Azure 安全中心的新增功能的存档?Archive for what's new in Azure Security Center?

主要的 Azure Active Directory 中的新功能?发行说明页面包含过去六个月的更新,而此页面包含较旧的项。The primary What's new in Azure Active Directory? release notes page contains updates for the last six months, while this page contains older items.

本页提供以下事项的信息:This page provides you with information about:

  • 新增功能New features
  • Bug 修复Bug fixes
  • 已弃用的功能Deprecated functionality

2019 年 11 月November 2019

Azure 存储的威胁防护包括恶意软件信誉筛查Threat Protection for Azure Storage includes Malware Reputation Screening

Azure 存储的威胁防护提供了由 Microsoft 威胁情报提供支持的新检测功能,可检测恶意软件向 Azure 存储进行的上传(使用哈希信誉分析作为检测方法)以及来自活动 Tor 出口节点(一种匿名代理)的可疑访问。Threat protection for Azure Storage offers new detections powered by Microsoft Threat Intelligence for detecting malware uploads to Azure Storage using hash reputation analysis and suspicious access from an active Tor exit node (an anonymizing proxy). 你现在可以使用 Azure 安全中心查看在各个存储帐户中检测到的恶意软件。You can now view detected malware across storage accounts using Azure Security Center.

适用于大量资源的快速修复已正式发布Quick Fix for bulk resources generally available

由于在安全评分中用户需要完成许多任务,因此,在大量资源中高效地修正问题变得越来越有挑战性。With the many tasks that a user is given as part of Secure Score, the ability to effectively remediate issues across a large fleet can become challenging.

若要简化对安全错误配置的修正、快速修正针对大量资源的建议并提高安全评分,请使用快速修复修正。To simplify remediation of security misconfigurations and to be able to quickly remediate recommendations on a bulk of resources and improve your secure score, use Quick Fix remediation.

此操作允许你选择要对其应用修正的资源,并启动一个将代表你对设置进行配置的修正操作。This operation will allow you to select the resources you want to apply the remediation to and launch a remediation action that will configure the setting on your behalf.

快速修复目前已在安全中心推荐页面中正式提供给客户。Quick fix is generally available today customers as part of the Security Center recommendations page.

请在安全建议参考指南中查看哪些建议启用了快速修复。See which recommendations have quick fix enabled in the reference guide to security recommendations.

其他合规性标准(预览版)Additional regulatory compliance standards (preview)

“合规性”仪表板根据安全中心评估提供对你的合规状况的见解。The Regulatory Compliance dashboard provides insights into your compliance posture based on Security Center assessments. 此仪表板显示你的环境在遵循特定法规标准和行业基准所指定的控制和要求方面的情况,并为如何满足这些要求提供了规范性建议。The dashboard shows how your environment complies with controls and requirements designated by specific regulatory standards and industry benchmarks and provides prescriptive recommendations for how to address these requirements.

到目前为止,合规性仪表板支持四个内置标准:Azure CIS 1.1.0、PCI-DSS、ISO 27001 和 SOC-TSP。The regulatory compliance dashboard has thus far supported four built-in standards: Azure CIS 1.1.0, PCI-DSS, ISO 27001, and SOC-TSP. 我们现在宣布推出其他受支持标准的公共预览版:NIST SP 800-53 R4、SWIFT CSP CSCF v2020、加拿大联邦 PBMM 和 UK Official 以及 UK NHS。We are now announcing the public preview release of additional supported standards: NIST SP 800-53 R4, SWIFT CSP CSCF v2020, Canada Federal PBMM and UK Official together with UK NHS. 我们还会发布 Azure CIS 1.1.0 的更新版,涵盖该标准中的更多控制措施并增强扩展性。We are also releasing an updated version of Azure CIS 1.1.0, covering more controls from the standard and enhancing extensibility.

详细了解如何在合规性仪表板中自定义标准集Learn more about customizing the set of standards in your regulatory compliance dashboard.

Azure Kubernetes 服务的威胁防护(预览版)Threat Protection for Azure Kubernetes Service (preview)

Kubernetes 正在快速成为用于在云中部署和管理软件的新标准。Kubernetes is quickly becoming the new standard for deploying and managing software in the cloud. 很少有用户对 Kubernetes 有丰富的经验,并且很多人只关注一般的工程和管理,而忽略安全方面。Few people have extensive experience with Kubernetes and many only focuses on general engineering and administration and overlook the security aspect. 需要小心配置 Kubernetes 环境以确保安全,确保没有将相应的攻击面暴露给专门针对容器的攻击者,不要门户大开。Kubernetes environment needs to be configured carefully to be secure, making sure no container focused attack surface doors are not left open is exposed for attackers. 安全中心正在将其在容器空间中的支持扩展到 Azure 中增长最快的服务之一 - Azure Kubernetes 服务 (AKS)。Security Center is expanding its support in the container space to one of the fastest growing services in Azure - Azure Kubernetes Service (AKS).

此公共预览版中的新功能包括:The new capabilities in this public preview release include:

  • 发现和可见性 - 在安全中心的已注册订阅内持续发现托管的 AKS 实例。Discovery & Visibility - Continuous discovery of managed AKS instances within Security Center’s registered subscriptions.
  • 安全评分建议 - 这是一些可操作项,帮助客户遵守 AKS 中作为客户安全评分的一部分的安全最佳做法,例如,“应使用基于角色的访问控制来限制对 Kubernetes 服务群集的访问”。Secure Score recommendations - Actionable items to help customers comply to security best practices in AKS as part of the customer’s Secure Score, such as "Role-Based Access Control should be used to restrict access to a Kubernetes Service Cluster".
  • 威胁检测 - 基于主机和群集的分析,例如“检测到特权容器”。Threat Detection - Host and cluster-based analytics, such as “A privileged container detected”.

虚拟机漏洞评估(预览版)Virtual machine vulnerability assessment (preview)

安装在虚拟机中的应用程序可能经常会有可导致虚拟机被破坏的漏洞。Applications that are installed in virtual machines could often have vulnerabilities that could lead to a breach of the virtual machine. 我们宣布,安全中心标准层包括了针对虚拟机的内置漏洞评估,用户无需额外付费。We are announcing that the Security Center Standard tier includes built-in vulnerability assessment for virtual machines for no additional fee. 漏洞评估(在公共预览版中由 Qualys 提供支持)将允许你持续扫描虚拟机上安装的所有应用程序,以查找易受攻击的应用程序,并在安全中心门户的体验中呈现这些结果。The vulnerability assessment, powered by Qualys in the public preview, will allow you to continuously scan all the installed applications on a virtual machine to find vulnerable applications and present the findings in the Security Center portal’s experience. 安全中心负责所有部署操作,因此不需要用户做额外的工作。Security Center takes care of all deployment operations so that no extra work is required from the user. 今后,我们计划提供漏洞评估选项,以支持客户的独特业务需求。Going forward we are planning to provide vulnerability assessment options to support our customers’ unique business needs.

详细了解针对 Azure 虚拟机的漏洞评估Learn more about vulnerability assessments for your Azure Virtual Machines.

Azure 虚拟机上的 SQL Server 高级数据安全(预览版)Advanced data security for SQL servers on Azure Virtual Machines (preview)

Azure 安全中心针对 IaaS VM 上运行的 SQL DB 提供的威胁防护和漏洞评估支持目前为公共预览版。Azure Security Center’s support for threat protection and vulnerability assessment for SQL DBs running on IaaS VMs is now in preview.

漏洞评估是一项易于配置的服务,可以发现、跟踪并帮助修正潜在的数据库漏洞。Vulnerability assessment is an easy to configure service that can discover, track, and help you remediate potential database vulnerabilities. 它可直观查看安全状况(这是 Azure 安全评分的一部分内容),包含解决安全问题的步骤,并可加强数据库的防御工事。It provides visibility into your security posture as part of Azure secure score and includes the steps to resolve security issues and enhance your database fortifications.

高级威胁防护会检测特定的异常活动,这些活动表明有人在尝试以异常且可能有害的方式访问或利用你的 SQL Server。Advanced threat protection detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit your SQL server. 它不断监视数据库的可疑活动,并针对异常数据库访问模式提供操作导向的安全警报。It continuously monitors your database for suspicious activities and provides action-oriented security alerts on anomalous database access patterns. 这些警报提供可疑活动的详细信息,并建议如何调查和缓解威胁。These alerts provide the suspicious activity details and recommended actions to investigate and mitigate the threat.

支持自定义策略(预览版)Support for custom policies (preview)

Azure 安全中心现在支持自定义策略(预览版)。Azure Security Center now supports custom policies (in preview).

我们的客户一直希望根据他们在 Azure Policy 中创建的策略,使用他们自己的安全评估来扩展他们在安全中心内的当前安全评估覆盖范围。Our customers have been wanting to extend their current security assessments coverage in Security Center with their own security assessments based on policies that they create in Azure Policy. 由于我们支持自定义策略,现在他们的这个目标可以实现了。With support for custom policies, this is now possible.

这些新策略将成为安全中心建议体验、安全评分和合规性标准仪表板的一部分。These new policies will be part of the Security Center recommendations experience, Secure Score, and the regulatory compliance standards dashboard. 由于我们支持自定义策略,你现在可以在 Azure Policy 中创建自定义计划,然后将其作为策略添加到安全中心,并将其可视化为建议。With the support for custom policies, you’re now able to create a custom initiative in Azure Policy, then add it as a policy in Security Center and visualize it as a recommendation.

通过适用于社区和合作伙伴的平台扩展 Azure 安全中心覆盖范围Extending Azure Security Center coverage with platform for community and partners

使用安全中心不仅可以接收来自 Microsoft 的建议,还可以接收来自合作伙伴(例如 Check Point、Tenable 和 CyberArk)的现有解决方案中的建议,它们以后会提供更多的集成。Use Security Center to receive recommendations not only from Microsoft but also from existing solutions from partners such as Check Point, Tenable, and CyberArk with many more integrations coming. 安全中心的简单加入流可以将你现有的解决方案连接到安全中心,使你能够在一个地方查看安全状况建议、运行统一的报告,以及根据内置的建议和合作伙伴的建议利用安全中心的所有功能。Security Center's simple onboarding flow can connect your existing solutions to Security Center, enabling you to view your security posture recommendations in a single place, run unified reports and leverage all of Security Center's capabilities against both built-in and partner recommendations. 你还可以将安全中心建议导出到合作伙伴产品。You can also export Security Center recommendations to partner products.

详细了解 Microsoft 智能安全协会Learn more about Microsoft Intelligent Security Association.

与建议和警报导出功能进行的高级集成(预览版)Advanced integrations with export of recommendations and alerts (preview)

现在可以在除 Azure 门户或 API 之外的其他位置使用安全中心警报和建议,以便在安全中心的基础上实现企业级方案。In order to enable enterprise level scenarios on top of Security Center, it’s now possible to consume Security Center alerts and recommendations in additional places except the Azure portal or API. 这些警报和建议可以直接导出到事件中心和 Log Analytics 工作区。These can be directly exported to an Event Hub and to Log Analytics workspaces. 下面是你可以围绕这些新功能创建的几个工作流:Here are a few workflows you can create around these new capabilities:

  • 由于可以导出到 Log Analytics 工作区,因此你可以使用 Power BI 创建自定义仪表板。With export to Log Analytics workspace, you can create custom dashboards with Power BI.
  • 由于可以导出到事件中心,因此你可以将安全中心警报和建议导出到第三方 SIEM、实时导出到第三方解决方案,或导出到 Azure 数据资源管理器。With export to Event Hub, you'll be able to export Security Center alerts and recommendations to your third-party SIEMs, to a third-party solution in real time, or Azure Data Explorer.

从 Windows 管理中心将本地服务器加入到安全中心(预览版)Onboard on-prem servers to Security Center from Windows Admin Center (preview)

Windows 管理中心是一个管理门户,适用于未部署在 Azure 中的 Windows 服务器,为它们提供一些 Azure 管理功能,例如备份和系统更新。Windows Admin Center is a management portal for Windows Servers who are not deployed in Azure offering them several Azure management capabilities such as backup and system updates. 我们最近添加了一项用于加入这些非 Azure 服务器的功能,允许用户直接使用 Windows 管理中心体验通过 ASC 对这些服务器进行保护。We have recently added an ability to onboard these non-Azure servers to be protected by ASC directly from the Windows Admin Center experience.

通过这种新体验,用户可将 WAC 服务器加入到 Azure 安全中心,并可直接在 Windows 管理中心体验中查看其安全警报和建议。With this new experience users will be to onboard a WAC server to Azure Security Center and enable viewing its security alerts and recommendations directly in the Windows Admin Center experience.

2019 年 9 月September 2019

对通过自适应应用程序控制来管理规则这一功能的改进Managing rules with adaptive application controls improvements

使用自适应应用程序控制来管理虚拟机的规则的体验已改进。The experience of managing rules for virtual machines using adaptive application controls has improved. Azure 安全中心的自适应应用程序控制帮助你控制哪些应用程序可以在虚拟机上运行。Azure Security Center's adaptive application controls help you control which applications can run on your virtual machines. 除了对规则管理的一般改进之外,在添加新规则时还可以通过一项新权益来控制哪些文件类型会受到保护。In addition to a general improvement to rule management, a new benefit enables you to control which file types will be protected when you add a new rule.

详细了解自适应应用程序控制Learn more about adaptive application controls.

使用 Azure Policy 控制容器安全建议Control container security recommendation using Azure Policy

现在可以通过 Azure Policy 启用或禁用 Azure 安全中心提供的用于修复容器安全相关漏洞的建议。Azure Security Center's recommendation to remediate vulnerabilities in container security can now be enabled or disabled via Azure Policy.

若要查看已启用的安全策略,请从安全中心打开“安全策略”页。To view your enabled security policies, from Security Center open the Security Policy page.

2019 年 8 月August 2019

Azure 防火墙的实时 (JIT) VM 访问Just-in-time (JIT) VM access for Azure Firewall

Azure 防火墙的实时 (JIT) VM 访问现已正式发布。Just-in-time (JIT) VM access for Azure Firewall is now generally available. 除了受 NSG 保护的环境之外,还可以使用它来保护受 Azure 防火墙保护的环境。Use it to secure your Azure Firewall protected environments in addition to your NSG protected environments.

使用 NSG 和 Azure 防火墙规则时,JIT VM 访问仅在必要的情况下提供对 VM 的受控访问,降低了遭受网络容量耗尽攻击的风险。JIT VM access reduces exposure to network volumetric attacks by providing controlled access to VMs only when needed, using your NSG and Azure Firewall rules.

在为 VM 启用 JIT 时,你将创建一个策略,该策略用于确定要保护的端口、端口保持打开的时长,以及可以从其访问这些端口的经批准的 IP 地址。When you enable JIT for your VMs, you create a policy that determines the ports to be protected, how long the ports are to remain open, and approved IP addresses from where these ports can be accessed. 该策略帮助你控制用户在请求访问时可执行的操作。This policy helps you stay in control of what users can do when they request access.

请求将记录在 Azure 活动日志中,因此你可以轻松监视和审核访问。Requests are logged in the Azure Activity Log, so you can easily monitor and audit access. 实时页面还帮助你快速识别已启用了 JIT 的现有 VM 和建议启用 JIT 的 VM。The just-in-time page also helps you quickly identify existing VMs that have JIT enabled and VMs where JIT is recommended.

详细了解 Azure 防火墙Learn more about Azure Firewall.

单击即可提升安全状况的修正(预览版)Single click remediation to boost your security posture (preview)

安全评分是一个可帮助你评估工作负荷安全状况的工具。Secure score is a tool that helps you assess your workload security posture. 它会评审你的安全建议并确定其优先级,让你知道首先执行哪些建议。It reviews your security recommendations and prioritizes them for you, so you know which recommendations to perform first. 这可帮助你找到最严重的安全漏洞,以确定调查优先级。This helps you find the most serious security vulnerabilities to prioritize investigation.

为了简化对安全错误配置的修正并帮助你快速提高安全评分,我们添加了一项新功能,允许你通过一次单击执行对大量资源的修正建议。In order to simplify remediation of security misconfigurations and help you to quickly improve your secure score, we've added a new capability that allows you to remediate a recommendation on a bulk of resources in a single click.

此操作允许你选择要对其应用修正的资源,并启动一个将代表你对设置进行配置的修正操作。This operation will allow you to select the resources you want to apply the remediation to and launch a remediation action that will configure the setting on your behalf.

请在安全建议参考指南中查看哪些建议启用了快速修复。See which recommendations have quick fix enabled in the reference guide to security recommendations.

2019 年 7 月July 2019

网络建议更新Updates to network recommendations

Azure 安全中心 (ASC) 已推出了新的网络建议,并改进了一些现有的网络建议。Azure Security Center (ASC) has launched new networking recommendations and improved some existing ones. 现在,使用安全中心可以确保为资源提供更好的网络保护。Now, using Security Center ensures even greater networking protection for your resources.

详细了解网络建议Learn more about network recommendations.

2019 年 6 月June 2019

自适应网络强化 - 正式发布Adaptive Network Hardening - generally available

在公有云中运行的工作负荷的最大受攻击面之一是与公共 Internet 的连接。One of the biggest attack surfaces for workloads running in the public cloud are connections to and from the public Internet. 我们的客户发现很难知道应该实施哪些网络安全组 (NSG) 规则来确保 Azure工作负荷仅可在必需的源范围内使用。Our customers find it hard to know which Network Security Group (NSG) rules should be in place to make sure that Azure workloads are only available to required source ranges. 利用此功能,安全中心可了解 Azure 工作负荷的网络流量和连接模式,并为面向 Internet 的虚拟机提供 NSG 规则建议。With this feature, Security Center learns the network traffic and connectivity patterns of Azure workloads and provides NSG rule recommendations, for Internet facing virtual machines. 这可以帮助我们的客户更好地配置其网络访问策略,并降低他们遭受攻击的可能性。This helps our customer better configure their network access policies and limit their exposure to attacks.

详细了解自适应网络强化Learn more about adaptive network hardening.