By Maya Herskovic

In the dynamic landscape of cloud security, the journey from code to runtime protection is a narrative of innovation and adaptation. At the heart of this evolution lies Microsoft Defender for Cloud, a CNAPP solution designed to fortify multi-cloud environments seamlessly.

Today we are announcing recent releases and enhancements for container security in Defender for Cloud with the general availability of Defender for Containers in AWS and GCP, containers risk-based prioritization, attack path analysis, Kubernetes identity monitoring, new eBPF sensor, detections and investigation capabilities.

Let's delve into the story of Microsoft Defender for Cloud’s recent capabilities across different stages of container applications deployment lifecycle.

Forging a Secure Kubernetes Chain: From Supply Chain to Cluster Compliance

The security of your containerized environment isn't a standalone battle – it's a war fought across the entire software supply chain. Vulnerabilities can lurk anywhere, from code repositories to containers, waiting to be exploited. Microsoft Defender for Cloud understands this interconnected landscape and offers a multi-pronged approach to fortify your Kubernetes security from end to end.

Imagine a detailed map of your Kubernetes environment, revealing not just containers but also internet exposure and permissions to other cloud resources. This is the power of Microsoft Defender for Cloud's new Kubernetes RBAC data, analyzing roles and permission configurations of the various cluster assets. Think of it as uncovering hidden tunnels beneath your castle walls – potential weaknesses that attackers could exploit to gain unauthorized access. With the new attack path engine in Defender CSPM, which uses path-finding algorithm to detect every possible attack path that exists in your cloud environment, Defender for Cloud finds many more attack paths in your environment and detect more complex and sophisticated attack patterns that attackers can use to breach your Kubernetes environment. You can proactively identify and address posture issues before they become a security breach. More information on attack path can be found here: Identify and remediate attack paths.

Taking our commitment to comprehensive container security a step further, Defender CSPM has introduced risk-based prioritization for recommendations, complementing existing vulnerability assessments with vulnerabilities at the image and container level with a comprehensive risk assessment. The risk is calculated using a graph of your cloud assets in their security context. This holistic view allows you to prioritize remediation efforts based on potential impact and empower you to focus on the most critical threats first, maximizing your cloud posture with efficient resource (time and effort) allocation. For more information on risk-based prioritization in Defender for Cloud see: Risk prioritization.

Strong security requires following best practices. Microsoft Defender for Cloud simplifies compliance by integrating Center for Internet Security (CIS) Kubernetes benchmarks into your security dashboard. These benchmarks automatically assess your clusters and provide clear steps to achieve a fully secure Kubernetes environment. Check out the full list of supported compliance standards

Building a resilient supply chain requires vigilance at every step.  Defender for Cloud goes beyond Kubernetes clusters to equip organizations with the tools they need to fortify their container security during CI/CD. Defender for Cloud, now covering also OCI and Windows container images across clouds and registries powered by Microsoft Defender Vulnerability Management (MDVM).

With these new security measures, Microsoft Defender for Cloud empowers you to take control of your containerized environment, from the moment your code is written to its final deployment in your Kubernetes environment.  This holistic approach allows you to proactively mitigate supply chain risks, navigate compliance challenges, and ultimately safeguard your containerized applications across your entire cloud journey.

Read the full post here: End to end container security with unified SOC experience