New Blog Post | Microsoft Defender PoC Series – Defender CSPM
Microsoft Defender PoC Series – Defender CSPM - Microsoft Community Hub This Microsoft Defender for Cloud PoC Series provides guidelines on how to perform a proof of concept for specific Microsoft Defender plans. For a more holistic approach where you need to validate Microsoft Defender for Cloud and Microsoft Defender plans, please read How to Effectively Perform an Microsoft Defender for Cloud PoC article. Cloud Security Posture Management provides organizations with a centralized view of their cloud security posture, allowing them to quickly identify and respond to security risks, ensures compliance, and allows for continuous monitoring and improvement of cloud security posture. Defender for Cloud CSPM provides organizations with a unified view of their cloud environment across multiple cloud providers, including Azure, AWS, GCP and On-premises. Defender for Cloud offers CSPM in two plans: a free Foundational CSPM plan and a Premium Defender CSPM plan. To understand the capabilities of CSPM plans, please refer: https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management#defender-cspm-plan-options. Defender CSPM plan, provides advanced posture management capabilities such as https://learn.microsoft.com/en-us/azure/defender-for-cloud/how-to-manage-attack-path, https://learn.microsoft.com/en-us/azure/defender-for-cloud/how-to-manage-cloud-security-explorer, https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection, https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-regulatory-compliance, and also tools to assess your https://learn.microsoft.com/en-us/azure/defender-for-cloud/review-security-recommendations.New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud
Full blog post: Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub In our previous blog “A Proactive Approach to Cloud Security Posture Management with Microsoft Defender for Cloud,” Yuri Diogenes emphasized the importance of proactive security posture management and outlined a successful organizational structure for security teams. He delved into the core elements of posture management, including monitoring secure score improvement, enforcing governance rules, and engaging in proactive hunting. Building on that discussion, we now turn our attention to the vital aspect of proactive hunting in this follow-up article. Our goal is to provide technical insights and practical tips for reducing the attack surface and minimizing the risk of compromise through proactive hunting in cloud environments. This article will demonstrate how you can utilize Microsoft Defender for Cloud's Security Explorer to conduct proactive hunting in cloud environments with maximum efficiency. Original post: New Blog Post | Proacting Hunting with Cloud Security Explorer in Defender for Cloud - Microsoft Community Hub
Secure score power BI dashboard
We are following https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Secure%20Score to deploy secure score over the time dashboard for MDC. however steps for the deployment are very old when we had azure security center instead of MDC and prerequisites are not properly documented. As per the article we need to: Export the secure score data to Log analytics workspace by using continuous report option in MDC portal. Deploy Secure Score over the time workbook which can export the secure score data to Log Analytics workspace (not clear if this will pull reports every 24 hours and what permissions are required on Log Analytics workspace and to deploy the workbook) Do we need to export the secure score data to same Log Analytics workspace on which MDC is deployed or a separate workspace is needed ? If MDC already uses Log analytics workspace in the backend to store the logs then why can't we pull the secure score log data directly? why we need to export the secure score data to Log Analytics workspace first then to connect it to dashboard ?
New Blog | High severity curl vulnerability: prepare with Microsoft Defender for Cloud
On October 2nd, high severity vulnerabilities in curl were preannounced. The curl project has announced that curl8.4.0 will be released on October 11th, earlier than expected. While the vulnerabilities have yet to be disclosed, it is expected that two vulnerabilities will be released: high-severity CVE-2023-38545 and low-severity CVE-2023-38546. curl is a popular command-line tool and library (libcurl) used to transfer data across network protocols using URL syntax. The library is one of the most widely used open-source projects across most operating systems, including Windows and Linux, and is one of the most popular OSS packages present in clients, embedded systems, and cloud-native applications/containers. Explicit details on the vulnerabilities, such as vectors and impacted versions, have not been disclosed at this time. We will update this blog post once the details are available after October 11th with further guidance. However, we encourage customers to prepare ahead of time by understanding where and how in their environments they are using curl. Read the full blog here: High severity curl vulnerability: prepare with Microsoft Defender for Cloud - Microsoft Community HubWhat about PAAS Services
There are many PaaS services in Azure that don't seem to be covered by Defender for Cloud. AI & ML, media, mobile, mixed reality and web are big categories with lots of services that don't seem to be considered by the Security Posture score. Am I missing something? How can we ensure that all of those services are properly secured?Regulatory Reports automation on multiple subscriptions
Hi Is there a way to get the Regulatory Compliance report on subscriptions (like the "Downloadable") in Microsoft Defender for Cloud, sent out pr. Email in a specified interval? as we have the option to download the report but I'm unable to find an option to automate the same.Step-by-step: How to connect AWS machines to Microsoft Defender for Cloud with Azure Arc
Linda Murray and Amy McAuley, Assc Consultants in Azure Cloud and AI at Microsoft, contributed a great detailed write-up on how to connect AWS to Microsoft Defender for Cloud. See all the pre-reqs and steps needed in both AWS and Azure, to get your AWS Security Hub detected misconfigurations and findings included in your Secure Score Model and Regulatory Compliance Experience. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-how-to-connect-aws-machines-to-microsoft-defender/ba-p/3251096?WT.mc_id=modinfra-59837-socuff
