Network Security Groups (NSG’s) allow you to filter and secure network traffic for internet-facing Virtual Machines. They allow you to specify destination, source, protocol, direction, port range and priority. This however can still allow certain unwanted traffic subsets to go through the NSG. That’s where Adaptive Network Hardening and thus machine learning comes in play. It will give you alerts and recommendations for hardening NSG’s.
Say you’ve got a NSG rule stating that traffic from 188.8.131.52/24 is allowed to connect via port 1433 to your production VM. That’s a pretty big range to allow for port 1433 traffic. Adaptive Network Hardening uses machine learning to analyse the traffic flows. Based on its findings it could advise you to reduce the rule to only allow IP 184.108.40.206 to connect to the production VM via port 1433 since that is the only IP making use of it in the last 30 days.
Adaptive Network Hardening is currently supported on the following ports:
22, 3389, 21, 23, 445, 4333, 3306, 1433, 1434, 53, 20, 5985, 5986, 5432, 139, 66, 1128
In order to generate accurate traffic hardening recommendations, Security Center requires at least 30 days of traffic data so we are unable to show the results for our current setup at this moment.
Adaptive Network Hardening is a great example of how machine learning helps tightening security aspects that come in play when working with IT Infrastructure.