Azure Security Center (ASC) is the center of many security-related features that are present within Azure. You can gain insight into the security status of your environment from 1 portal. Think of, for example, continuous assessments, regulatory compliance, security alerts, threat protection, etc. In addition, ASC makes it possible to integrate with other solutions such as Microsoft Defender Advanced Threat Protection (MDATP), SIEM solutions (such as Azure Sentinel), SQL advanced data security and more.
Although not mandatory, the paid version offers many useful functionalities, which makes it an absolute must to turn on in my opinion. Over the years, Azure Security Center has grown from a security overview portal to a fully-fledged solution where a considerable amount of functionalities come together. Microsoft itself introduces it as follows:
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud – whether they’re in Azure or not – as well as on premises.https://docs.microsoft.com/azure/security-center/security-center-intro
Let’s face it, the naming of the model – Free / Standard Tier – no longer fits. It does not cover the full load (anymore) and it is also somewhat confusing in conversations with customers. Microsoft has also found out and has therefore changed the name. From this moment on, we no longer talk about which ASC tier you use, but simply whether your Azure Defender is turned on or off.
Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.
The Azure Defender service includes all of the previously-branded Azure Security Center threat protection technologies. For example, Advanced Threat Protection for Azure Storage is now Azure Defender for Storage. Beyond rebranding there is a new Azure Defender dashboard in the Azure portal and additional Azure Defender protections. In many cases customers are protecting only a subset of their resources, such as virtual machines, which leaves other resources such as SQL or Storage accounts vulnerable to attack. The new unified dashboard shows which resources are protected so that you can easily see which resources need to be protected. Microsoft continues to expand threat protection capabilities of Azure Defender. The new protections are for Azure Key Vault now generally available, Azure Kubernetes now generally available, SQL Servers on-premises in preview, and IoT in preview.
Azure Security Center for IoT is now rebranded as Azure Defender for IoT. In July Microsoft announced the acquisition of CyberX to help protect industrial IoT, operational technology (OT) and building management system (BMS) environments. Today they’ve announced that CyberX’s agentless capabilities are now integrated into Azure Defender for IoT, allowing you to continuously identify assets, vulnerabilities, and threats across unmanaged legacy IoT/OT devices alongside managed devices. Azure Defender for IoT continues to support air-gapped environments on-premises and more Azure connected scenarios are added over time. These new capabilities are available for no charge during preview which will commence in October.
For more information about Azure Security Center see the following documentation:
Protect multi-cloud workloads with new Azure security innovations
Microsoft delivers unified SIEM and XDR to modernize security operations
Microsoft announces cloud innovation to simplify security, compliance, and identity