The Azure Portal provides a restricted list view of VMs for a given Resource Group or Subscription. The lists do not provide a visual mapping of the Azure environment depicting how things are deployed, nor are they updated dynamically to show change. Troubleshooting is difficult and slow.
Cloudvisory continuously discovers an Azure infrastructure, delivering an interactve visual mapping of Azure Subscriptions, Resource Groups, Regions, VMs, network flows and even other hybrid or multi-cloud environments. This dynamic mapping illustrates the exact make up of the Azure enviornment and its workloads. As new workloads spin up or down, the mapping is immediately refreshed.
With the Azure Portal, Tags are defined for resources, then resources are organized based on those tags for billing or management. However, there is no way to organize Network Security Groups based on infrastructure memberships. Additionally, certain Tags need to be managed securely which is not yet an option in Azure. Currently, Dev/Ops teams are building complex, custom solutions in an attempt to organize Network Security Groups. Or worse, they are using open and generic settings which leave the environment at risk. Tags and Meta Data are critical for organizing workloads and associated security policies into groups to speed management and control.
With CSP, the Security Orchestration plane enables creation of natural language policies, and association of those policies to workloads via infrastructure memberships, Tags, Secure Tags, and Group memberships (such as application or application tier). Provisioning of policies is organized, automated, and becomes dynamic as the environment undergoes change. Dev/Ops teams no longer spend weeks or months creating custom solutions that do not scale and cannot adapt to the ever changing cloud environment.
Using the Azure Portal to list and manage network security groups, it is difficult to understand how each particular network security group is related to all the workloads it may affect.
The Azure Portal used in conjunction with Azure Network Watcher provides a limited view into the network topology, and a downloadable list of network flow details. Operational teams require information beyond this list: holistic, contextual information about workload location by Subscription, Resource Group, or Regions are essential for servicing and troubleshooting the underlying cloud deployment.
CSP’s visual representation of Azure resources and related flows is both visual and contextual. CSP can quickly identify non-compliant network flows and alert teams to potential threats. CSP also continuously monitors Network Security Policies for real-time compliance breaches, and alerts on rogue or accidental changes. Above, visual flow data specifically points out compliant and non-compliant net-flow details to quickly identify risk and potential malicious activity. Unlike other solutions, all this is accomplished using the Azure APIs.
CSP flow data has added richness. Flow information is summarized per workload and logical group for an enhanced understanding of the environment, and faster triage of infected or malicious actions.
Leveraging Azure’s, native security controls and APIs to protect cloud environments, delivers workloads that are more secure than those in traditional data centers. Cloudvisory is uniquely positioned to help you realize the full power of these tools through:
1) Continuous Discovery and Visualization of Infrastructure and Security Policies
2) Policy Organization, Orchestration and Automated Provisioning
3) Intelligent, granular, cloud-native Micro-Segmentation
4) Continuous Monitoring, Enforcement, and auto-remediation of Security policies
CSP provides the necessary discovery and automation necessary for an Azure cloud security strategy. CSP’s organization, visibility, control and enforcement ensures security across your Azure and hybrid-cloud deployments.