Welcome to the first part of my Microsoft Defender for Cloud series, where we will explore its features and updates by providing examples to help you better understand and utilize this powerful security solution.
Microsoft Defender for Cloud is a robust security tool that safeguards and oversees cloud tasks on various platforms such as Azure, AWS, and Google Cloud Platform. This article explores its capabilities in-depth and highlights its most recent advancements and improvements.
How to Enable Microsoft Defender for Cloud
- Sign in to the Azure portal.
- Search for “Defender” in the search box.
- Select “Microsoft Defender for Cloud” from the search results.
- Click “Get Started” on the Defender for Cloud’s overview page.
If this is your first time using Microsoft Defender for Cloud, you will be offered a 30-day trial.
Security Features
- Development Security Operations (DevSecOps): Unifies security management at the code level across multi-cloud and multiple-pipeline environments.
- Server Protection: Offers server protection through Microsoft Defender for Endpoint or extended protection with just-in-time network access, file integrity monitoring, vulnerability assessment, and more.
- Multicloud and On-premises Server Security: Secures multi-cloud and on-premises servers with Defender for Servers.
- Microsoft Defender for Storage: An Azure-native layer of security intelligence that detects potential threats to your storage accounts, preventing malicious file uploads, sensitive data exfiltration, and data corruption.
- Integrated Security Solutions: Simplifies deployment and management of integrated partner solutions, such as antimalware and vulnerability assessment.
- Data Collection: Collects data from Azure virtual machines (VMs), Virtual Machine Scale Sets, IaaS containers, and non-Azure machines to monitor for security vulnerabilities and threats.
- Integration with Microsoft Defender for Endpoint: Provides a comprehensive Windows server protection solution, including improved threat detection for Windows Servers.
- Threat Protection for Azure Network Layer: Uses machine learning models to identify and flag malicious traffic activities based on sample IPFIX data from Azure core routers.
- Microsoft Defender for Cloud Apps: Offers visibility into cloud apps and services, allowing control and limiting access to cloud apps while enforcing compliance requirements on data stored in the cloud.
Compliance Features
- Secure Score: Aggregates security findings into a single score, providing an at-a-glance view of the current security situation.
- Regulatory Compliance: Provides insights into compliance posture based on continuous assessments of the Azure environment. Microsoft Defender for Cloud continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks.
- Microsoft Cloud Security Benchmark: Automatically assigned to your subscriptions and accounts when you onboard Defender for Cloud, this benchmark builds on the cloud security principles defined by the Azure Security Benchmark and applies these principles with detailed technical implementation guidance for Azure, other cloud providers (such as AWS and GCP), and other Microsoft clouds.
New and Updated Security Features
- Running Container Images Vulnerability Findings Resolution: Microsoft Defender for Cloud has released a new recommendation for preview, which suggests resolving vulnerability findings in running container images. Microsoft Defender Vulnerability Management powers this feature.
- Containers Vulnerability Assessment: Microsoft Defender for Cloud plans to release a containers Vulnerability Assessment powered by Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM. This feature is expected to be available in May 2023.
- Defender for DevOps User Experience Improvements: To enhance the Defender for DevOps user experience and enable further integration with Defender for Cloud’s rich set of features, Microsoft plans to make improvements in June 2023.
New and Updated Compliance Features
- Express Configuration for Vulnerability Assessment in Defender for SQL: Microsoft Defender for Cloud has announced an express configuration for vulnerability assessment in Defender for SQL, simplifying the setup process and improving security posture.
- Defender CSPM Plan: Microsoft has introduced a new Defender plan called Defender CSPM, which enhances the security capabilities of Defender for Cloud and includes new and expanded features for Cloud Security Posture Management (CSPM).
Integration with Microsoft 365 Defender
Microsoft Defender for Cloud Apps is now part of Microsoft 365 Defender and can be accessed through its portal. Microsoft 365 Defender correlates signals from the Microsoft Defender suite across endpoints, identities, email, and SaaS apps to provide incident-level detection, investigation, and powerful response capabilities.
Conclusion
By incorporating these features and updates, Microsoft Defender for Cloud continues to evolve as a comprehensive security solution for multi-cloud and hybrid environments. Stay informed about the latest developments in Defender for Cloud by following the release notes here and the important upcoming changes. Be sure to follow this series as we dive deeper into specific examples and use cases for Defender for Cloud in the upcoming blog posts.
If you have any questions or for more information, please contact us.