Microsoft Azure represents a new paradigm in datacenter design, replacing datacenter hardware with purely logical management tasks. Microsoft Azure allows you to provision a (logically isolated) Virtual Network (VNet). As you add more subnets to your VNet, it becomes harder to visualize your architecture and the access it provides. This large scale, multi-tenant resource sharing introduces a lot of entities with complex relationships and complex network security. As a result of Microsoft Azure’s architecture, security issues and malicious attacks may exist between the platform and between the VNets. As your VNet grows and connects other VNets, virtual networks and legacy on-premise physical networks, it gets even more difficult to understand Azure network security: what is exposed to the internet, where attackers can go, and what access a given host has. A high concentration of resources leads to more network security threats and potential for damage than in traditional environment.
UNIFY PHYSICAL, VIRTUAL, AND CLOUD SECURITY
With RedSeal, your physical, private cloud, and Azure VNet become a unified security architecture—capable of being modeled, tested and measured. RedSeal gives you the means to assess the Azure security controls of your VNet-based assets as well as your connected corporate data center. You will be able to analyze both east-west and north-south traffic as well as micro-segmentation. RedSeal’s network modeling platform can also drill into the Azure VNet ruleset, providing you with the specific rules that apply to an individual host. You’ll easily be able to ensure that only authorized access is allowed.
MODEL, TEST, AND MEASURE CLOUD AND HYBRID ARCHITECTURE
The integration of Microsoft Azure VNet with RedSeal’s platform provides your team much needed visibility and context for prioritizing Azure security vulnerabilities, accelerating incident investigation, managing compliance, and improving the overall resilience of your infrastructure.
RedSeal models the following Microsoft Azure components to visualize and simplify manageability of your network security framework and traffic flow:
- VNet routers
- Workloads (aka hosts)
- VNet peering
- VPN gateway
- Network security group per subnet
- Network security group per vNIC
- View all security groups within the VNet and VM.
- See specific firewall rules that apply to Azure VNet instance (VM/host).
- View all Azure instances (hosts/VMs) associated with a particular security group
- Query Azure VNet subnets and view micro-segmentation