Please share with the community what you think needs improvement with Azure Security Center.
What are its weaknesses? What would you like to see changed in a future version?
There is no perfect product in the world and there are always features that can be added. Innovation is something that is always on the table.
I think that the documentation and implementation guides could be improved. It would make the implementation process easier.
Azure Security Center should be more easily understood by a non-technical person. It's more about the security before getting into the product. It needs to be simplified and made more user-friendly for a non-technical person. In the next release, I would like to see a better dashboard and more integration with IT sales Management.
From a compliance standpoint, they can include some more metrics and some specific compliances such as GDPR.
Pricing could be improved. There are limited options based on pricing for the government. The initial setup could be simplified. In the next release, I would like to see more development in the area of NECES scanning or Splunk, or Universal Forwarding.
The solution is quite complex. A lot of the different policies that actually get applied don't pertain to every client. If you need to have something open for a client application to work, then you get dinged for having a port open or having an older version of TLS available. Even though the TLS is only allotted for a single application, single box, and everything else is completely up to date, it just gives us an inaccurate reporting of how secure the environment actually is. The solution could use a bit more granularity.
We built our hierarchy incorrectly and we're struggling now with some of the features that are up there. Once we straighten our hierarchy out, we are going to applied policies, whether it's through Security Center or any other thing. It's going to be a lot easier once our hierarchy is fixed. We need to apply things in a certain place and then we realize that we need to apply them to the subscription as well. And next thing we know we also need to apply it to another subscription, it's unmanageable. We're applying different policies across all our different subscriptions, which is fine, but at 21 subscriptions you can have over a dozen policies. We're trying to skinny that down to four or five policies. It's not a defect in a Security Center. It's a defect in how we built it.
I'm quite active on the Azure product blogs. We're able to provide recommendations to Microsoft and they work together with Azure towards achieving them. One of the issues with the product is that it's not possible to write or edit any capability. For example, if there is a false positive detection on the security center, the only option I have is to flag it off. I can dismiss the alert, but there is no option to provide comments or reviews, so that somebody else looking into the portal can brief them. I'd like to see some additional features that would include an option for the security team to provide comments on the alerts and also to improve the recommendations. I would like to see them fine tuned. We're also getting a lot of false positive alerts and Azure can reduce that using the Microsoft AI and ML feature.
Is one better than the other?