One click to cover containers & Kubernetes in Defender CSPM (agentless)

CSPM contextual security capabilities assists security teams in the reduction of the risk of impactful breaches. CSPM uses environment context to perform a risk assessment of your security issues. CSPM identifies the biggest security risk issues, while distinguishing them from less risky issues.

With attack path analysis and cloud security explorer Defender DCSPM customers can address the security issues that pose immediate threats with the greatest potential of being exploited and proactively identify security risks in their cloud environment by running graph-based queries on the cloud security graph, which is Defender for Cloud's context engine.

Agentless containers coverage as part of DCSPM is now available in public preview. It only takes one click to benefit from adding ' context to the security graph:

  • Agentless visibility – discover and container registry estate across SDLC and runtime, seamlessly with no footprint on the workloads.
  • Container vulnerability assessment – out of the box container image scanning, including registry and runtime.
  • Attach path analysis – prioritize and zoom into container vulnerabilities and posture risks that matter most.
  • Graph based queries – uncover security insights in their cloud context, such as vulnerabilities, internet exposure, sensitive data and more.

Customers who enabled Defender CSPM after April 17th already enjoy agentless container capabilities no need to take any further action.

Customers who enabled before Defender CSPM after April 17th   – such customers need to manually enable the “Agentless discovery for Kubernetes”and “Container registries vulnerability assessments” extensions for their Defender CSPM environments.

This is a one-time manual effort as newly onboarded subscriptions, the relevant extensions will be default enabled.

To enable these, the following permissions on the subscription are required:

  • Subscription Owner, or
  • User Access Admin + Security Admin
  1. In the Azure portal, navigate to the Defender for Cloud's Environment Settings page.
  2. Select the subscription that's onboarded to the Defender CSPM plan, then select Settings.
  3. Ensure the Agentless discovery for Kubernetes and Container registries vulnerability assessments extensions are toggled to On.

Screenshot 2023-05-16 141512.png

  1. Click save.

Further Resources:

 

This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.