Databases are constantly evolving to handle new use cases, incorporate more intelligence and store more data, giving developers and organizations a wide range of database types to meet their varying needs. There are unique aspects to each database type, including authentication methods, configuration options, architecture, and capabilities. This means that the security threats are also unique – requiring custom security measures and protection capabilities to address the most common threats across databases.
Microsoft Defender for Cloud provides advanced protection for different types of databases including SQL databases, including Azure Database for PostgreSQL, Azure Database for MySQL, Azure Database for MariaDB and now Azure Cosmos DB.
We’re excited to announce that Microsoft Defender for Azure Cosmos DB is now generally available for SQL (Core) API accounts.
With Microsoft Defender for Azure Cosmos DB you can:
The new cloud workload protection capabilities are designed as an Azure-native layer of security, that detect attempts to exploit databases in your Azure Cosmos DB accounts based on the most common attack techniques and known bad actors - enabling security teams to detect and respond to these threats more effectively, using the Microsoft Defender for Cloud toolset.
These threat detections are delivered based on Microsoft Threat Intelligence, the Microsoft Defender SQL query analysis engine, and Microsoft Defender behavioral models.
Microsoft Defender for Azure Cosmos DB monitors your Azure Cosmos DB accounts and helps protect them from various attack vectors, such as attacks originating from the application layer, SQL injections, suspicious access patterns, compromised identities, malicious insiders, and direct attacks on the database. Below is an overview of the key threat techniques that affect Azure Cosmos DB and are detected by Microsoft Defender for Cloud.
Example of a detected SQL injection attack alert in Microsoft Defender for Cloud
You can find a complete list of Microsoft Defender for Azure Cosmos DB alerts here: Microsoft Defender for Azure Cosmos DB alerts reference guide.
Overview of the threat detection and response experience in Microsoft Defender for Cloud
To enable protection for the different databases in your cloud and hybrid environment, we created a central enablement experience for PostgreSQL, Azure Database for MySQL, Azure Database for MariaDB and now Azure Cosmos DB.
While each database type requires a tailored approach with custom security controls and uniquely optimized threat detection models, we have standardized the security experience in Microsoft Defender for Cloud across the different database types.
You can enable protection for Azure Cosmos DB at either the subscription level (recommended) or the resource level, or simply enable protection for all your database types with a single click. For detailed step-by-step instructions, check out our product documentation.
With the addition of support for Azure Cosmos DB, Microsoft Defender for Cloud now provides one of the most comprehensive workload protection offerings for cloud-based databases, giving security teams and database owners a centralized experience to manage database security in their environments.
Microsoft Defender for Cloud is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multi-cloud and hybrid environments from evolving threats.
More information:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.