CoreStack extends support to Azure Security Center
CoreStack enables you to gain increased visibility and control over the security of your Azure cloud resources by easily integrating with the Azure Security Center.
Here are four ways CoreStack ensures cloud security, in association with the Azure Security Center.
Activate/Deactivate Security Center (Operations Runbook)
CoreStack is pre-loaded with plenty of templates to help you get started in a jiffy. And now we have added the Data Collection template. This template collects security center data to display recommendations and alerts identified by the Azure Security Center in the Security dashboard. You can activate the Azure Security Center integration from the Operations Runbook.
Findings Dashboard (Security Operations Centre)
Admin can view the security alerts / recommendations provided by Azure Security Centre in the Findings dashboard present in the Security dashboard.
These findings are filtered by:
- Baseline Rules/System Updates/Antimalware/SQL injections
- By Severity of the alerts/recommendations received
Unified View (Security Operations Centre)
In case of a hybrid/multi cloud environment, the security alerts and recommendations are usually present in the individual security centre, which makes their monitoring a challenging task for the administrator and security professionals. CoreStack collects the findings of Azure Security Center, AWS Inspector, Qualys and other such cloud tools and displays them in a unified Security dashboard, making all information appearing in a single pane.
Cloud Management Actions (SecOPS)
Auto-remediation is a feature that enterprises across the world are actively pursuing for their cloud environments. Event-driven automation is auto-triggered on the occurrence of certain predefined events. Some of the remedial actions auto-triggered by CoreStack on alerts / recommendations are:
- Modifying a firewall rule
- Triggering OS update
- Triggering application/library updates