As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent.
Today, organizations face an attacker ecosystem that is highly economically motivated to exploit security issues with your multicloud and hybrid workloads—as made evident in the rise in human-operated ransomware, with hackers launching an average of 50 million password attacks every day (579 per second), the rise of web shell attacks,1 and increasing firmware attacks.2 As with most attack vectors in this evolving threat landscape, prevention and detection are critical.
These threats can present a growing challenge for organizations using a combination of on-premises, hybrid, and multicloud infrastructure and workloads. With this distributed infrastructure, it can be a challenge to protect resources against motivated attackers when security management, policies, and signals are not unified.
Securing your multicloud and hybrid infrastructure in 3 steps
Securing infrastructure is fundamental to the business—for every business. So, what does a solution for multicloud, on-premises, and hybrid infrastructure security look like? A powerful defense must be unified, simplified, and actionable. It must make it easier to enable digital transformation and not slow progress in this crucial area. For businesses who need to secure multicloud, on-premises, and hybrid infrastructure, an increased security stance can start with three simple steps:
Connecting your hybrid infrastructure to Azure Arc.
Further enhancing the security of on-premises workloads with Secured-core for Azure Stack HCI.
1. Connect your on-premises and hybrid infrastructure to Microsoft security services using Azure Arc
Many organizations today are challenged with the growing complexity of securing their infrastructure with disparate tools across multicloud, hybrid, and edge environments. To begin securing these assets, you can use Azure Arc to connect your resources to Microsoft Azure from wherever they are deployed, making them addressable by Azure security services and enabling you to manage them from a single pane of glass in Azure Resource Manager. Azure Arc extends the control plane to these resources so that they can be managed and secured centrally with tools including our cloud extended detection and response (XDR) solution, Microsoft Defender for Cloud, or the secure key management tool, Azure Key Vault.
“When you see how Azure security and compliance features benefit your on-premises infrastructure, it helps put your mind at ease regarding the capabilities and benefits of the cloud. It also makes you a harder target for would-be attackers, and that’s what we’re hoping to achieve.”—Lody Mustamu, Manager of Marketing and Sales, ASAPCLOUD.
2. Secure your Azure Arc-enabled infrastructure using Microsoft Defender for Cloud
Once these distributed multicloud and hybrid environments are connected through Azure Arc, Microsoft Defender for Cloud enables you to find weak spots across your configuration, helps strengthen the overall security posture, and can help you meet any relevant compliance requirements for your resources across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP).
While prevention is critical, at the same time, the increasing sophistication of attacks requires that organizations have a comprehensive threat protection strategy in place. Microsoft Defender for Cloud provides vulnerability assessment with insights from industry-leading security research and provides advanced threat protection for a broad range of workloads across cloud and on-premises including virtual machines, containers, databases, storage, and more.
“The choice made sense to us because Microsoft Defender connects so tightly and automatically to Azure Arc,” says Iñigo Martinez Lasala, Director of Technology and Systems at Prosegur. “There are other tools out there, but Microsoft Defender provides additional functionality that other tools don’t have, such as establishing rules of compliance, hardening servers, and launching scripts to fix server issues.”
Get started by enabling Microsoft Defender for Cloud for your Azure subscriptions and easily onboard other environments to understand your current security posture. You can then enable the enhanced features to protect and manage the security of all relevant workloads across your cloud and on-premises environments from a central place, all connected through Azure Arc.
Figure 1. Protect your workloads with Microsoft Defender for Cloud.
3. Further secure your on-premises and hybrid infrastructure using Secured-core for Azure Stack HCI
As security threats continue to become more sophisticated, they are moving lower in the stack to the operating system, firmware, and hardware level, so there is a growing need for additional security at these lower levels. One way to gain additional protection against these attacks is an integrated solution called Secured-core, now available for Azure Stack HCI. Secured-core servers provide out-of-box safeguards with enhanced protections. For example, Secured-core servers help stop attacks in the event of a successful web application compromise with features like virtualization-based security (VBS) and hypervisor-based code integrity (HVCI). Credential protection in Azure Stack HCI helps mitigate the common attack of credential theft by using VBS to isolate credentials in their own virtual machine, a feature that is on by default in Secured-core servers. These features help prevent what could otherwise be a much larger breach.
Secured-core servers have three focused pillars:
Protect with hardware root of trust: Trusted platform modules (TPMs) ensure that even firmware malware cannot tamper hardware recordings of what firmware ran on the device.
Defend against firmware level attack: System guard secured VBS protects by not relying on firmware for trust.
Prevent access to unverified code: HVCI protects against both known vulnerable drivers and entire classes of problems
All these capabilities built into Secured-core servers ensure that your servers are protected out-of-box, giving you confidence in your hardware. And managing the status and configuration of Secured-core servers is easy from the browser-based Windows Admin Center for both Windows Server and Azure Stack HCI solutions.
Figure 2. Secured-core server cluster management in Windows Admin Center.
“To help our customers remain secure and accelerate their business outcomes, Hewlett Packard Enterprise (HPE) is excited to release the new Gen 10 Plus (v2) products for Azure Stack HCI 21H2 and Windows Server 2022 which can be delivered with the HPE GreenLake edge-to-cloud platform,” said Keith White, Senior Vice President and General Manager, GreenLake Cloud Services Commercial Business. “These offer unprecedented host protection by combining HPE’s security technologies with Secured-core server functionalities for a secure, hybrid implementation.”
Take steps today to secure your on-premises and hybrid infrastructure
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Web shell attacks continue to rise, Detection and Response Team (DART), Microsoft 365 Defender Research Team, Microsoft Security. February 11, 2021.
Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.
For the 8th year in a row, Microsoft is designated a Leader in Gartner® Magic Quadrant™ for Access Management for our Microsoft Entra ID products and related solutions.
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor access, and ransomware deployment. The said attack targeted multiple sectors in the United States, including government, manufacturing, transportation, […]