What is our primary use case?
Primary use case of this solution has changed depending on the company I've been working in. In my previous job they were using it as a CWPP, cloud workload protection. In my current job it's used for the same purpose but we also use it for monitoring security policies, to enforce new policies and audit them. We also use it to meet some of the compliance requirements as well. We're partners with Azure and I'm the cloud security design lead.
What is most valuable?
I personally like the features of the daily recommendations because that's a major deal, and it hosts Microsoft products so it has visibility. If you are bringing in a third party to get a high level of visibility, then a lot of work is required to get that level of capability. This product gives a very good view of the entire security setup of your organization which can be used by the security and operation teams. It provides alerts to the security team on the one hand, and all the AI and ML based detections on the other. It's very beneficial for our security and assault teams. In addition, it provides recommendations for the operations teams who need to sustain a high level of security. It's an important capability.
What needs improvement?
I'm quite active on the Azure product blogs. We're able to provide recommendations to Microsoft and they work together with Azure towards achieving them. One of the issues with the product is that it's not possible to write or edit any capability. For example, if there is a false positive detection on the security center, the only option I have is to flag it off. I can dismiss the alert, but there is no option to provide comments or reviews, so that somebody else looking into the portal can brief them.
I'd like to see some additional features that would include an option for the security team to provide comments on the alerts and also to improve the recommendations. I would like to see them fine tuned. We're also getting a lot of false positive alerts and Azure can reduce that using the Microsoft AI and ML feature.
For how long have I used the solution?
I've been using this solution for two and a half years.
What do I think about the stability of the solution?
This is a very stable solution.
What do I think about the scalability of the solution?
We've never had issues with scalability. We have over 50 engineers using the solution.
How are customer service and technical support?
Our company has subscribed to premium support from Microsoft so we can open premium tickets. The support team are always available and we haven't come across any issues in the past.
How was the initial setup?
The initial setup is very straightforward.
What's my experience with pricing, setup cost, and licensing?
We don't have a say in pricing, it's up to the product vendor. When you compare with other CWPP or server cloud protection products, I believe the Center is well priced. The customer has flexibility to choose which modules they want to use. There is a free version and a paid version and the customer makes a choice based on the organization's security strategy. If you're going to use add-ons or anything more feature rich, then you'd have to pay extra, but the standard product is a fixed price.
What other advice do I have?
If you're in the world of cloud and your company is using Azure as their primary cloud, I think Azure Security Center is a must-have feature, because it provides a bird's eye view of the entire security position of the organization. The solution is integrated and there is service from Microsoft. New features are being added regularly and I think it's a great solution.
I would rate this solution an eight out of 10.
Which deployment model are you using for this solution?