I'm currently working on our SOC2 compliance and one of the requirements is to implement Intrusion Detection System (IDS) for our Remote Desktop Protocol (RDP) access on a Windows VM hosted in Azure. We explored the Azure firewall, but the pricing for the level of IDS needed is way beyond our small company's budget. The SOC2 guidelines ask for a setup where only two specific IP addresses can access the server via RDP, and any unauthorized attempts from other IPs should trigger a notification to our IT department. I'm feeling a bit lost on what options I might have. Can anyone suggest affordable solutions to achieve this?
3 Answers
Nordlayer could be a solid option for you. It's reasonably priced and handles a lot of the infrastructure needs without needing a huge setup. In my opinion, it does better than Defender in this area, which seems a bit lacking for your use case.
How many users will be connecting to the VM? Since you only have two, you could look into solutions like SecureRDP that cater specifically to your compliance needs and keep your ports closed to the public, which can enhance your security significantly.
Have you thought about using Network Watcher Flow Logs? You can set it up to log traffic and potentially write a script that checks for unauthorized access and alerts you when it happens. You might run this as a function app to automate the process.
Just 2. I'll definitely check out SecureRDP.