Microsoft's cloud-based Operations Management Suite (OMS) has been gaining in popularity as a means to, as Microsoft describes it, "govern workloads and systems wherever they are" while aggregating and managing that data via the cloud.
Certainly with hybrid on-premises/cloud approaches pursued by most IT shops, a tool like OMS can bridge the gap between what you're running in-house and what you're running in the cloud (whether public or private, Windows or Linux, and Azure, AWS, or a specialty service like PagerDuty or ServiceNow). OMS monitors, alerts, provides disaster recovery, and automates.
Now it also provides security management and threat detection, via the new OMS Security and Audit tool.
OMS Security lets you perform a quick assessment of your environment so that you can spot potential vulnerabilities as well as detect active security threats and/or breaches. It can analyze the status of missing critical security updates, antimalware, and other key security settings for your systems, and it can analyze events to determine active threats and attacks, allowing for alerts and automated responses. You can then investigate manually, drilling down to gain deeper visibility into the potential location, login, or whatever is causing the problem.
Through the OMS dashboard, you can assess a variety of different domains, including the following:
- Antimalware Assessment: This indicates both the status of installed antimalware software on servers and any detected malware.
- Update Assessment: This indicates which systems are missing critical updates.
- Network Security: This watches for inbound and outbound network issues.
- Identity and Access: This watches for failed login attempts that exceed the norm, along with which accounts are being used and which systems (these signals may indicate a brute-force or dictionary-type attack).
- Security Baseline Assessment: This compares baseline security rules for your industry against the policies and rules you've set up.
- Threat Intelligence: This flags active incidents that require immediate attention, such as a server communicating with a malicious actor, so you can drill down and gain more insight into the source of the attack.
OMS Security also offers an advanced detection engine for behavioral analysis and machine learning, as well as Cisco ASA log ingestion to improve network traffic analysis.
OMS Security is a smart move by Microsoft. It's logical to combine security and management into a single tool. And because OMS is cloud-based, Microsoft can continually update it, which is essential when you're dealing with an issue like security.