Working in Microsoft Azure is exciting. Nowhere was this more evident than at TechEd 2014 – a whirlwind of new features, techniques and designs. Vibhor Kappor has a great summary up on the Azure blog that will help get you up to speed.
While you’re reading the announcements, it’s important to keep in mind how security on Azure works. It’s a shared responsibility model, where you’re responsible for the security of the operating system, your applications, and your data.
Microsoft VM Agent
A big part of fulfilling your responsibilities is deploying security controls to your virtual machines running on Azure. To make that easier, Microsoft has developed the Microsoft VM Agent. Kundana Palagiri has two posts (1, 2) that detail the design of the agent and the functionality that it provides.
At a high level, it’s an easier way to define the configuration of your virtual machines on Azure through the introduction of various extensions.
At TechEd, the first wave of security extensions was announced, and Trend Micro’s Deep Security Agent was among the first ones available.
Kundana’s follow-up post, “Deploying Antimalware Solutions on Azure Virtual Machines,” shows how to deploy the Deep Security Agent using PowerShell. She highlights some of the functionality available through the agent, but that’s just the tip of the iceberg.
Anti-malware controls are just one layer of a comprehensive security strategy. You’re going to want to ensure that you have other controls like a firewall, intrusion prevention system, and integrity monitoring running on your virtual machines. Trend’s Deep Security agent provides these controls and more for your virtual machines.
In Kundana’s post, the PowerShell deployment method she uses is just one of the many ways to manage the deployment of the Deep Security Agent in Azure. I’ve recorded a screencast that walks you through a method using only the Microsoft Azure console and the Deep Security Manager.
As you can see, with only a couple of clicks, you can deploy the Deep Security Agent and add advanced security controls to your virtual machines. You can use this method to quickly experiment with virtual machines in Azure without sacrificing on security.
Once you’ve built what you need, you can scale up to an automated deployment method using PowerShell, Chef, Puppet, or any method you choose.
Deploying advanced security controls on your virtual machine is a great first step. Tools like the Microsoft VM Agent make that easier.
How are you deploying security controls in Azure? Add your two cents in the comments below or on Twitter where I’m @marknca.
[Editor's note: If you're interested in trying Deep Security as a Service, you can sign up for a 30-day free trial at https://app.deepsecurity.trendmicro.com]