Announcing Defender CSPM GA & new data security capabilities in Microsoft Defender for Cloud
Published Mar 28 2023 08:07 AM 15.1K Views
Microsoft

With the increasing complexity around the development and adoption of cloud applications, organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to cloud infrastructure, and evolving threats that can cause sensitive data exposure.

 

Microsoft is leading the next chapter of comprehensive multicloud security so organizations can start secure with proactive posture hardening and stay secure with advanced threat protection across cloud apps, infrastructure, and data.

 

Recognized by Gartner as a Representative Vendor in its 2023 Market Guide on Cloud Native-Application Protection Platforms (CNAPP)1, Microsoft Defender for Cloud seamlessly combines security and compliance capabilities into a single platform to provide end-to-end protection across AWS, GCP, Azure, and on-premises.

 

Today, I am thrilled to announce new CNAPP innovations in Defender for Cloud across posture management and data protection to help organizations seamlessly embed cloud data security into their CNAPP strategy.

  • General Availability of Microsoft Defender Cloud Security Posture Management (CSPM), now with new integrated data-aware security posture. Defender CSPM extends existing free posture management capabilities to help security teams gain full visibility across their multicloud and hybrid environments, get integrated, contextual risk insights across their infrastructure, quickly identify their most critical risk with attack path analysis, and proactively remediate vulnerabilities and misconfigurations. And today, new integrated data-aware security posture capabilities empower teams to prevent data breaches with full visibility into the multicloud data estate and pressing risks to sensitive data.

 

  • Public Preview of Malware Scanning for Defender for Storage and new data-aware threat detection. Malware Scanning for Defender for Storage enables security teams to scan content upon upload and detect polymorphic and metamorphic malware in near real-time. With agentless and simple at-scale enablement, security teams can prevent distribution of malware across their storage resources. With the new data-aware layer, security teams can leverage the sensitive data threat detection feature to prioritize storage resources containing sensitive data and detect sensitive data exfiltration and exposure events. 

The core pillars of Microsoft Defender for Cloud listed from left to right: Cloud Security Posture Management, DevSecOps, Cloud infrastructure entitlement management, and Cloud Workload Protection.The core pillars of Microsoft Defender for Cloud listed from left to right: Cloud Security Posture Management, DevSecOps, Cloud infrastructure entitlement management, and Cloud Workload Protection.

 

Prioritize your most critical risk with contextual CSPM, now with integrated data-aware security posture

 

Security teams face both an expanding attack surface and countless alerts across multiple tools and services. At Ignite, we announced the public preview of Microsoft Defender CSPM, and shared how its attack path analysis and cloud security graph helps teams cut through the noise and efficiently focus on remediating the most critical risks across their multicloud and hybrid environments.

 

Today, I’m thrilled to announce the General Availability of Defender CSPM in Microsoft Defender for Cloud, now with new integrated data-aware security posture management.

 

Starting today, organizations can use Defender CSPM to gain end-end-end visibility with agentless scanning, real-time security assessments, and contextual cloud security with attack path analysis built on top of an intelligent, searchable cloud security graph. The cloud security graph connects the dots across teams, consolidating posture insights from the code itself with Defender for DevOps and from cloud workloads in runtime across servers, containers, databases, storage and more. It also integrates critical data signals from Defender External Attack Surface Management (EASM) to monitor internet-exposed resources, and leverages Microsoft Purview’s information types, labels, and data context to identify data resources with sensitive data. Further, to help organizations stay secure, Defender CSPM’s integrations with our cloud workload protection (CWP) solutions provide threat-detection alert contexts in attack path analysis to help indicate attempts to exploit vulnerable resources.

 

Mapping critical assets across cloud workloads is critical to effectively identify security posture priorities. That’s why I’m so excited to share new enhanced value in Defender CSPM with integrated data-aware security capabilities that allow security teams to get ahead of their data risks and prioritize security issues that could result in a data breach. With new automatic discovery capabilities, security teams can gain visibility into their multicloud data estate and evaluate where sensitive data resides, who can access it, and how does the data flows. Powered by the cloud security graph, security teams can also use the cloud security explorer to uncover direct and indirect risks of data exposure across object stores, managed and hosted databases.  With attack path analysis, customers can identify misconfigurations or vulnerabilities that can lead to a data breach.

 

Attack path analysis outlining a potential lateral movement path to a data store with sensitive data, from an internet exposed virtual machine.Attack path analysis outlining a potential lateral movement path to a data store with sensitive data, from an internet exposed virtual machine.

 

Microsoft is committed to empowering organizations to start secure and stay secure across their multicloud environments. In this pursuit, just this week, we also announced the general availability of our first multicloud security benchmark – Microsoft cloud security benchmark (MCSB) v1 in Defender for Cloud. The MCSB is available in foundational CSPM, our free tier in Defender for Cloud, and provides a comprehensive framework of cloud security best practices in a single pane of glass to assess and monitor multicloud environments across Azure and Amazon Web Services, with Google Cloud coming later this year.

 

Stop malware in its tracks and prioritize threats to sensitive data with Defender for Storage

As more businesses move their data and operations to the cloud, it becomes increasingly important to protect stored data from a variety of threats, including malware and sensitive data corruption and exfiltration. Security teams need to effectively protect cloud object stores to maintain oversight, protect sensitive data, and take proactive security measures.

 

Microsoft Defender for Storage is a cloud-native layer of security intelligence that detects anomalous and potentially malicious activity to access or exploit object stores such as Azure Blob Storage. Defender for Storage analyzes telemetry streams from storage resources and synthesizes activity against Microsoft’s threat intelligence research to detect anomalous and potentially malicious activity. Customers benefit from contextual security alerts that provide additional investigation details and remediation actions, and security recommendations to protect storage resources from future incidents.

 

We’re pleased to announce the public preview of a new wave of enhancements to help customers detect malware upon content upload. These new enhancements are available as part of the new Defender for Storage plan, maintaining its existing powerful threat protection, while offering new and future capabilities with improved scalability and optimized granular protection control.

 

Going forward, the new product plan will be referred to as Defender for Storage. The previous product plan will be referred to as Defender for Storage (classic).

 

 

Defender for Cloud security alert based on Malware Scanning result with full malware details and blob context.Defender for Cloud security alert based on Malware Scanning result with full malware details and blob context.

 

With the public preview of Malware Scanning, security teams can enable an additional layer of protection to detect and prevent storage accounts from acting as a point of malware entry and distribution. When content is uploaded to an Azure Blob container, it’s automatically scanned for metamorphic and polymorphic malware and analyzed in near-real time, with results automatically recorded on the blob metadata.

 

If a malicious file is detected, a security alert is generated with details, threat research, and remediation steps. Customers can go beyond detection and configure automated workflows to delete or quarantine malware-infected files from infiltrating your storage resources.

 

To further focus on critical threats, Defender for Storage will now include sensitive data threat detection. Customers can now leverage sensitive data discovery on Azure Blob containers to make their threat protection data-ware by creating contextual alerts, prioritizing sensitive data exfiltration or exposure events.

 

We have a thriving and passionate community of customers using Defender for Cloud to manage security across clouds. I am excited to introduce these new capabilities today and wanted to share an insight from one of our customers:

 

 “Protecting storage accounts from untrusted content is one of our top security concerns. Now that Defender for Storage has extended its malware scanning capabilities and provided us with built-in near real time full scanning, it allows us to replace our custom solutions meaning lower TCO and lower risk. We can now meet compliance regulations and stay secure with simple setup and zero maintenance.”

– Pete van Blerk, Security Lead at NewOrbit

 

Learn More

From code to cloud, Defender for Cloud is the platform, powered by intelligence, that will help you go beyond CNAPP and secure your cloud data estate. Develop an infinite mindset to cloud security and learn more about the expansion of the security portfolio in Microsoft Defender for Cloud. Get started today with these new innovations in Microsoft Defender for Cloud.

 

1 Gartner®, Market Guide for Cloud-Native Application Protection Platforms, March 14, 2023. Neil MacDonald, et al.

2 Comments
Version history
Last update:
‎Mar 28 2023 02:01 PM
Updated by: