When you see security incidents “in the Cloud” they often link back to misconfigurations on the networking side: Public interfaces being open, public ports being misconfigured etc. Our customers often find it hard to really understand and control the Network Security Group’s settings.
Therefore, we now released Adaptive Network Hardening in public preview. To quote:
Adaptive Network Hardening provides recommendations to further harden the NSG rules. It uses a machine learning algorithm that factors in actual traffic, known trusted configuration, threat intelligence, and other indicators of compromise, and then provides recommendations to allow traffic only from specific IP/port tuples.
For example, let’s say the existing NSG rule is to allow traffic from 220.127.116.11/24 on port 22. The Adaptive Network Hardening’s recommendation, based on the analysis, would be to narrow the range and allow traffic from 18.104.22.168/29 – which is a narrower IP range, and deny all other traffic to that port.
Read more here: Adaptive Network Hardening in Azure Security Center