashboard.

标识建议现在已包括在 Azure 安全中心免费层中Identity recommendations now included in Azure Security Center free tier

Azure 安全中心免费层上针对标识和访问的安全建议现已正式发布。Security recommendations for identity and access on the Azure Security Center free tier are now generally available. 这是为了使云安全状况管理 (CSPM) 功能免费而做的工作的一部分。This is part of the effort to make the cloud security posture management (CSPM) features free. 到目前为止,这些建议仅适用于标准定价层。Until now, these recommendations were only available on the standard pricing tier.

标识和访问建议的示例包括:Examples of identity and access recommendations include:

  • “应在对订阅拥有所有者权限的帐户上启用多重身份验证。”"Multifactor authentication should be enabled on accounts with owner permissions on your subscription."
  • “最多只为订阅指定三个所有者。”"A maximum of three owners should be designated for your subscription."
  • “应从订阅中删除弃用的帐户。”"Deprecated accounts should be removed from your subscription."

如果你在免费定价层上拥有订阅,则其安全评分将受此更改影响,因为之前从未对其标识和访问安全性进行评估。If you have subscriptions on the free pricing tier, their secure scores will be impacted by this change because they were never assessed for their identity and access security.

详细了解标识和访问建议Learn more about identity and access recommendations. 详细了解如何监视标识和访问Learn more about monitoring identity and access.

2020 年 3 月March 2020

Azure 安全中心与 Windows 管理中心的集成Integration of Azure Security Center with Windows Admin Center

现在可以将本地 Windows 服务器从 Windows 管理中心直接移到 Azure 安全中心。It�s now possible to move your on-premises Windows servers from the Windows Admin Center directly to the Azure Security Center. 然后,安全中心将成为你用于查看所有 Windows 管理中心资源(包括本地服务器、虚拟机和其他 PaaS 工作负荷)的安全信息的单一窗格。Security Center then becomes your single pane of glass to view security information for all your Windows Admin Center resources, including on-premises servers, virtual machines, and additional PaaS workloads.

将服务器从 Windows 管理中心移动到 Azure 安全中心后,你可以:After moving a server from Windows Admin Center to Azure Security Center, you�ll be able to:

  • 在 Windows 管理中心的安全中心扩展中查看安全警报和建议。View security alerts and recommendations in the Security Center extension of the Windows Admin Center.
  • 通过 Azure 门户的安全中心(或通过 API)查看安全状况,并检索 Windows 管理中心托管的服务器的其他详细信息。View the security posture and retrieve additional detailed information of your Windows Admin Center managed servers in the Security Center within the Azure portal (or via an API).

详细了解如何将 Azure 安全中心与 Windows 管理中心集成Learn more about how to integrate Azure Security Center with Windows Admin Center.

对 Azure Kubernetes 服务的保护Protection for Azure Kubernetes Service

Azure 安全中心正在扩展其容器安全功能以保护 Azure Kubernetes 服务 (AKS)。Azure Security Center is expanding its container security features to protect Azure Kubernetes Service (AKS).

流行的开源平台 Kubernetes 已被广泛采用,它现在是容器业务流程的行业标准。The popular, open-source platform Kubernetes has been adopted so widely that it�s now an industry standard for container orchestration. 尽管已经达到了这种程度的广泛实现,但是公众仍然不怎么了解如何保护 Kubernetes 环境。Despite this widespread implementation, there�s still a lack of understanding regarding how to secure a Kubernetes environment. 增强容器化应用程序受攻击面的防御需要专业知识,以确保安全地配置基础结构,并对其进行持续监视以检测潜在的威胁。Defending the attack surfaces of a containerized application requires expertise to ensuring the infrastructure is configured securely and constantly monitored for potential threats.

安全中心防御包括:The Security Center defense includes:

  • 发现和可见性 - 在已注册到安全中心的订阅中持续发现托管的 AKS 实例。Discovery and visibility - Continuous discovery of managed AKS instances within the subscriptions registered to Security Center.
  • 安全建议 - 这是一些可操作的建议,让你能够满足 AKS 的最佳安全做法。Security recommendations - Actionable recommendations to help you comply with security best-practices for AKS. 这些建议包括在安全评分中,这样是为了确保用户在查看组织的安全状况时会查看它们。These recommendations are included in your secure score to ensure they�re viewed as a part of your organization�s security posture. 你可能会看到的一个 AKS 相关建议示例是“应使用基于角色的访问控制来限制对 Kubernetes 服务群集的访问”。An example of an AKS-related recommendation you might see is "Role-based access control should be used to restrict access to a Kubernetes service cluster".
  • 威胁防护 - 通过持续分析 AKS 部署,安全中心会提醒你注意在主机和 AKS 群集级别检测到的威胁和恶意活动。Threat protection - Through continuous analysis of your AKS deployment, Security Center alerts you to threats and malicious activity detected at the host and AKS cluster level.

详细了解 Azure Kubernetes 服务与安全中心的集成Learn more about Azure Kubernetes Services integration with Security Center. 详细了解安全中心的容器安全功能Learn more about the container security features in Security Center.

改进了实时体验Improved just-in-time experience

Azure 安全中心提供的用于保护管理端口的实时工具的功能、操作和 UI 已增强,如下所述:The features, operation, and UI for Azure Security Center�s just-in-time tools that secure your management ports have been enhanced as follows:

  • 理由字段 - 通过 Azure 门户的实时页面请求访问虚拟机 (VM) 时,可以使用一个新的可选字段来输入请求理由。Justification field - When requesting access to a virtual machine (VM) through the just-in-time page of the Azure portal, a new optional field is available to enter a justification for the request. 可以在活动日志中跟踪输入到此字段的信息。Information entered into this field can be tracked in the activity log.
  • 自动清除冗余的实时 (JIT) 规则 - 每当你更新 JIT 策略时,系统会自动运行一个清理工具来检查整个规则集的有效性。Automatic cleanup of redundant just-in-time (JIT) rules - Whenever you update a JIT policy, a cleanup tool automatically runs to check the validity of your entire ruleset. 该工具查找策略中的规则与 NSG 中的规则之间的不匹配项。The tool looks for mismatches between rules in your policy and rules in the NSG. 如果清理工具发现不匹配项,它会确定原因,并寻找安全的时机来删除不再需要的内置规则。If the cleanup tool finds a mismatch, it determines the cause and, when it's safe to do so, removes built-in rules that aren't needed anymore. 清理工具从不会删除你创建的规则。The cleaner never deletes rules that you've created.

详细了解 JIT 访问功能Learn more about the JIT access feature.

弃用了针对 Web 应用程序的两个安全建议Two security recommendations for web applications deprecated

与 Web 应用程序相关的两个安全建议将被弃用:Two security recommendations related to web applications are being deprecated:

  • 应加强 IaaS NSG 上 Web 应用程序的规则。The rules for web applications on IaaS NSGs should be hardened. (相关策略:应该强化 IaaS 上 Web 应用程序的 NSG 规则)(Related policy: The NSGs rules for web applications on IaaS should be hardened)

  • 应限制对应用服务的访问。Access to App Services should be restricted. (相关策略:应限制对应用服务的访问[预览版])(Related policy: Access to App Services should be restricted [preview])

这些建议将不再出现在安全中心建议列表中。These recommendations will no longer appear in the Security Center list of recommendations. 相关策略将不再包含在名为“安全中心默认值”的计划中。The related policies will no longer be included in the initiative named "Security Center Default".

详细了解安全建议Learn more about security recommendations.

2020 年 2 月February 2020

适用于 Linux 的无文件攻击检测目前为预览版Fileless attack detection for Linux is now in preview

由于使用更隐蔽的方法来避免检测的攻击者越来越多,因此,除了 Windows 外,Azure 安全中心还扩展了 Linux 的无文件攻击检测。As attackers increasing employ stealthier methods to avoid detection, Azure Security Center is extending fileless attack detection for Linux, in addition to Windows. 无文件攻击利用软件漏洞,将恶意有效负载注入到良性系统进程中,并隐藏在内存中。Fileless attacks exploit software vulnerabilities, inject malicious payloads into benign system processes, and hide in memory. 这些方法可以:These techniques:

  • 最大程度地减少或消除了磁盘上的恶意软件跟踪minimize or eliminate traces of malware on disk
  • 大大降低被基于磁盘的恶意软件扫描解决方案检测到的机率greatly reduce the chances of detection by disk-based malware scanning solutions

为了应对这种威胁,Azure 安全中心在 2018 年 10 月发布了适用于 Windows 的无文件攻击检测,现在又扩展了 Linux 上的无文件攻击检测。To counter this threat, Azure Security Center released fileless attack detection for Windows in October 2018, and has now extended fileless attack detection on Linux as well.

2020 年 1 月January 2020

增强了安全评分功能Enhanced secure score

Azure 安全中心的安全评分功能的一个增强版本现在以预览版形式提供。An enhanced version of the secure score feature of Azure Security Center is now available in preview. 在此版本中,多个建议被分组到了安全控制中,以便更好地反映受攻击面(例如,限制对管理端口的访问)。In this version, multiple recommendations are grouped into Security Controls that better reflect your vulnerable attack surfaces (for example, restrict access to management ports).

请在预览版阶段自行熟悉安全评分更改,并确定可帮助你进一步保护环境的其他修正。Familiarize yourself with the secure score changes during the preview phase and determine other remediations that will help you to further secure your environment.

Azure 安全中心的强化安全评分(预览版)中了解更多信息。Learn more in Enhanced secure score (preview) in Azure Security Center.