A year ago we announced the general availability of advanced threat protection for Azure Storage, to help our customers better protect their data in blob containers from the growing risk of cyberattacks. Since then, advanced threat protection for Azure Storage has been protecting millions of storage accounts and helping customers to detect common threats such as malware, access from suspicious sources (including TOR exit nodes), data exfiltration activities, and more.

Today we’re excited to announce the preview of extending advanced threat protection for Azure Storage to support Azure Files and Azure Data Lake Storage Gen2 API, helping our customers to protect their data stored in file shares and data stores designed for enterprise big data analytics.

Growing demand to secure file shares and data lakes

More and more organizations are moving their data to the cloud, seeking better security and data protection, data modernization, and optimized cost and performance of IT operations. It’s expected that over 80 percent of enterprise workloads will be in the cloud by the end of 2020.

This growing demand has also increased the popularity of Azure Files Storage, which delivers secure, Server Message Block (SMB) based, fully managed cloud file shares that can also be cached on-premises for performance and compatibility.

With Azure Files, organizations get the added benefit of a secure storage infrastructure that is massively scalable, and globally available. Even with all these capabilities, it’s still essential to bolster cybersecurity, especially with the growing complexity and sophistication of cyberattacks.

In addition, we’re seeing the growing demand for data stores optimized for big data analytics, and the need to serve and manage massive amounts of data. Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob storage while focusing on performance, management and security, it supports serving multiple petabytes of information while sustaining hundreds of gigabits.

What’s included in advanced threat protection for Azure Files and ADLS Gen2 API

Advanced threat protection for Azure Storage provides an additional layer of security intelligence that provides alerts when it detects unusual and potentially harmful attempts to access or exploit your storage accounts. This layer of protection allows you to address threats without being a security expert or managing security monitoring systems.

Security alerts are triggered when anomalies in activity occur. These security alerts are integrated with Azure Security Center and are also sent via email to subscription administrators, with details of suspicious activity and recommendations on how to investigate and remediate threats.
 

An example of an alert indicating that a potential malware was uploaded to a file share.

Besides the built-in security of Azure file shares and data lakes, customers of advanced threat protection for Azure Storage also benefit from:

  • World-class algorithms that learn, profile, and detect unusual or suspicious activity in your file shares.
  • Actionable alerts in a centralized view in Azure Security Center with optional email notifications.
  • Integration with Azure Sentinel for efficient threat investigation.
  • Azure-native support for Azure Files with one click enablement from the Azure portal and with no need to modify your application code.

Get started today

We encourage you to try out advanced threat protection for Azure Storage and start detecting potential threats on your Azure Files shares and Azure Blob containers. Advanced threat protection for Azure Storage needs to be enabled on the storage accounts containing the files shares and blob containers you want to protect.

We recommend enabling advanced threat protection for Azure storage on the subscription level by following the instructions here: Configure advanced threat protection for Azure Storage.

Learn more about the pricing of advanced threat protection for Storage price in Azure Security Center pricing page.

For more information on Azure Security Center, please visit Azure Security Center web page.