Defender CSPM enhances risk prioritization, remediation, and compliance for multicloud environments

With almost 90% of organizations adopting a multicloud strategy, successfully securing the entire environment has never been more important. However, the complexities of multicloud environments can introduce security risks, particularly if there is lack of visibility across environments and security is managed in siloes. Microsoft for Cloud helps organizations break down their multicloud security siloes by offering a market-leading cloud-native application protection platform, integrating security – not just across clouds, but also throughout the application life cycle.  

Mitigating cloud-based risks must be powered by visibility and prioritization of underlying risks to enable security teams to get ahead of threats. Defender CSPM is a market-leading solution that delivers comprehensive visibility and remediation capabilities to help security teams harden their posture across multicloud environments.  

Today, we're excited to announce new innovations in CSPM reinforce our commitment to empowering security teams to better prioritize business-critical risks, accelerate multicloud compliance, and streamline risk remediation.   


Proactively protect and prioritize risks to business-critical resources 

For many security teams struggling with limited resources and fatigued with seemingly endless security findings, pinpointing exploitable security issues to business-critical cloud resources has never been more important. Our exciting announcements further our growth to help security teams efficiently prioritize and remediate their most critical risks.  

Risk prioritization in Defender CSPM is now generally availableOur risk prioritization experience allows security teams to focus on the riskiest security issues that can cause a high-impact breach to their organization. The risk prioritization experience is powered by a contextual risk assessment engine developed with the expertise of our security research team, which assesses each resource, considers exploitability and business impact factors such as internet exposure, data sensitivity, potential lateral movement and more, and determine its true effective risk.

Using the new capability, organizations can pinpoint the most critical security issues they have, from the endless list of issues found in their organization. Thus, security teams can reduce risk of compromise to their organization in the most effective way.

tal_rosler_0-1710258041624.pngNew automatic discovery of business-critical workloads. For security teams, gaining visibility into business-critical workloads enables them to prioritize remediation efforts, address vulnerabilities faster, and reduce the overall risk to their business-critical applications. With the new automatic discovery of business-critical workloads in Defender CSPM, security teams can continuously detect business-critical resources in their organization, and ensure they are being secured in the most effective way.

In addition to automatic discovery, Defender CSPM's risk-based prioritization engine synthesizes business criticality context to enhance the risk prioritization of recommendations and attack paths, as well as detecting new attack paths leading to business-critical resources.  Our new capability is based on Microsoft Security Exposure Management's critical asset protection capabilities, with bi-directional sync between the products.

Expanding secrets scanning to detect plain-text secrets in cloud deployments. Cloud deployment templates are powerful tools that enable security teams to orchestrate cloud resource provisioning. However, they can pose significant risk if they contain plain-text secrets that are not properly secured. If not properly secured, malicious actors can gain privileged access and move laterally to sensitive resources. 

With public preview secrets detection in Defender CSPM, we are expanding our secret scanning detection for plain-text secrets on cloud deployments, including secrets detection for CloudFormation stacks and ARM deployments. Customers can now query their cloud environments for more than 50 secret and credential types, as well as assess their posture with context to plain-text secrets with new recommendations and attack paths. 


Agentless container posture capabilities in AWS and GCP are now generally available. Security teams can identify and prioritize risks in multicloud containers and environments. An agentless approach provides security teams visibility into their and containers registries across the software development lifecycle (SDLC), while removing friction and footprint from workloads.  


This release includes visibility to EKS and GKE clusters and vulnerability assessment and image scanning to ECR, GCR and GAR repositories. Additionally, security admins can leverage these capabilities to hunt for risks with multicloud Kubernetes attack paths. 


Attack path analysis uses the context of the entire multicloud estate, including information from agentless discovery of Kubernetes and agentless container vulnerability scanning, to reveal vulnerable paths that attackers may exploit to compromise your environment. Identified attack paths help security admins focus on the most critical posture issues across the environment and help prevent threats to Kubernetes environments. 


Enhanced compliance and remediation for multicloud environments 

With the growing regulatory pressures organizations face, security teams need to stay on top of ensuring they can demonstrate compliance across clouds. To help organizations align to regulatory frameworks and streamline remediation of compliance gaps in multicloud environments, we are releasing new capabilities in Defender CSPM: 

More than 20 new regulatory standards across AWS & GCP environments. Security teams can ensure their multicloud environments comply with regulatory standards including GDPR, ISO 27001, PCI-DSS 4, CIS Google Kubernetes Engine (GKE) Benchmark, and more. With the new standards coverage, customers can assess their compliance posture against regulatory frameworks in multicloud environments in a single pane of glass, and easily enforce policies to manage compliance gaps. 


Automated remediation for AWS & GCP environments. Security teams can now remediate security issues programmatically and at scale across their multicloud environments. Starting today, security recommendations for AWS & GCP are equipped with remediation scripts that can be deployed via AWS or GCP CLI. This empowers security and development teams to remediate security issues at scale, across clouds.  


Take a risk-based approach to prevent cyberattacks with Defender CSPM 

In the constantly evolving threat landscape of multicloud environments, embracing a proactive risk-based approach to has never been more important. Defender CSPM offers all tools needed to identify security issues from code to cloud, prioritize them with business impact in mind, and assess compliance and streamline remediation, with an agentless approach. All of these new capabilities and enhancements are available to Defender CSPM customers starting today. 

To get started, sign up for a free trial and start exploring Microsoft Defender for Cloud today. 


This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.