In the past year, we have been progressively enhancing our CNAPP solution with additional agentless security capabilities. It started with the capability to review installed software and identify vulnerabilities. We then expanded the platform to secret scanning to mitigate the risk of lateral movement.
Today, we're excited to announce our latest addition: agentless malware scanning for servers. This marks an important step in our trajectory towards hybrid VM security, where we combine agent-based and agentless protection to ensure comprehensive coverage across Azure, AWS, and GCP environments. Agentless malware scanning seamlessly incorporates into our agentless scanning platform, now also leveraging Microsoft Defender Antivirus (MDAV), Microsoft’s powerful anti-malware engine to detect threats and malicious files, generating security alerts for further investigation.
While traditional Endpoint Detection & Response (EDR) agents offer unparalleled depth in threat prevention, detection, and response, achieving (and maintaining) complete coverage can be challenging, and sophisticated attackers can leverage temporary and persistent blind spots to launch a successful attack. Complementing your fundamental agent-based coverage, agentless malware scanning provides a second effective layer of threat detection, particularly in situations like:
Ultimately, it provides an additional safety net against those risks, without added complexity or performance impact on your servers.
This latest addition extends Defender for Cloud’s agentless scanning for VMs capability, already assessing your Azure, AWS and GCP VMs for security issues without relying on running agents or network connectivity. We have also recently published a technical deep dive on the technology.
Until today, agentless scanning continuously conducted periodic inspections of your VM filesystems to surface posture issues, and now extending to threat detection as well, it harnesses the power of MDAV engine to detect malicious files on VMs. Onboarded VMs undergo a daily inspection, with MDAV scans combining signature-based with heuristic methods to assess files. Each scan utilizes our latest signatures and threat intelligence feeds to detect threats early on.
When malicious files are detected, Defender for Cloud generates detailed alerts with context, enabling you to conduct further investigations into the threat.
Agentless malware scanning is included with Defender for Servers P2 and becomes an integral part for VMs already enabled for agentless scanning. If you are using both – no action is needed, the new capability is already covering your VMs.
As a reminder, agentless scanning for VMs is automatically enabled with new onboardings to Defender for Servers P2. However, if you wish to validate or enable it, you can take these steps. To monitor your coverage, you can also use the built-in coverage workbook which provides insights about the plan enabled on a subscription and whether agentless scanning is active.
As soon as malware has been detected on a machine, a corresponding security alert will be created.
Alerts will be flagged as “alertname (agentless)” to indicate that agentless malware scanning created the individual security alert. Additionally, there might be several alerts with the same name on a machine. This indicates the same family of malware was detected in various files or file paths.
When selecting an alert, Defender for Cloud will display an alert summary and allow you to view full details, including information about the affected resource, detected malware, file paths, and more.
Lastly, at Microsoft Ignite 2023, we announced the new Defender for Cloud alerts integration with Microsoft Defender XDR. The new integration already includes alerts created by agentless malware scanning.
To learn how to create a test alert for agentless malware scanning in your environment, please read this documentation.
By combining agentless and agent-based solutions, Defender for Cloud enhances your threat detection coverage. While agent-based anti-malware provides unmatched detection and prevention capacities and real-time protection, agentless malware scanning serves as a valuable complement, addressing potential blind spots without imposing performance impact or leaving a footprint on the machine.
With this latest addition, we enhance Defender for Cloud's native server protection capabilities within Defender for Servers Plan 2, covering virtual machines across Azure, AWS, and GCP cloud environments.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.