This is our monthly “What's new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from August 2023.
Microsoft Defender for Cloud
Malware scanning is now generally available (GA) as an add-on to Defender for Storage. Malware scanning in Defender for Storage helps protect your storage accounts from malicious content by performing a full malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It's designed to help fulfill security and compliance requirements for handling untrusted content. The malware scanning capability is an agentless SaaS solution that allows setup at scale, and supports automating response at scale. Learn more about malware scanning in Defender for Storage.
With almost 90% of organizations adopting a multicloud strategy, successfully securing across your entire environment has never been more important. Vulnerabilities in code, overprivileged access, critical misconfigurations, and evolving threats can lead to sensitive data exposure and breaches, driving cloud security to the top of the concern list for many enterprises. Microsoft Defender for Cloud is pioneering this new era of security by offering a holistic approach to multicloud management. Trusted by industry professionals as a leading Cloud Native Application Protection Platform (CNAPP), Defender for Cloud integrates security and compliance capabilities for apps, data, and infrastructure into one platform, providing end-to-end protection across Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, and hybrid environments. With proactive posture management and advanced threat protection, Defender for Cloud empowers organizations to start secure and stay secure, effortlessly managing the security of their workloads across clouds. Review announcement of new advanced multicloud posture management capabilities for Google Cloud Platform (GCP) further solidifies Microsoft's commitment to ensuring optimal security across multicloud and hybrid environments.
Misconfigurations are common entry points for attackers. Cloud misconfigurations occur when cloud resources are set up with incorrect or insecure settings, leaving them vulnerable to exploitation. Misconfigurations can lead to sensitive data being exposed to the public internet, unauthorized users, or can open up unnecessary ports, services, or permissions that attackers can exploit. Proactive security management for cloud misconfiguration is essential to maintaining a strong security posture. In this blog, we will walk you through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly.
We recently changed the way security alerts and activity logs are integrated. To better protect sensitive customer information, we no longer include this information in activity logs. Instead, we mask it with asterisks. However, this information is still available through the alerts API, continuous export, and the Defender for Cloud portal. Customers who rely on activity logs to export alerts to their SIEM solutions should consider using a different solution, as it isn't the recommended method for exporting Defender for Cloud security alerts.
The latest addition to Defender for Containers, Agentless Discovery for Kubernetes, empowers security-conscious organizations with new capabilities to gain insights into the security landscape of their Kubernetes workloads. Previously available for customers in Defender Cloud Security Posture Management (DCSPM), it is now being integrated as a core component of Defender for Containers. Agentless Discovery empowers you to gain higher visibility into the security landscape of your Kubernetes workloads, if you choose not to install additional agents. In this blog we discuss capabilities of Defender for Containers are made possible by enabling Agentless Discovery for Kubernetes.
Defender CSPM plan in Microsoft Defender for Cloud includes several extensions, e.g. agentless scanning for VMs, sensitive data discovery, etc. If you need to enable only specific extensions at scale using Azure Policy, please consider using this policy we have created for you.
Agentless security works by leveraging existing cloud APIs and services, removing the need to install software agents on individual hosts. This simplifies the deployment process and reduces operational complexity. It presents a compelling alternative to traditional agent-based security, which involves installing lightweight agents on each virtual machine or host within the cloud environment. In this article, we will outline how integrating the agentless approach into Defender for CSPM fosters a more robust and efficient cloud security posture. By utilizing agentless features, organizations can enhance visibility of their cloud resources, simplify deployment, maintain compatibility with diverse cloud platforms, and ensure thorough security coverage.
This new series of alerts focuses on detecting suspicious activities of Azure virtual machine extensions and provides insights into attackers' attempts to compromise and perform malicious activities on your virtual machines. Microsoft Defender for Servers can now detect suspicious activity of the virtual machine extensions, allowing you to get better coverage of the workloads security.
Under the Microsoft Defender for Cloud umbrella, Microsoft Defender for APIs, offers protection for APIs at every stage of their lifecycle. This service enhances the protections from Web Application Firewalls and API Gateways, resulting in a comprehensive security framework for API endpoints. In this article, we'll dive deeper into how Defender for APIs augments the security offered by Azure Web Application Firewall (Azure WAF) and Azure API Management (APIM). This article discusses the interplay between Defender for APIs, Azure Web Application Firewall (Azure WAF), and Azure API Management (APIM). Learn about their combined efforts in protecting APIs throughout their lifecycle, from real-time threat detections to adaptive security with posture management.
Microsoft Defender for Cloud has three plans that offer service layer protection: Defender for Key Vault, Defender for Resource Manager and Defender for DNS. These plans have transitioned to a new business model with different pricing and packaging to address customer feedback regarding spending predictability and simplifying the overall cost structure.
Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Tecnicas Reunidas – a Spanish-based general contractor which provides engineering, procurement and construction of industrial and power generation plants, particularly in the oil and gas sector – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.