For organizations, security is their topmost concern. One of the security aspects is the security of data and other online intellectual properties. Organizations need to ensure that these are appropriately safeguarded from threats, and for this, enterprises are heavily investing, both in terms of time and money. The IT department within the organization has the responsibility to access all possible scenarios of data breaches and other vulnerable fragments in order to deploy a robust security framework to protect against malicious attacks. This indeed is time consuming and still not one hundred percent infallible as this is manually done. Fortunately, there are a number of tools available in the market which can be used to avoid those manual pitfalls, but most of them lack in capabilities to properly analyze the security posture across the enterprise as well as their hybrid presence in cloud. This is where Microsoft Defender for Cloud comes for the rescue.
What is Microsoft Defender for Cloud?
To start with, Azure Security Center and Azure Defender have now been renamed to Microsoft Defender, and it is a tool that helps in the management of the security posture and threat protection. Microsoft Defender for Cloud helps in strengthening the security posture of the resources running not just within Azure, but also on other cloud platforms, and even in the hybrid scenario. Simply put, Microsoft Defender hardens the security of resources by tracking and analyzing their security posture, proving guidance and taking corrective actions against malicious attacks, thereby, helping in streamlining the security management.
How does Microsoft Defender work?
At a broad level, Microsoft Defender for Cloud performs three main actions for the management of security, which are – 1. Vulnerability Assessment and Management, 2. Security Hardening by recommending optimized and improved security, and 3. Defend resources and workloads by detecting and resolving threats. Using these three main actions, Microsoft Defender for Cloud, thereby, covers two vital aspects of cloud security. They are – Cloud Security Posture Management (CSPM) and Cloud Workload Protection (CWP).
Cloud Security Posture Management (CSPM) provides visibility into your current security situation using a secure score and also provides guidance on security hardening.
As we had previously discussed, Microsoft Defender for Cloud helps in security management of your multicloud and hybrid resources and workloads. It performs continuous assessment based on the built-in Azure Security Benchmark, aggregates and analyze the findings, and accordingly provides a secure score, which gives you an insight into your current security situation. If the secure score value is high, it means that the identified risk levels are low. It, therefore, helps in managing compliance against critical industry and regulatory standards. These benchmarks can be customized based on the organizational requirements, once you have enabled advanced security features.
For security hardening, Microsoft Defender for Cloud recommends detailed remediation steps to be taken to tighten the security of your multicloud and hybrid workloads. These recommendations are prioritized as per their criticality. In many cases, these recommendations can automatically be implemented by just clicking on the ‘Fix’ button provided by Defender.
Cloud Workload Protection (CWP) helps in detecting, analyzing, and resolve threats. Once Microsoft Defender detects a threat on your resources and workloads, it displays alerts on the Azure portal. It also has the capability to stream those alerts to Microsoft Sentinel, which is a SIEM and SOAR tool. Additionally, it can send alerts by email to the address(es) configured to receive those alert notifications.
One other important point is that, the workload protections are provided through Microsoft Defender plans specific to the types of resources being used within your subscription. Following plans are currently available for comprehensive protection of workloads
- Microsoft Defender for Servers
- Microsoft Defender for Storage
- Microsoft Defender for SQL
- Microsoft Defender for Containers
- Microsoft Defender for App Service
- Microsoft Defender for Key Vault
- Microsoft Defender for Resource Manager
- Microsoft Defender for DNS
- Microsoft Defender for open-source relational databases
It also provides advance threat protection for your VMs, SQL databases, Containers, Web Applications, Network, and more. These protections include securing the management ports of your VMs with just-in-time, and time-bound access, and adaptive application controls for controlling the apps that should run on your machines.
By default, Microsoft Defender for Cloud’s free plan is enabled on your current Azure subscriptions when you visit the Defender for Cloud pages in the Azure portal for the first time. It can also be enabled programmatically via the REST API. To take advantage of advanced security management and threat detection capabilities, you must enable the enhanced security features. These advanced features are free for the initial 30 days period.
Summary
Microsoft Defender is a cloud-native solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that detects and analyzes weak spots across your environment, helps strengthen the overall security posture of your environment by providing a secure score of your current security situation and recommending optimized and improved security, and thereby, protecting workloads across multicloud and hybrid environments from evolving cyber threats.
Neeraj Kumar - Digital Transformations | Data Science | Cognitive Services | IoT
Azure Training Series 
Leave a Reply