使用 Azure 安全中心建议增强安全性Use Azure Security Center recommendations to enhance security

可以通过配置安全策略,并实施 Azure 安全中心提供的建议,降低发生重大安全事件的可能性。You can reduce the chances of a significant security event by configuring a security policy and then implementing the recommendations provided by Azure Security Center. 本文说明了如何使用安全中心内的安全策略和建议来帮助减少安全攻击。This article shows you how to use security policies and recommendations in Security Center to help mitigate a security attack.

安全中心会自动运行连续扫描,分析 Azure 资源的安全状态。Security Center automatically runs continuous scans to analyze the security state of your Azure resources. 在安全中心识别潜在的安全漏洞时,它会创建一些建议,这些建议会指导完成配置所需安全控件的过程。When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed security controls. 安全中心会在 24 小时内更新其建议,但以下情况例外:Security Center updates its recommendations within 24 hours, with the following exceptions:

  • 操作系统安全配置建议在 48 小时内更新Operating system security configuration recommendations are updated within 48 hours
  • Endpoint Protection 问题建议在 8 小时内更新Endpoint Protection issues recommendations are updated within 8 hours

方案Scenario

此方案显示如何通过监视安全中心建议并采取措施,来使用安全中心帮助降低发生安全事件的可能性。This scenario shows you how to use Security Center to help reduce the chances of a security incident by monitoring Security Center recommendations and taking action. 本方案使用虚构的公司 Contoso,以及安全中心规划和操作指南中提供的角色。The scenario uses the fictitious company, Contoso, and roles presented in the Security Center planning and operations guide. 在此方案中,我们将着重探讨以下角色:In this scenario, we're focusing on the roles of the following personas:

方案角色

Contoso 最近将其某些本地资源迁移到了 Azure。Contoso recently migrated some of their on-premises resources to Azure. Contoso 希望保护其资源并减少其云中资源的漏洞。Contoso wants to protect their resources and reduce vulnerability of their resources in the cloud.

使用 Azure 安全中心Use Azure Security Center

Contoso 的 IT 安全部门的 David 已选择将 Contoso 订阅上的安全中心载入 Azure 安全中心,以预防和检测安全漏洞。David, from Contoso's IT security, has already chosen to onboard Security Center on Contoso's subscriptions to Azure Security Center to prevent and detect security vulnerabilities.

安全中心自动分析 Contoso 的 Azure 资源的安全状态,并应用默认安全策略。Security Center automatically analyzes the security state of Contoso’s Azure resources and applies default security policies. 安全中心识别到潜在的安全漏洞时,会基于安全策略中设置的控件创建 建议When Security Center identifies potential security vulnerabilities, it creates recommendations based on the controls set in the security policy.

David 在其所有订阅中运行启用了 Azure Defender 的 Azure 安全,以获取可用的建议和安全功能的完整套件。David runs Azure Security with Azure Defender enabled, across all their subscriptions to get the full suite of recommendations and security features available. Jeff 也将所有尚未迁移的现有本地服务器加入云,以便可以跨 Windows 和 Linux 服务器利用安全中心的混合支持。Jeff also onboards all their existing on-premises servers that haven't yet been migrated to the cloud so that they can take advantage of Security Center's hybrid support across their Windows and Linux servers.

Jeff 是云工作负荷所有者。Jeff is a cloud workload owner. Jeff 负责根据 Contoso 的安全策略应用安全控件。Jeff is responsible for applying security controls in accordance with Contoso’s security policies.

Jeff 执行以下任务:Jeff performs the following tasks:

  • 监视安全中心提供的安全建议Monitor security recommendations provided by Security Center
  • 评估安全建议,并决定他们是应当应用还是消除建议。Evaluate security recommendations and decide if they should apply or dismiss the recommendations.
  • 应用安全建议Apply security recommendations

使用建议修正威胁Remediate threats using recommendations

作为每日监视活动的一部分,Jeff 登录 Azure 并打开安全中心。As part of their daily monitoring activities, Jeff signs in to Azure and opens Security Center.

  1. Jeff 选择其工作负载的订阅。Jeff selects the workload's subscriptions.

  2. Jeff 查看“安全功能分数”,以全面了解订阅的安全状态,看到分数是 548。Jeff checks the Secure Score to get an overall picture of how secure the subscriptions are and sees that the score is 548.

  3. Jeff 必须决定要首先处理哪些建议。Jeff has to decide which recommendations to handle first. 因此,Jeff 单击“安全功能分数”并开始根据其提高安全功能分数的程度来处理建议。So Jeff clicks Secure Score and starts to handle recommendations based on how much it improves his secure score.

  4. 由于 Jeff 有大量连接的 VM,因此他决定重点关注他在资产清单中的计算机。Because Jeff has lots of connected VMs, Jeff decides to focus on his machines in asset inventory.

  5. 当 Jeff 打开资产清单时,将显示一个建议列表。When Jeff opens the asset inventory, a list of recommendations appears. Jeff 根据安全功能分数影响来处理它们。Jeff handles them according to the secure score impact.

  6. Jeff 拥有许多面向 VM 的 Internet,并且由于其端口是公开的,所以担心攻击者可能控制服务器。Jeff has numerous Internet facing VMs, and because their ports are exposed, they're worried that an attacker could gain control over the servers. 因此,Jeff 选择使用实时 VM 访问So Jeff chooses to use just-in-time VM access.

Jeff 继续浏览高优先级和中优先级建议,并进行有关实施的决策。Jeff continues to move through the high priority and medium priority recommendations, and makes decisions on implementation. 对于每项建议,Jeff 会查看安全中心提供的详细信息,以了解受影响的资源、安全功能分数的影响、每项建议的含义以及缓解每个问题的修正步骤。For each recommendation, Jeff looks at the detailed information provided by Security Center to understand which resources are impacted, what the Secure Score impact is, what each recommendation means and remediation steps for how to mitigate each issue.

结论Conclusion

监视安全中心内的建议有助于在发生攻击之前消除安全漏洞。Monitoring recommendations in Security Center helps you eliminate security vulnerabilities before an attack occurs. 修正建议时,安全功能分数和工作负荷的安全状况会提高。When you remediate recommendations, your Secure Score and your workloads' security posture improve. 安全中心自动发现部署的新资源,根据安全策略对其进行评估,并提供新的建议对其进行保护。Security Center automatically discovers new resources you deploy, assesses them against your security policy and provides new recommendations for securing them.

后续步骤Next steps

确保拥有一个适当的监视进程,定期检查安全中心中的建议,以便可以确保在一段时间内保护资源的安全。Make sure you have a monitoring process in place, in which you regularly check the recommendations in Security Center so that you can make sure to keep your resources secure over time.

此方案说明了如何使用安全中心内的安全策略和建议来帮助减少安全攻击。This scenario showed you how to use security policies and recommendations in Security Center to help mitigate a security attack.

了解如何通过管理和应对安全警报来应对威胁。Learn how to respond to threats with Managing and responding to security alerts.