Launch Week Day 2: Azure CIS Benchmark 2.1 support

Matthias VeitMatthias Veit
4 min read

We are excited to announce that Fix Security now fully supports the Azure CIS Benchmark 2.1. This enables Microsoft Azure users to ensure their cloud infrastructure meets industry-leading security standards. The Azure CIS Benchmark provides essential guidelines for securing cloud environments, covering a wide range of critical aspects such as identity management, data protection, and network security. By aligning your infrastructure with these benchmarks, you reduce the risk of vulnerabilities and ensure a more robust, more resilient cloud environment.

What is the Azure CIS Benchmark 2.1?

The Azure CIS Benchmark 2.1, developed by the Center for Internet Security (CIS), is a comprehensive security standard designed to help organizations securely configure their Microsoft Azure environments. It provides clear, actionable steps to protect cloud infrastructure from common threats, ensuring critical services and data are safeguarded. Rather than requiring organizations to be experts in every potential misconfiguration, the CIS Benchmark serves as a trusted guide for applying best practices across Azure’s many services.

Covering essential areas like Identity and Access Management (IAM), secure network architecture, and data protection, the benchmark includes recommendations for critical tasks such as enabling multi-factor authentication, securing virtual machine access, encrypting sensitive information, and ensuring robust logging and monitoring. These measures help organizations maintain continuous security and prevent unauthorized access or data breaches.

For any Azure user, following the CIS Benchmark is an important step toward building a secure, resilient cloud infrastructure. It simplifies the process of securing your environment, offering expert guidance so you can focus on your business without needing to master every potential security risk.

How to align with this benchmark

Connecting your Microsoft Azure subscriptions to Fix Security is simple with our step-by-step guide. Once integrated, Fix Security automatically collects all resources and configurations from your Azure environment. Our platform then runs the Azure CIS Benchmark, identifying deviations from the recommended security controls and helping you quickly and efficiently address potential vulnerabilities.

You can start by reviewing all your subscriptions or focusing on a specific one. The benchmark’s structure is clearly reflected, showing how your infrastructure scores across each section. Results are categorized by severity—whether they pass or have critical, high, medium, or low-level findings. It is possible to review the complete structure down to the specific controls executed.

Each control can be selected to provide valuable insights. First, the check is explained clearly to help you better understand what is being assessed. It’s also essential to grasp the risk of not taking action. Each control offers detailed guidance on addressing the underlying issues. Additionally, you’ll see a list of all affected resources. To further support you, we provide links for a deeper understanding of both the control and its mitigation, ensuring you have all the information you need.

Clicking on a specific resource provides all the details you need. The Neighborhood View shows the resource's context, displaying its relationships with other resources. The Basic Information and Details sections contain all the data Fix Security has gathered. Of particular interest is the Security Issues section, which lists all security findings for the resource, regardless of the benchmark they originate from. Each security finding can be expanded to reveal more information about the issue.

While the benchmark defines a specific set of controls, there may be situations where you need to make informed exceptions. For example, a particular resource might not need to comply with a specific control for valid reasons. You can exclude a resource from either a single control or all controls as necessary. We believe it’s important to always provide meaningful data and support you in cases where a control doesn’t apply to your organization’s needs or circumstances.

Continuous alignment

Providing you with all the information needed to manage your security posture is crucial, and Fix Security goes beyond just that. Once connected, it continuously monitors your infrastructure and runs the benchmark on all new or updated resources. This ensures you always have an up-to-date inventory of the infrastructure you manage.

Fix Security can send alerts to keep you informed if a new security issue arises. Alerts can be routed to various channels, including collaboration platforms like Microsoft Teams, Slack, or Discord, incident management platforms like PagerDuty or Atlassian OpsGenie, or via email. You can also define the severity level of the issue and choose the communication channel to use when such issues are detected.

The Compliance section in Fix Security offers detailed information about existing issues and how to resolve them. Alerts notify you when a new security issue arises. Together, these features provide you with a powerful toolset to not only maintain but actively manage and control the security posture of your infrastructure.

Conclusion

Maintaining a secure cloud environment is an ongoing process, and Fix Security ensures that your infrastructure is regularly evaluated against established security best practices. By continuously monitoring resources and performing automated benchmark assessments, Fix Security helps you stay informed about potential issues as your cloud environment changes.

With detailed insights, real-time alerts, and the ability to review and manage exceptions, Fix Security gives you the tools to manage your security posture actively. Whether addressing new security concerns or reviewing compliance, the platform ensures you have up-to-date information and easy-to-follow steps to mitigate risks. Fix Security simplifies the process of staying aligned with security standards so you can focus on managing your infrastructure with confidence.

0
Subscribe to my newsletter

Read articles from Matthias Veit directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Matthias Veit
Matthias Veit

As a co-founder at Fix, I've ventured into the dynamic world of cloud security. With a solid foundation in computer science and a colorful career spanning over two decades, I've transitioned from a hands-on software engineer at pioneering tech institutes in Berlin to leading roles in innovative companies like MOIA and Mesosphere in Hamburg. My journey reflects a blend of entrepreneurial spirit and technical leadership, underpinned by a passion for melding security with technology to craft safer digital ecosystems. Off the clock, I'm an avid explorer of the intersection between technology and societal progress, always on the lookout for the next challenge that beckons beyond the horizon.