Scale with Speed and Security using Microsoft Azure and DFLabs

Back to all articles

Scale with Speed and Security

The speed at which our businesses function must be met with an even faster solution to ensure that they remain secure. Scaling up and scaling down takes seconds and so does an attacker’s ability to penetrate an organization’s defenses. DFLabs’ integration with Microsoft Azure’s Security Center provides organizations with the ability to secure their infrastructures faster than ever before by utilizing Azure’s native Security Center integration with IncMan SOAR’s automation power to stop an attack in its tracks.

By automatically assessing workloads and orchestrating containment actions, organizations can begin to overcome the security skills shortage which continues to plague every industry. By quickly detecting and responding to today’s sophisticated security threats, organizations can begin to strengthen their security posture while remaining confident that their defenses can withstand their adversaries next move.

The Problem

Today’s society is constantly on the move and this extends into the modern networked infrastructure. The need to quickly spin up new services and access them from wherever, whenever has driven this network evolution. Unfortunately, this evolution has highlighted a real security concern when trying to balance accessibility with adequate security protections. The inability to achieve this balance has produced a new level of sophistication in the types of attacks which are targeting these modern infrastructures. These attacks and the skills shortage being experienced by the security industry are producing a perfect storm of circumstances which open organizations up to a potential massive breach with devastating consequences.

Organizations are more than ever before now facing these typical day to day security challenges:

  • How can we remain protected with our workloads are rapidly changing?

  • How can we defend our virtualized environments from today’s sophisticated attacks?

  • How can we combat the security skills shortage plaguing the industry?

The DFLabs and Microsoft Azure Security Center Solution

DFLabs’ integration with Microsoft Azure Security Center allows organizations to quickly and efficiently secure their workloads by ensuring their dynamic services continue to follow best security practices through Azure’s native integration with Security Center. This native integration coupled with DFLabs’ IncMan SOAR platform strengthens an organization’s security posture by extending Azure’s security protections beyond its virtualized environment.

This extension is achieved through the power of automation and orchestration, which allows these security protections to be translated into well-choreographed actions to help organizations combat the sophisticated attacks facing their businesses, as well as their lack of qualified staffing, through rapid incident handling and response efforts.

About Microsoft Azure Security Center

Azure Security Center is a unified infrastructure security management system that strengthens the security posture of an organization’s data centers and provides advanced threat protection across hybrid workloads in the cloud - whether they're in Azure or not - as well as on premise.

Keeping resources safe is a joint effort between an organization’s cloud provider, Azure, and the organization itself. Workloads must be secure as they are moved to the cloud and Azure Security Center provides the tools needed to harden a network, secure its services and ensure that an organization has a strong and resilient security posture.

Use Case

Now let’s look at a simple use case in action.

A security alert is received from the Microsoft Azure Security Center regarding one of the hosted virtual machines. IncMan SOAR receives the alert and automatically begins to gather information from the alert and the reputation of the source address from the alert.


Once information is pulled from the original alert, the R3 Rapid Response Runbook queries the organization’s SIEM for any additional alerts which the host machine may have generated. If additional events are found, the R3 Rapid Response Runbook parses out the event id from the activity and adds them to the incident as additional artifacts and opens a ticket in the organization’s ticketing system for their Level I security analyst to review.

At the same time, the R3 Rapid Response Runbook runs the source IP address through a reputation checker. If the IP reputation is found to be malicious, the organization’s SIEM is queried for any additional events which involve the malicious source and adds the source to its blacklist. If additional events were observed involving the malicious source, the R3 Rapid Response Runbook will add the additional affected hosts to the incident as an incident artifact, upgrade the incident to High priority, tag the affected machines for review, and finally create a ticket through the organization’s ticketing system for a Level II analyst to review.

In Summary

Organizations today need to remain protected regardless of rapidly changing workloads and scalability. Through Azure’s integration with DFLabs, organizations can strengthen their security posture by assessing their environment in real-time, quickly discovering gaps in their security defenses, while having the capability to combine automatic workload assessments with orchestrated containment actions to combat the security skills shortage and increasing variety and velocity of threats they may face.

If you would like to see IncMan SOAR in action with its integration with Microsoft’s Azure Security Center or other integrations, request your personalized one-to-one demo today.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request a demo