什么是 Azure 安全中心?What is Azure Security Center?

Azure 安全中心是一个统一的基础结构安全管理系统,可以增强数据中心的安全态势,以及为云中(无论是否在 Azure 中)和本地的混合工作负荷提供高级威胁防护。Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

保护资源安全是你的云提供商 Azure 和作为客户的你之间共同的努力。Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. 在移动到云时必须确保工作负荷是安全的,同时,当移动到 IaaS(基础结构即服务)时,需要承担的客户责任比使用 PaaS(平台即服务)和 SaaS(软件即服务)时要更多。You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure 安全中心提供强化网络、保护服务安全以及确保你掌控安全态势所需的工具。Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you're on top of your security posture.

Azure 安全中心解决了三个最紧急的安全性挑战:Azure Security Center addresses the three most urgent security challenges:

  • 快速变化的工作负载 - 这既是云的优势,也是云所带来的挑战。Rapidly changing workloads - It's both a strength and a challenge of the cloud. 一方面,使最终用户有权执行更多的操作。On the one hand, end users are empowered to do more. 另一方面,如何确保人们正在使用和创建的不断变化的服务符合安全标准并且遵循安全最佳做法?On the other, how do you make sure that the ever-changing services people are using and creating are up to your security standards and follow security best practices?

  • 日益复杂的攻击 - 无论在何处运行工作负荷,所面临的攻击都会变得越来越复杂。Increasingly sophisticated attacks - Wherever you run your workloads, the attacks keep getting more sophisticated. 必须要确保你的公有云工作负荷的安全,这些实际上是面向 Internet 的工作负荷,如果不遵循安全最佳做法,可能会使你更易受到攻击。You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow security best practices.

  • 安全技能短缺 - 安全警报和警报系统的数量远超过了具有确保你的环境受到保护所需的必要背景和经验的管理员数量。Security skills are in short supply - The number of security alerts and alerting systems far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. 及时了解最新的攻击是一项持续的挑战,因此在安全领域不断变化的情况下不可能保持现状。Staying up-to-date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front.

为了帮助你应对这些挑战,安全中心提供了为你实现以下目的的工具:To help you protect yourself against these challenges, Security Center provides you with the tools to:

  • 加强安全态势:安全中心会评估你的环境,并使你能够了解资源的状态以及它们是否安全。Strengthen security posture: Security Center assesses your environment and enables you to understand the status of your resources, and whether they are secure.

  • 防范威胁:安全中心会评估工作负荷,并提出威胁预防建议和引发安全警报。Protect against threats: Security Center assesses your workloads and raises threat prevention recommendations and security alerts.

  • 更快地获取安全性:在安全中心中,一切操作都以云速度完成。Get secure faster: In Security Center, everything is done in cloud speed. 由于它以本机方式集成,因此可以轻松部署安全中心,从而通过 Azure 服务为你提供自动预配和保护。Because it is natively integrated, deployment of Security Center is easy, providing you with auto-provisioning and protection with Azure services.

体系结构Architecture

由于安全中心本身是 Azure 的一部分,因此 Azure 中的 PaaS 服务(包括 Service Fabric、SQL 数据库、SQL 托管实例和存储帐户)会受到安全中心的监视和保护,无需进行任何部署。Because Security Center is natively part of Azure, PaaS services in Azure - including Service Fabric, SQL Database, SQL Managed Instance, and storage accounts - are monitored and protected by Security Center without necessitating any deployment.

此外,安全中心还会保护云中或本地的非 Azure 服务器和虚拟机(针对 Windows 和 Linux 服务器),具体方式是在其上安装 Log Analytics 代理。In addition, Security Center protects non-Azure servers and virtual machines in the cloud or on premises, for both Windows and Linux servers, by installing the Log Analytics agent on them. Azure 虚拟机是在安全中心中自动预配的。Azure virtual machines are auto-provisioned in Security Center.

从代理和 Azure 收集的事件在安全分析引擎中相关联,以为你提供量身定制的建议(强化任务),你应该遵循这些建议以确保工作负荷安全,并发出安全警报。The events collected from the agents and from Azure are correlated in the security analytics engine to provide you tailored recommendations (hardening tasks), that you should follow to make sure your workloads are secure, and security alerts. 应尽快调查此类警报以确保没有针对工作负荷发生的恶意攻击。You should investigate such alerts as soon as possible to make sure malicious attacks aren't taking place on your workloads.

当启用安全中心时,内置到安全中心的安全策略将作为内置的计划反映在 Azure Policy 中,位于“安全中心”类别下。When you enable Security Center, the security policy built-in to Security Center is reflected in Azure Policy as a built in initiative under Security Center category. 内置的计划自动分配给安全中心注册的所有订阅(免费或标准定价层)。The built-in initiative is automatically assigned to all Security Center registered subscriptions (free or standard pricing tiers). 内置的计划仅包含审核策略。The built-in initiative contains only Audit policies. 有关 Azure Policy 中的安全中心策略的详细信息,请参阅使用安全策略For more information about Security Center policies in Azure Policy, see Working with security policies.

加强安全态势Strengthen security posture

通过 Azure 安全中心可以加强安全态势。Azure Security Center enables you to strengthen your security posture. 这意味着它可以帮助识别和执行建议作为安全最佳做法的强化任务,并跨计算机、数据服务和应用实现这些任务。This means it helps you identify and perform the hardening tasks recommended as security best practices and implement them across your machines, data services, and apps. 这包括管理和强制实施安全策略,以及确保 Azure 虚拟机、非 Azure 服务器和 Azure PaaS 服务的符合性。This includes managing and enforcing your security policies, and making sure your Azure virtual machines, non-Azure servers, and Azure PaaS services are compliant. 安全中心提供了对工作负荷进行鸟瞰所需的工具,并且使你能够集中查看网络安全资产。Security Center provides you with the tools you need to have a bird's eye view on your workloads, with focused visibility on your network security estate.

管理组织安全策略和符合性Manage organization security policy and compliance

了解并确保工作负荷的安全性是保障安全的基础,并且要从拥有量身定制的适当安全策略开始。It's a security basic to know and make sure your workloads are secure, and it starts with having tailored security policies in place. 由于安全中心的所有策略都是基于 Azure Policy 控制构建的,因此你将获得世界级策略解决方案的全方位服务和灵活性。Because all the policies in Security Center are built on top of Azure Policy controls, you're getting the full range and flexibility of a world-class policy solution. 在安全中心中,可以将策略设置为在管理组上、订阅中以及甚至为整个租户运行。In Security Center, you can set your policies to run on management groups, across subscriptions, and even for a whole tenant.

策略管理页

安全中心可以帮助识别影子 IT 订阅。Security Center helps you identify Shadow IT subscriptions. 通过在仪表板中查看标记为“未涵盖”的订阅,可以立即知道新订阅创建的时间并确保策略已涵盖了这些订阅以及确保它们受到 Azure 安全中心的保护。By looking at subscriptions labeled not covered in your dashboard, you can know immediately when there are newly created subscriptions and make sure they are covered by your policies, and protected by Azure Security Center.

安全中心策略仪表板

持续评估Continuous assessments

安全中心会持续发现部署在工作负荷中的新资源并评估它们是否已根据安全最佳做法进行了配置,如果没有,则会将它们标记出来,并且你将获得一个按优先级排列的建议列表,便于你进行修复以保护计算机。Security Center continuously discovers new resources that are being deployed across your workloads and assesses whether they are configured according to security best practices, if not, they're flagged and you get a prioritized list of recommendations for what you need to fix in order to protect your machines.

为了帮助你了解每个建议对整体安全状况的重要程度,安全中心将建议分组到安全控件中,并向每个控件添加“安全分数”值。To help you understand how important each recommendation is to your overall security posture, Security Center groups the recommendations into security controls and adds a secure score value to each control. 这一点在你设置安全工作的优先级时至关重要。This is crucial in enabling you to prioritize your security work.

安全中心安全分数

网络映射Network map

安全中心提供用于持续监视网络安全状态的强大工具之一是网络映射。One of the most powerful tools Security Center provides for continuously monitoring the security status of your network is the Network map. 通过映射可以查看工作负荷的拓扑,从而可以查看是否已正确配置了每个节点。The map enables you to see the topology of your workloads, so you can see if each node is properly configured. 可以看到节点的连接方式,这有助于阻止不必要的连接,这些连接可能使攻击者更容易沿网络爬行。You can see how your nodes are connected, which helps you block unwanted connections that could potentially make it easier for an attacker to creep along your network.

安全中心网络映射

Azure 安全中心的值的核心在于其建议。The heart of Azure Security Center's value lies in its recommendations. 这些建议是针对在工作负荷上发现的特定安全问题而量身定制的,安全中心不仅可以通过查找漏洞来为你执行安全管理工作,还可以通过为你提供有关如何清除漏洞的具体说明来进行。The recommendations are tailored to the particular security concerns found on your workloads, and Security Center does the security admin work for you, by not only finding your vulnerabilities, but providing you with specific instructions for how to get rid of them.

通过这种方式,安全中心不仅使你能够设置安全策略,还使你能够在整个资源中应用安全配置标准。In this way, Security Center enables you not just to set security policies, but to apply secure configuration standards across your resources.

这些建议有助于降低每个资源的攻击面。The recommendations help you to reduce the attack surface across each of your resources. 其中包括 Azure 虚拟机、非 Azure 服务器和 Azure PaaS 服务(如 SQL 和存储帐户等),其中每种类型的资源都以不同的方式被评估并且具有自己的标准。That includes Azure virtual machines, non-Azure servers, and Azure PaaS services such as SQL and Storage accounts and more - where each type of resource is assessed differently and has its own standards.

安全中心建议示例

防范威胁Protect against threats

通过安全中心的威胁防护,可以在基础结构即服务 (IaaS) 层、非 Azure 服务器以及针对 Azure 中的平台即服务 (PaaS) 进行检测和防范威胁。Security Center's threat protection enables you to detect and prevent threats at the Infrastructure as a Service (IaaS) layer, non-Azure servers as well as for Platforms as a Service (PaaS) in Azure.

安全中心的威胁防护包括融合杀伤链分析,它可以基于网络杀伤链分析自动关联环境中的警报,有助于更好地了解攻击活动的完整情况,例如它的起始位置以及它对资源造成的影响。Security Center's threat protection includes fusion kill-chain analysis, which automatically correlates alerts in your environment based on cyber kill-chain analysis, to help you better understand the full story of an attack campaign, where it started and what kind of impact it had on your resources.

安全警报

与 Microsoft Defender 高级威胁防护集成Integration with Microsoft Defender Advanced threat protection

安全中心提供与 Microsoft Defender 高级威胁防护的自动本机集成。Security Center includes automatic, native integration with Microsoft Defender Advanced Threat Protection. 这意味着,无需任何配置,Windows 和 Linux 计算机就可以与安全中心的建议和评估完全集成。This means that without any configuration, your Windows and Linux machines are fully integrated with Security Center's recommendations and assessments.

此外,通过安全中心,还可以在服务器环境上自动执行应用程序控制策略。In addition, Security Center lets you automate application control policies on server environments. 安全中心中的自适应应用程序控制在 Windows 服务器之间启用端到端的应用允许列表。The adaptive application controls in Security Center enable end-to-end app approval listing across your Windows servers. 无需创建规则和检查违规行为,这些都是自动完成的。You don't need to create the rules and check violations, it's all done automatically for you.

保护 PaaSProtect PaaS

安全中心有助于跨 Azure PaaS 服务检测威胁。Security Center helps you detect threats across Azure PaaS services. 可以检测针对 Azure 服务的威胁,包括 Azure 应用服务、Azure SQL、Azure 存储帐户和更多数据服务。You can detect threats targeting Azure services including Azure App Service, Azure SQL, Azure Storage Account, and more data services. 还可以利用与 Microsoft Cloud App Security 的用户和实体行为分析 (UEBA) 的本机集成来对 Azure 活动日志执行异常情况检测。You can also take advantage of the native integration with Microsoft Cloud App Security's User and Entity Behavioral Analytics (UEBA) to perform anomaly detection on your Azure activity logs.

阻止暴力攻击Block brute force attacks

安全中心可以帮助限制暴露在暴力攻击下。Security Center helps you limit exposure to brute force attacks. 通过减少对虚拟机端口的访问,使用实时 VM 访问,可以通过阻止不必要的访问来强化网络。By reducing access to virtual machine ports, using the just-in-time VM access, you can harden your network by preventing unnecessary access. 可以在所选端口上设置安全访问策略,仅限授权用户、允许的源 IP 地址范围或 IP 地址,以及仅在有限的时间内。You can set secure access policies on selected ports, for only authorized users, allowed source IP address ranges or IP addresses, and for a limited amount of time.

保护数据服务Protect data services

安全中心包含有助于在 Azure SQL 中执行对数据进行自动分类的功能。Security Center includes capabilities that help you perform automatic classification of your data in Azure SQL. 还可以获取跨 Azure SQL 和存储服务对潜在漏洞进行的评估,以及有关如何缓解这些问题的建议。You can also get assessments for potential vulnerabilities across Azure SQL and Storage services, and recommendations for how to mitigate them.

更快地获取安全性Get secure faster

本机 Azure 集成(包括 Azure Policy 和 Azure Monitor 日志)与其他 Microsoft 安全解决方案(如 Microsoft Cloud App Security 和 Windows Defender 高级威胁防护)的无缝集成相结合,有助于确保安全解决方案的全面性,并且易于载入和推出。Native Azure integration (including Azure Policy and Azure Monitor logs) combined with seamless integration with other Microsoft security solutions, such as Microsoft Cloud App Security and Windows Defender Advanced Threat Protection help make sure your security solution is comprehensive as well as simple to onboard and roll out.

此外,可以将完整的解决方案扩展到 Azure 外在其他云和本地数据中心中运行的工作负荷。In addition, you can extend the full solution beyond Azure to workloads running on other clouds and in on-premises data centers.

自动发现和载入 Azure 资源Automatically discover and onboard Azure resources

安全中心提供与 Azure 和 Azure 资源的无缝本机集成。Security Center provides seamless, native integration with Azure and Azure resources. 这意味着可以跨所有 Azure 资源汇总涉及到 Azure Policy 和内置安全中心策略的完整安全性内容,并确保你在 Azure 中创建资源时所有内容会自动应用到新发现的资源。That means that you can pull together a complete security story involving Azure Policy and built-in Security Center policies across all your Azure resources, and make sure that the whole thing is automatically applied to newly discovered resources as you create them in Azure.

广泛的日志收集 - Windows 和 Linux 中的日志都可以在安全分析引擎中得到利用,并用于创建建议和警报。Extensive log collection - logs from Windows and Linux are all leveraged in the security analytics engine and used to create recommendations and alerts.

后续步骤Next steps

  • 若要开始使用安全中心,需要订阅 Azure。To get started with Security Center, you need a subscription to Azure. 如果你没有订阅,则可以注册试用版If you do not have a subscription, you can sign up for a trial.

  • 首次在 Azure 门户中访问 Azure 安全中心仪表板后,或通过 API 以编程方式启用安全中心的免费定价层后,安全中心的免费定价层就会在所有当前的 Azure 订阅上启用。Security Center's free pricing tier is enabled on all your current Azure subscriptions once you visit the Azure Security Center dashboard in the Azure portal for the first time, or if enabled programmatically via API. 若要利用高级安全管理和威胁检测功能,必须升级到“标准”定价层。To take advantage of advanced security management and threat detection capabilities, you must upgrade to the standard pricing tier. 标准层可以免费试用 30 天。The standard tier can be tried for free for 30 days. 有关详细信息,请参阅安全中心定价页See the Security Center pricing page for more information.

  • 如果已准备好立即启用安全中心标准版,请参阅快速入门:将 Azure 订阅载入到安全中心标准版以详细了解相关步骤。If you're ready to enable Security Center standard now, the Quickstart: Onboard your Azure subscription to Security Center Standard walks you through the steps.