Monthly news – June 2023

Microsoft for Cloud

Monthly news

June 2023 Edition

teaser.png

This is our monthly “What's new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from May 2023.

 Microsoft for Cloud
webcast recordings.png Watch new episodes of the for Cloud in the Field show to learn about API Security with Defender for APIs, create custom recommendations for AWS and GCP, and new data-aware security posture capabilities in Defender for Cloud.
Public Preview sign-up.png We're announcing the release of Vulnerability Assessment for images in Azure container registries powered by Microsoft Defender Vulnerability Management (MDVM) in Defender CSPM. This release includes daily scanning of images. Findings used in the Security Explorer and attack paths rely on MDVM Vulnerability Assessment instead of the Qualys scanner.
Public Preview sign-up.png We're seeking your feedback on Defender for APIs. In this form you will be able to share feedback with the product team about your experience with the Defender for APIs capabilities. The survey will take approximately 6 minutes to complete. Thank you!

GitHub.png

The Defender for Cloud Onboarding Workbook V2 is the latest version of this workbook that was originally published August 2022. Please review this blog post to learn what has changed. This workbook helps you track which Azure subscriptions under your Tenant are onboarded with Defender for Cloud. Also, it lists the resources deployed into these subscriptions that can be protected by the Defender for Cloud workload protection plans, and it checks if any required agents are missing for the workload protection.
Blogs on MS.png Microsoft Defender for APIs, a new plan in Defender for Cloud, offers full lifecycle protection, detection, and response coverage for APIs published in Azure API Management. One of the main capabilities is the ability to detect exploits of the OWASP API Top 10 vulnerabilities through runtime observations of anomalies using machine learning-based and rule-based detections. This blog will outline the steps for simulating an action that will trigger an alert for one of your API endpoints through Defender for APIs.
Blogs on MS.png Microsoft Defender for Cloud is a Cloud Native Application Protection Platform (CNAPP) that offers crucial insights and protective measures through its Attack Path risk analysis feature. A frequent requirement from customers is the ability to receive notifications whenever new attack paths are detected. This article presents an automated solution utilizing Azure Logic Apps to address this need. By deploying a custom Logic App using an Azure (ARM) template, organizations can establish a streamlined notification system for newly reported attack paths by Microsoft Defender for Cloud. This solution guarantees that security teams receive prompt alerts, empowering them to promptly respond and safeguard their cloud resources efficiently.
Product improvements.png Defender for Code and IaC has expanded its recommendation coverage in Microsoft Defender for Cloud to include Azure security findings for the following two recommendations:
  • Code repositories should have code scanning findings resolved
  • Code repositories should have infrastructure as code scanning findings resolved

Previously, coverage for Azure security scanning only included the secrets recommendation.

Blogs on MS.png Recently, we've added agentless container security posture capabilities in the Defender Cloud Security Posture Management (CSPM) plan. Previously, to discover parts of the Kubernetes estate, the Defender Profile, deployed as part of the Defender for Containers plan, needed to be deployed on each cluster. Defender CSPM now collects inventory of the Kubernetes cluster, without the use of an agent and without dependency on Defender for Containers. These insights are included as part of the Cloud Security Explorer and Attack Path Analysis. However, security posture management is not enough to get full visibility into potential threats and security risks. Defender for Containers and its' agent-based capabilities are significant in detecting near real time threats on the cluster. In this blog, we highlight how Defender CSPM and Defender for Containers can be used to help organizations secure their containerized environments in the cloud.
Product improvements.png Agentless scanning for VMs now supports processing of instances with encrypted disks in AWS, using both CMK and PMK. This extended support increases coverage and visibility over your cloud estate without impacting your running workloads. Support for encrypted disks maintains the same zero impact method on running instances.
  • For new customers enabling agentless scanning in AWS – encrypted disks coverage is built in and supported by default.
  • For existing customers that already have an AWS connector with agentless scanning enabled, you'll need to reapply the CloudFormation stack to your onboarded AWS accounts to update and add the new permissions that are required to process encrypted disks. The updated CloudFormation template includes new assignments that allow Defender for Cloud to process encrypted disks.
Product improvements.png Defender for DevOps has expanded its Pull Request (PR) annotation coverage in Azure DevOps to include Infrastructure as Code (IaC) misconfigurations that are detected in ARM and Bicep templates. Developers can now see annotations for IaC misconfigurations directly in their PRs. Developers can also remediate critical security issues before the infrastructure is provisioned into cloud workloads. To simplify remediation, developers are provided with a severity level, misconfiguration description, and remediation instructions within each annotation.
Product improvements.png To help you manage your AWS CloudTrail costs and compliance needs, you can now select which AWS regions to scan when you add or edit a cloud connector. You can now scan selected specific AWS regions or all available regions (default), when you onboard your AWS accounts to Defender for Cloud.
Public Preview sign-up.png Microsoft Defender Vulnerability Management (MDVM) is now enabled as the default, built-in solution for all subscriptions protected by Defender for Servers that don't already have a VA solution selected. If a subscription has a VA solution enabled on any of its VMs, no changes are made and MDVM won't be enabled by default on the remaining VMs in that subscription. You can choose to enable a VA solution on the remaining VMs on your subscriptions.
Blogs on MS.png In today's application development landscape, organizations are widely adopting Infrastructure-as-Code (IaC) technology to automate the provisioning and management of resources to support cloud native applications and workloads across their multi-cloud environments. By utilizing IaC, organizations can manage infrastructures with the same versioning, testing, and automation processes that they use for their application code, leading to more reliable, efficient, and secure operations. In this blog, you will learn identify and remediate critical misconfigurations in your Infrastructure-as-Code templates with Defender for DevOps.
Blogs on MS.png Have you ever found yourself in a situation where you wanted to determine which AWS resources are missing a tag? You can accomplish this use case using custom recommendations for AWS workloads in Defender for Cloud. The following steps solve the problem of creating a custom recommendation that identifies which Amazon RDS instances are missing a tag, but they can be applied to other use cases too. To learn more about this feature, please check out this article.
Blogs on MS.png Securing container images is essential to ensure data protection, reduce the risk of data breaches, and improve regulatory compliance. By understanding potential vulnerabilities, businesses can create a robust security strategy to protect their containerized applications, thereby safeguarding their sensitive data, reputation, and customer trust.
In this blog we discuss how Microsoft Defender for Cloud Security Posture Management (DCSPM) can help you identify and remediate vulnerabilities in your container image repositories.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Newington College – an Australian primary and secondary school – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
webcast recordings.png Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds.

Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.