Securing cloud-native applications in the age of AI: Defender for Cloud sets a new standard
Published May 06 2024 08:58 AM 4,343 Views
Microsoft

In the fast-paced world of cloud computing, security teams are facing unprecedented challenges. As organizations increasingly adopt multicloud environments and prioritize the development of cloud-native applications, the complexity of ensuring robust security has grown exponentially. Moreover, as the AI transformation accelerates innovation, productivity, and business agility, attackers are also using it to their advantage. They are exploiting Gen-AI models and applications to manipulate outcomes, steal sensitive data, or disrupt operations, posing potential significant risks to businesses. Embracing a comprehensive cloud-native application protection platform (CNAPP) strategy is essential for organizations seeking to secure their digital assets and maintain trust with their customers and stakeholders.


As part of a leading CNAPP solution, Microsoft Defender for Cloud enables organizations to secure their hybrid and multicloud environments comprehensively. Today, we are thrilled to announce major advancements in Defender for Cloud to enable security for enterprise-built AI apps and further bolster multicloud threat protection with new innovations in databases, containers and API security.

 

Mona_Thaker_3-1714799568175.png

Microsoft’s CNAPP solution

 

 

The first CNAPP to infuse security for enterprise-built AI apps throughout the application lifecycle.

The exponential growth of AI applications brings forth a new attack surface to understand and monitor. Emerging vulnerabilities and risks of AI applications do not revolve around the AI model alone, but rather the entire application, including SDKs, plugins, as well as the training and grounding data it can leverage. The prompts themselves can be exploited in jailbreak attacks with the intent to manipulate the AI application’s intended purpose that can result in unauthorized access, data breaches, and compromised decision-making.

 

 

Mona_Thaker_1-1714798977833.png

 

Today, we’re thrilled to announce that Defender for Cloud is the first Cloud Native Application Protection Platforms (CNAPPs) to safeguard AI workloads across the entire application lifecycle. Microsoft Defender for Cloud addresses these emerging threats by offering new security posture and threat protection capabilities tailored to protect enterprise built GenAI applications at every stage of the application lifecycle. This announcement marks a significant advancement in AI security, empowering organizations to stay ahead of evolving threats and safeguard their AI-driven innovations with unparalleled protection.

 

To provide a holistic view of AI security, Defender for Cloud now offers AI security posture management (AI-SPM) capabilities. Available as part of the Defender CSPM plan, this new capability enables organizations to gain granular visibility into their from code to runtime, automatically discover deployed AI workloads and identify misconfigurations and vulnerabilities across models, SDKs, and datasets. By integrating attack path analysis, it further strengthens AI security by pinpointing risks associated with grounding data exposure and facilitating rapid remediation to mitigate potential threats.

 

Furthermore, we’re the first CNAPP to expand AI security to provide detection and protection for active threats against AI applications using Azure OpenAI Service. These new threat protection capabilities for AI workloads leverages a native integration with Azure AI Content Safety prompt shields, to ensure that organizations can secure their AI workloads with confidence and protect against jailbreak attempts with additional detections for sensitive data exposure and credential theft. To take it a step further, the integration of Defender for Cloud alerts into Defender XDR, security teams can centralize their AI workload security operations and gain actionable insights to effectively mitigate threats.

 

Mona_Thaker_4-1714799696516.png

Sample detection of an active jailbreak attack

 

 

Level up multicloud threat protection for databases and Kubernetes

 

We’re continuing our commitment to providing comprehensive security solutions for businesses operating in multicloud environments. This dedication is evident in the latest expansion to multicloud environments including Amazon RDS, Kubernetes security posture management (KSPM) and runtime protection for Kubernetes across AWS, Azure and GCP.


The security of containerized environments requires a holistic approach, spanning the entire software supply chain. Microsoft Defender for Cloud offers a multi-pronged strategy to bolster Kubernetes security, from code repositories to container images, and container security in runtime. Recent enhancements include the introduction of risk-based prioritization for vulnerabilities, seamless integration into security dashboards for compliance assessments, and expanded support for container images across clouds and registries. With new Kubernetes RBAC data analyzing roles and permissions configuration, Defender for Cloud uncovers hidden vulnerabilities, empowering organizations to proactively address threats before they escalate. Additionally, risk-based prioritization for containers enhances vulnerability assessments based on potential impact. We are also adding a new and improved threat detection sensor to further strengthen runtime protection across diverse cloud environments, enabling organizations to identify and neutralize threats proactively.

 

For protecting your cloud databases, Microsoft Defender for open-source relational databases plan now extends its protection to multicloud environments, starting with Amazon RDS on AWS. The workloads supported in Amazon RDS are:

  • Aurora PostgreSQL
  • Aurora MySQL
  • PostgreSQL
  • MySQL
  • MariaDB

Security teams can activate Defender for open-source relational databases plans for AWS RDS, available in public preview, marking a significant milestone in our efforts to secure critical data across various cloud platforms.

Furthermore, adding new alerts for multicloud containers and data workloads will improve cloud detection and response capabilities through the existing integration of Microsoft Defender for Cloud and Microsoft XDR. This enhancement allows SOC teams to correlate findings to better understand the attack story and protect against evolving threats faster.

 

More innovations from Defender for Cloud

 

Expanded Infrastructure-as-Code (IaC) insights with Checkov integration, available in public preview. IaC security is a critical component to adopting a comprehensive CNAPP solution, and with the Checkov, an open-source Infrastructure-as-Code (IaC) scanning tool integration, Defender for Cloud will support more resource types, custom policy configuration, and thousands of additional configuration checks – improving IaC scanning in Defender for Cloud.

 

Drill into overprovisioned and unused permissions with new cloud infrastructure entitlement management (CIEM) capabilities, now generally available. Security admins can incorporate identity and permission risk factors into overall to strengthen the cloud identity security posture, with the integrated insights from Microsoft Entra Permissions Management. New enhancements to recommendations enable admins to drill into recommendations by specific identities to find permissions associated with users, groups, service principles, and functions. Additionally, the new CIEM Workbook provides granular insights and an overview of overprovisioned, unused identities, and attack paths that can be exploited through weak permission configurations.

 

Get centralized API visibility and expanded DevOps environment support in Defender for Cloud. We’re expanding the API security testing support to two new API security testing solutions - Bright Security and StackHawk, along with preview support for Azure DevOps, enabling full lifecycle API security within Defender for Cloud. Read the full announcement here.

 

 

Next steps

From code to runtime, Defender for Cloud helps you start secure with proactive posture hardening and stay secure with advanced threat protection across multicloud apps, infrastructure, and data. To get started today with these new innovations in Microsoft Defender for Cloud, you can:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Version history
Last update:
‎May 05 2024 07:58 PM
Updated by: