Forum Discussion

TonyOPS's avatar
TonyOPS
Icon for Microsoft rankMicrosoft
Jan 18, 2024

New Blog Post | Agentless malware scanning for servers with Defender for Cloud

In the past year, we have been progressively enhancing our CNAPP solution with additional agentless security capabilities. It started with the capability to review installed software and identify vulnerabilities. We then expanded the platform to secret scanning to mitigate the risk of lateral movement.

 

Today, we're excited to announce our latest addition: agentless malware scanning for servers. This marks an important step in our trajectory towards hybrid VM security, where we combine agent-based and agentless protection to ensure comprehensive coverage across Azure, AWS, and GCP environments. Agentless malware scanning seamlessly incorporates into our agentless scanning platform, now also leveraging Microsoft Defender Antivirus (MDAV), Microsoft’s powerful anti-malware engine to detect threats and malicious files, generating security alerts for further investigation.

 

Why agentless malware scanning?

While traditional Endpoint Detection & Response (EDR) agents offer unparalleled depth in threat prevention, detection, and response, achieving (and maintaining) complete coverage can be challenging, and sophisticated attackers can leverage temporary and persistent blind spots to launch a successful attack. Complementing your fundamental agent-based coverage, agentless malware scanning provides a second effective layer of threat detection, particularly in situations like:

 

  1. VMs unprotected by EDR â€“ In rapidly changing cloud environments, maintaining agent coverage across all VMs is a continuous effort, and it’s not uncommon for servers to be unprotected due to operational challenges or oversight. Agentless malware scanning ensures that these servers don't remain complete blind spots; it is capable of detecting threats lurking on VMs where an EDR agent is absent and provides essential leads for investigations.
  2. EDR posture and configuration issues â€“ VMs with EDR might still be partially vulnerable due to issues like outdated configurations or mismanaged exclusions. Misuse or overuse of file and path exclusions, often aimed at optimizing performance, can inadvertently open security loopholes. This is particularly risky as certain threat actors exploit these blind spots. Agentless malware scanning, as an out-of-band scan of the VM, provides full coverage of the server filesystem and consistently utilizes Microsoft’s latest models, signatures, and feeds.

Ultimately, it provides an additional safety net against those risks, without added complexity or performance impact on your servers.

 

Read the full post here: Agentless malware scanning for servers with Defender for Cloud - Microsoft Community Hub

No RepliesBe the first to reply

Resources