This post is part of a series, for the series contents see:
Another quick post as I rattle through the various suggestions Security Center is chucking at me.
Next up is a recommendation to get endpoint protection on my VMs, the nice thing is that you can resolve this from within Security Centre itself without ever logging into any of the VMs.
For me the recommendation looked like this:
You’ll note the convenient “Install on 2 VMs” option at the top of the screen, clicking on that takes you through to a choice of endpoint protection providers. “Choice” might be stretching it a little here as for now there are only two options:
Forever being thrifty, I went with the Microsoft option as I assume the TrendMicro one is likely to cost me! Having done that, the final screen I was presented with was to choose a few basic settings for the product and then I was done.
For the stuff that Security Center has picked up it has been nice and easy to resolve by getting some endpoint protection on there, but it doesn’t seem to have picked up everything:
- My aadconnect-vm doesn’t have any endpoint protection installed but that doesn’t seem to be being flagged.
- Neither are any of my Linux VMs (firewall-vm & web-vm). I assume that’s because there’s not a suitable product yet, but still it’s not ideal that it hasn’t even flagged it. I’m definitely not a believer of the Apple inspired *nix systems don’t get viruses rubbish.
Overall, what that means is that I can’t really rely on Security Center, at this stage, to pick up the things I’ve missed. I still need to put in my own checks and balances to make sure that I’ve got a good defence in depth posture.