Updating SDK for Java used by Defender for Server/CSPM in AWS
Hi, I have a customer who is Defender for Cloud/CSPM in AWS. Last week, Cloud AWS Health Dashboard lit up with a recommendation around the use of AWS SDK for Java 1.x in their organization. This version will reach end of support on December 31, 2025. The recommendation is to migrate to AWS SDK for Java 2.x. The issue is present in all of AWS workload accounts. They found that a large amount of these alerts is caused by the Defender CSPM service, running remotely, and using AWS SDK for Java 1.x. Customer attaching a couple of sample events that were gathered from the CloudTrail logs. Please note that in both cases: assumed-role: DefenderForCloud-Ciem sourceIP: 20.237.136.191 (MS Azure range) userAgent: aws-sdk-java/1.12.742 Linux/6.6.112.1-2.azl3 OpenJDK_64-Bit_Server_VM/21.0.9+10-LTS java/21.0.9 kotlin/1.6.20 vendor/Microsoft cfg/retry-mode/legacy cfg/auth-source#unknown Can someone provide guidance about this? How to find out if DfC is going to leverage AWS SDK for Java 2.x after Dec 31, 2025? Thanks, Terru
Update OpenSSL : Machines should have vulnerability findings resolved
Hi, I am new to this Defender Cloud. We are getting this message about out of date OpenSSL version: I have updated the .NetCore to the latest version : However it still doesnt seems to have resolved the error from Defender Cloud. I dont have any OpenSSL client installed on this machine from .net core. when I searched I only found these files : any assistance will be greatly appreciated on how do I resolve this issue? as far as I can see everything is up to date.
New Blog | Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0
We are thrilled to announce that Microsoft Defender Cloud, in collaboration with the Center for Internet Security (CIS), now supports the latest CIS Azure Security Foundations Benchmark - version 2.0.0. This release also includes the new corresponding built-in policy initiative in the Azure Policy blade. Read the full update here: Microsoft Defender Cloud Now Supports CIS Azure Security Foundations Benchmark 2.0.0Blog | Defender for Cloud unified Vulnerability Assessment pwd by Defender Vulnerability Management
We are thrilled to announce that Defender for Cloud is unifying our vulnerability assessment engine to Microsoft Defender Vulnerability Management (MDVM) across servers and containers. Security admins will benefit from Microsoft’s unmatched threat intelligence, breach likelihood predictions and business contexts to identify, assess, prioritize, and remediate vulnerabilities - making it an ideal tool for managing an expanded attack surface and reducing overall cloud risk posture. Read the full blog here: Defender for Cloud unified Vulnerability Assessment powered by Defender Vulnerability Management - Microsoft Community Hub
Security alerts in Microsoft defender for Cloud
Hello All, we have received below security alert in Microsoft defender for cloud for our App service. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Our website is Internet facing (Public facing). so, we cannot put much restriction on our app service (ex IP restriction, SSL certificate). We are unable to investigate the below alerts. we checked the log analytics workspace logs but and extracted the logs from the caller IP. but could not find much information form it we also checked there was no impact found on our webapp. 1) NMap scanning detected (for this we got the carrier and organization as Microsoft) 2) Vulnerability scanner detected 3) Suspicious User Agent detected Is there any way by which we can investigate why these alerts got generated. and what next action can be taken on this ?New Blog | New multicloud CNAPP innovations in Microsoft Defender for Cloud
We are expanding the power of our contextual cloud security graph and attack path analysis with support for GCP resources. Starting on August 15, customers can leverage the power of Defender CSPM for comprehensive visibility and intelligent cloud security across their GCP resources. This enables organizations to sift through the clutter, zeroing in on and addressing the most pressing risks spanning their multicloud environment. Key features of our GCP support include: Attack path analysis: Understand the potential routes attackers might take. Cloud security explorer: Proactively identify security risks by running graph-based queries on the security graph. Agentless scanning: Scan servers and identify secrets and vulnerabilities without installing an agent. Data-aware security posture: Discover and remediate risks to sensitive data in Google Cloud Storage buckets. Read the full blog post: New multicloud CNAPP innovations in Microsoft Defender for Cloud - Microsoft Community HubBlog | Malware Scanning for cloud storage GA pre-announcement|prevent malicious content distribution
Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023. This add-on to Defender for Storage will be priced at $0.15 (USD) per GB of data scanned. Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events. Read the full blog post: Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution at scale (microsoft.com)New Blog | 'SQL servers on machines should have vulnerability findings resolved.'
Databases contain some of your most sensitive data, which makes them an obvious target for attackers. Most attackers are usually looking for data, whether it is to acquire sensitive data for their own use (to sell), to encrypt it (to sell back to you), or to destroy it (to cause you reputational and operational harm). Databases have an extended attack surface and are often misconfigured which can lead to an attacker gaining access, elevating permissions, and wreaking havoc. This recommendation is generated by Defender for SQL on machines Vulnerability Assessment. The rules that we check for are a set of possible misconfigurations that should be addressed. When you have findings for this recommendation, you have four options on how to handle it. We’ll go into depth on each of them in this blog. Read the blog: Microsoft Defender for Cloud - 'SQL servers on machines should have vulnerability findings resolved' - Microsoft Community HubNew Blog | Microsoft Defender for Cloud capabilities to counter identity-based supply chain attacks
In recent years, cloud identity-related security issues in supply chain attacks have gained significant attention. A supply chain attack occurs when attackers infiltrate a target organization by gaining access to its trusted suppliers or third-party service providers. Although supply chain attacks are not exclusive to the cloud environment, the advent of cloud computing has introduced unique considerations and risks to this type of attack. Read the blog here: Announcing Microsoft Defender for Cloud capabilities to counter identity-based supply chain attacks - Microsoft Community HubTalk to our engineers about Microsoft Defender for Cloud protection capabilities
Data Security has become top priority for organizations, greatly emphasized by the transition to cloud, rise in privacy and regulatory legislations, and Intellectual Property needs. Organizations look for Data Security technologies to address data security risks and to protect their data in an ever growing and complex eco-system of devices, platform, locations, and data asset types. The Cloud Data Security (CDS) product team is developing new capabilities in Microsoft Defender for Cloud that enhances data security posture management based on data sensitivity and data risk. We are currently collecting customer’s input on data protection capabilities for structured and unstructured data and would like to speak with customers interested in protecting their data in the cloud. During this conversation, you will be speaking directly with the Cloud Data Security engineering group regarding cloud data protection needs for structured and unstructured data such as data loss prevention, encryption, tokenization, masking, and access policies. Your input is important and will help influence the design and development of key features. If are interested in talking to our Cloud Data Security Engineering team about protection capabilities within Microsoft Defender for Cloud, please fill out this form --> https://aka.ms/MDFCDataProtection
