Last updated at Thu, 25 Jan 2024 02:14:33 GMT

Almost every security or IT practitioner is familiar with the ascent and continued dominance of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share and establishing its position as the most-used, most-likely-to-renew public cloud provider. Azure is a force to be reckoned with. Many organizations benefit from this friendly competition and not only adopt Azure but increasingly use both Azure and AWS.

In this context, security teams are often caught on the swinging end of the rope. A small shake at the top of the rope triggers big swings at the bottom. A credit card is all that is needed to spin up new VMs, but as security teams know, the effort to secure the resulting infrastructure is not trivial.

Built for modern infrastructure

One way you can keep pace is by using a Rapid7 scan Engine from the Azure Marketplace. You can make use of a pre-configured Rapid7 Scan Engine within your Azure infrastructure to gain visibility to your VMs from within Azure itself.

Another way is to use the Rapid7 Insight Agent on your VM images within Azure. With Agents, you get visibility into your VMs as they spin up.

This sounds great in a blog post, but since assets in Microsoft Azure are virtual, they come and go without much fanfare. Remember the bottom-of-the-rope metaphor? You're there now. Security needs visibility to identify vulnerabilities in infrastructure to get on the path to remediation, but this is complicated by a few questions:

  • Do you know when a VM is spun up? How can you assess risk if the VM appears outside your scan window?
  • Do you know when a VM is decommissioned? Are you reporting on VMs that no longer exist?
  • Do you know what a VM is used for? Is your reporting simply a collection of VMs, or do those VMs mean something to your stakeholders?

You might struggle with answering these questions if you employ tools that weren't designed with the behavior of modern infrastructure in mind.

Automatically discover and manage assets in Azure

InsightVM and Nexpose, our vulnerability management solutions offer a new discovery connection to communicate directly to Microsoft Azure. If you know about our existing discovery connection to AWS you'll find this familiar, but we've added new powers to fit the behavior of modern infrastructure:

  1. Automated discovery: Detect when assets in Azure are spun up and trigger visibility when you need it using Adaptive Security.
  2. Automated cleanup: When VMs are destroyed in Azure, automatically remove them from InsightVM/Nexpose. Keep your inventory clean and your license consumption cleaner.
  3. Automated tag synchronization: Synchronize Azure tags with InsightVM/Nexpose to give meaning to the assets discovered in Azure. Eliminate manual efforts to keep asset tags consistent.

Getting started

First, you'll need to configure Azure to allow InsightVM/Nexpose to communicate with it directly. Follow this step-by-step guide in Azure Resource Manager docs.

Specifically, you will need the following pieces of information to set up your connection:

Once you have this information, navigate to Administration > Connections > Create

Select Microsoft Azure from the dropdown menu. Enter a Connection name, your Tenant ID, Application ID and Application Secret key (a.k.a. Authentication Key).

Next, we'll select a Site we want to use to contain the assets discovered from Azure.

We can control which assets we want to import with Azure tags. Azure uses a : format for tags. If you want to enter multiple tags, use as a delimiter, e.g., Class:DatabaseType:Production.

Check Import tags to import all tags from Azure. If you don't care to import all tags in Azure, you can specify exactly which ones to import. The tags on the VM in Azure will be imported and associated automatically with Assets as they are discovered. When there are changes to tag assignment in Azure, InsightVM/Nexpose will automatically synchronize tag assignments.

Finally, as part of the synchronization when VMs are destroyed within Azure, the corresponding asset in InsightVM/Nexpose will be deleted automatically, ensuring your view remains as fresh and current as your modern infrastructure.

Great success! Now what...?

If you've made it this far, you're at the point where you have your Azure assets synchronized with InsightVM/Nexpose, and you might even have a handful of tags imported. Here are a few ideas to consider when looking to augment your kit:

  1. Create an Azure Liveboard: Use Azure tags as filtering criteria to create a tailored dashboard.
  2. Scan the site or schedule a scan of a subset of the site.
  3. Create Dynamic Asset Groups using tags to subdivide and organize assets.
  4. Create an automated action to trigger a scan on assets that haven't been assessed.