| title | description | services | documentationcenter | author | manager | editor | ms.assetid | ms.service | ms.topic | ms.devlang | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Integrate security solutions in Azure Security Center | Microsoft Docs |
Learn about how Azure Security Center integrates with partners to enhance the overall security of your Azure resources. |
security-center |
na |
YuriDio |
mbaldwin |
6af354da-f27a-467a-8b7e-6cbcf70fdbcb |
security-center |
hero-article |
na |
na |
na |
11/21/2017 |
yurid |
This document helps you to manage security solutions already connected to Azure Security Center and add new ones.
Security Center makes it easy to enable integrated security solutions in Azure. Benefits include:
- Simplified deployment: Security Center offers streamlined provisioning of integrated partner solutions. For solutions like antimalware and vulnerability assessment, Security Center can provision the needed agent on your virtual machines, and for firewall appliances, Security Center can take care of much of the network configuration required.
- Integrated detections: Security events from partner solutions are automatically collected, aggregated, and displayed as part of Security Center alerts and incidents. These events also are fused with detections from other sources to provide advanced threat-detection capabilities.
- Unified health monitoring and management: Customers can use integrated health events to monitor all partner solutions at a glance. Basic management is available, with easy access to advanced setup by using the partner solution.
Currently, integrated security solutions include:
- Endpoint protection (Trend Micro, Symantec, Windows Defender, and System Center Endpoint Protection (SCEP))
- Web application firewall (Barracuda, F5, Imperva, Fortinet, and Azure Application Gateway)
- Next-generation firewall (Check Point, Barracuda, Fortinet, and Cisco)
- Vulnerability assessment (Qualys)
The endpoint protection integration experience may vary according to the solution. The following table has more details about each solution's experience:
| Endpoint Protection | Platforms | Security Center Installation | Security Center Discovery |
|---|---|---|---|
| Windows Defender (Microsoft Antimalware) | Windows Server 2016 | No, Built in to OS | Yes |
| System Center Endpoint Protection (Microsoft Antimalware) | Windows Server 2012 R2, 2012, 2008 R2 | Via Extension | Yes |
| Trend Micro – All version | Windows Server Family | Via Extension | Yes |
| Symantec v12.1.1100+ | Windows Server Family | No | Yes |
| MacAfee | Windows Server Family | No | No |
| Kaspersky | Windows Server Family | No | No |
| Sophos | Windows Server Family | No | No |
Azure security solutions that are deployed from Security Center are automatically connected. You can also connect other security data sources, including:
- Azure AD Identity Protection
- Computers running on-premises or in other clouds
- Security solution that supports the Common Event Format (CEF)
- Microsoft Advanced Threat Analytics
After deployment, you can view information about the health of integrated Azure security solution and perform basic management tasks. You can also connect other types of security data sources, such as Azure Active Directory Identity Protection alerts and firewall logs in Common Event Format (CEF). In the Security Center dashboard, select Security solutions.
The Connected solutions section includes security solutions that are currently connected to Security Center and information about the health status of each solution.
The Discovered solutions section shows all the solutions that were added via Azure. It also shows all the solutions that Security Center suggests should connect to it.
Security Center automatically discovers other security solutions running in Azure. This includes Azure solutions, such as Azure AD Identity Protection, as well as partner solutions that are running in Azure. To integrate these solutions with Security Center, select CONNECT.
The Add data sources section includes other available data sources that can be connected. For instructions on adding data from any of these sources, click ADD.
In this article, you learned how to integrate partner solutions in Security Center. To learn more about Security Center, see the following articles:
- Security Center planning and operations guide
- Connecting Microsoft Advanced Threat Analytics to Azure Security Center
- Connecting Azure Active Directory Identity Protection to Azure Security Center
- Security health monitoring in Security Center. Learn how to monitor the health of your Azure resources.
- Monitor partner solutions with Security Center. Learn how to monitor the health status of your partner solutions.
- Azure Security Center FAQs. Get answers to frequently asked questions about using Security Center.
- Azure Security blog. Find blog posts about Azure security and compliance.