Organizations are increasingly challenged to stay aligned with evolving business requirements and protect against expanding attack surfaces with a diverse portfolio of devices outside of traditional organizational boundaries, adding complexity to the vulnerability management process. Vulnerability management solutions provide understanding of their overall security risk posture and where to prioritize.
In recent years, Microsoft has established itself as a leading solution for vulnerability risk management (VRM) by leveraging its industry-leading threat intelligence and security expertise. Microsoft Defender Vulnerability Management provides end-to-end capabilities across the VRM lifecycle to identify, assess, prioritize, and remediate vulnerabilities, making it an ideal tool for managing an expanded attack surface and reducing overall risk posture.
Announcing availability of Defender Vulnerability Management standalone
Earlier this year we released our premium capabilities as an add-on to the core capabilities included with Defender for Endpoint Plan 2 and we are thrilled to announce Defender Vulnerability Management is now offered as a standalone solution. Now organizations not yet on Defender for Endpoint Plan 2, or have another EDR solution, or just looking to replace an existing vulnerability management solution, can take advantage of our context-aware, risk-based prioritization that leverages Microsoft’s unmatched threat intelligence, breach likelihood predictions and business contexts to prioritize vulnerabilities across their portfolio of managed and unmanaged devices.
With this significant addition of a standalone offering, we also introduced enhancements to the Microsoft 365 Defender Unified RBAC permissions model to clearly associate relevant roles & permissions with Defender Vulnerability Management (this change will not affect existing roles).
Figure: Core and premium capabilities in standalone offer
Defender Vulnerability Management premium capabilities provide advanced assessments with in-depth visibility into potential exposure to your assets:
- Security baselines assessment – customized profiles that you can create to assess and monitor endpoints against industry security benchmarks, such as CIS, STIG and Microsoft benchmarks. Instead of running never-ending compliance scans, monitor your organization’s security baselines seamlessly according to customized profiles.
- Block vulnerable applications – In addition to the core remediation capabilities, proactively reduce risks with this premium capability by taking mitigation steps such as warning users or blocking known vulnerable versions of applications. Leverage software usage insights to understand the impact of the vulnerable application.
- Hardware and firmware assessment – full visibility into device manufacturer, processors, and BIOs information to assess vulnerabilities for hardware and firmware risks.
- Digital certificates and browser extensions assessment – expand your asset coverage beyond devices and gain entity-level visibility into the various browser extensions and digital certificates installed across assets.
- Network shares analysis- protect against misconfigurations used in the wild by attackers for lateral movement, reconnaissance, data exfiltration, and more.
- Authenticated scans for vulnerability assessment- run scans on unmanaged devices by remotely targeting by IP ranges or hostnames to remotely access the devices for vulnerability assessment purposes.
Defender Vulnerability Management capabilities are integrated into Defender for Endpoint and Defender for Cloud enabling security teams to assess their exposure and address changes to improve security posture of your organization. You now have flexibility in our offering across endpoints and servers. More info on our updated website.
Figure: Availability of Core and premium capabilities across offerings that include Defender Vulnerability Management for endpoints and servers.
Your needs for vulnerability assessments and analysis spans platforms, clouds and modalities and our strategy for Defender Vulnerability Management is to support these environments that span multiple platforms across both on-premises and cloud. We have recently added Fortinet to the network devices and container support is our second big news.
Announcing vulnerability assessment (VA) for Containers powered by Microsoft Defender Vulnerability Management in Defender for Cloud
With the rise of containerization and microservices, it's more important than ever to secure the software supply chain and ensure that container images are free from vulnerabilities.
Today, as a result of Defender for Cloud’s integration with Microsoft Defender Vulnerability Management, we are excited to announce the general availability of agentless container posture management in Defender CSPM and the public preview of vulnerability assessment scanning for container images in Defender for Containers.
These new container vulnerability assessment capabilities powered by Defender Vulnerability Management include:
- Agentless vulnerability assessment for containers
- Zero configuration for onboarding
- Near real-time scan of new images
- Daily refresh of vulnerability reports
- Coverage for both ship (ACR) and runtime (AKS)
- Support for OS and language packages
- Real-world exploitability insights (based on CISA kev, exploit DB and more)
- Support for ACR private links
Agentless container posture management in Defender CSPM, powered by Defender Vulnerability Management
To help proactively strengthen the security posture of your containerized environments, Defender CSPM provides a new vulnerability assessment offering for containers powered by Defender Vulnerability Management, with near real-time scans of new images, daily report refreshes, and real-world exploitability insights. Vulnerabilities are added to Defender CSPM security graph for contextual risk assessment and calculation of attack paths. Customers can now access out-of-the-box container vulnerability assessments that, combined with attack path analysis and agentless discovery of the Kubernetes estate, enable security teams to hunt for risks with the cloud security explorer and prioritize the vulnerabilities that pose the greatest risks to the organization. This agentless approach allows security teams to gain visibility into their Kubernetes and containers registries across the SDLC, removing friction and footprints from the workloads.
Figure Attack path analysis outlining a containerized application publicly exposed with high severity vulnerabilities discovered using Defender Vulnerability Management
Enable Defender CSPM with agentless container posture in a single click.
Public preview of vulnerability assessment for containers in Defender for Containers, powered by Defender Vulnerability Management
In providing comprehensive cloud workload protection, Defender for Containers’ new integration with Defender Vulnerability Management now provides our customers with vulnerability assessments through one-click enablement, near real-time scan of new images, and daily result refreshes of current and emerging vulnerabilities enriched with exploitability insights - all to help organizations focus on vulnerabilities with the greatest security impact to their organization.
New vulnerability assessment recommendation powered by Defender Vulnerability Management
Enable Container vulnerability assessments powered by Defender Vulnerability Management in one click here.
If you’re interested in learning more about Defender Vulnerability Management visit our website for updated pricing and packaging and datasheet. Read more about our plans and capabilities here. To take advantage of our free 90-day trial, check out our interactive guide, and read more information in our product documentation.
For additional information and other relevant updates on protecting cloud workloads please visit the Microsoft Defender for Cloud blog.
