Vulnerability Assessments for Azure Virtual Machines
In this tutorial, we will learn and understand vulnerability assessment reports in the assessment dashboard and Azure Container Registry integration with Security Center.
You should know that a core component of every cyber risk and security program is the identification and analysis of vulnerabilities. However, Azure Security Center’s standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. In addition, the Security Center can automatically deploy this tool for you.
However, Security Center presents one of two recommendations if it doesn’t find a vulnerability assessment solution installed on a VM:
- Firstly, enabling the built-in vulnerability assessment solution on virtual machines (powered by Qualys). This recommendation only appears in standard tiers. As this is an invitation for installing an Azure Security Center vulnerability assessment extension (powered by Qualys) for you at no additional cost.
- Secondly, Vulnerability assessment solutions should be installed on your virtual machines. This is for installing any of the supported partner solutions. However, you’ll need to purchase a license for your chosen solution separately. In turn, that platform provides vulnerability and health monitoring data back to the Security Center. Moreover, you can point out vulnerable VMs on the Security Center dashboard.
Security Center also offers vulnerability analysis for your:
- SQL databases that include Explore vulnerability assessment reports in the assessment dashboard
- Azure Container Registry images that include Azure Container Registry integration with Security Center
Explore vulnerability assessment reports
The vulnerability assessment service scans your databases once a week. These scans run on the same day of the week on which you enabled the service. Moreover, the vulnerability assessment dashboard provides an overview of assessment results across all your databases. In addition, it also includes a summary of healthy and unhealthy databases and an overall summary of failing checks according to risk distribution. Further, you can view the vulnerability assessment results directly from the Security Center.
- Firstly, from the Security Center’s sidebar open the Recommendations page and select the recommendation Vulnerabilities on your SQL servers on machines.
- Secondly:
- For getting information about scanned resources (databases) and the list of security checks that were tested, select the server of interest.
- And, for an overview of the vulnerabilities grouped by a specific SQL database, select the database of interest.
In every view, the security checks are sorted by Severity. For viewing details pane with description click a specific security check.
Azure Container Registry image scanning by Security Center
Azure Container Registry (ACR) refers to a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry. This is based on the open-source Docker Registry 2.0.
However, if you’re on Azure Security Center’s standard tier, then you can add the Container Registries bundle. This optional feature brings deeper visibility into the vulnerabilities of the images in your Azure Resource Manager based registries.
Reference: Microsoft Documentation