Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections

Credit to Author: Christine Barrett| Date: Wed, 12 Oct 2022 16:00:00 +0000

Security teams face an expanding attack surface as organizations increasingly use cloud-native services to develop, deploy, and manage applications across their multicloud and hybrid environments. Their challenge is compounded by incomplete visibility, siloed processes, and a lack of prioritized mitigations that put defenders into a position where they often react to threats once they’ve already been breached. Unfortunately, bad actors capitalize on this by exploiting vulnerabilities much earlier in the development lifecycle—at the code itself. And what further complicates this is the reality that bad actor tactics look one way today and another tomorrow. This can frustrate businesses traditionally operating with a finite mindset, thinking a problem can be solved once and for all. Instead, organizations need a comprehensive approach toward cloud security and a centralized, integrated solution to mitigate risk from code to cloud to counter these threats. We have an opportunity to think bigger and differently—especially in cloud security, where the pace of innovation and complexity can be breathtaking.

At Microsoft, we’re approaching cloud security with an infinite mindset. In a constantly changing world, we use threat intelligence, AI, and automation to create a virtuous cycle of signals to evolve and respond faster to bad actors and events. We bring this vision to life with Microsoft Defender for Cloud, our integrated cloud-native application protection solution for hybrid and multicloud environments. Defender for Cloud strengthens security posture, accelerates protection against modern threats, and reduces risk throughout the cloud application lifecycle so organizations can stay protected.

I am thrilled to announce new innovations in Microsoft Defender for Cloud to expand our vision for cloud security, including the previews of Microsoft Defender for DevOps and Microsoft Defender Cloud Security Posture Management (Defender CSPM).

  • Unify DevOps security management across multiple pipeline environments with Defender for DevOps: Security teams will gain insights across multi-pipeline environments in a central console, including leading platforms like GitHub and Azure DevOps, with more to follow. Defender for DevOps can correlate with other contextual cloud security intelligence to prioritize remediation of code vulnerabilities throughout the application development lifecycle. 
  • Gain full coverage, prioritize, and remediate the most critical risks with Defender CSPM: Defender CSPM builds on existing posture management capabilities in Defender for Cloud to help security teams get comprehensive coverage of their hybrid and multicloud environments, and prioritize and proactively remediate the most critical threats with contextual cloud security and attack path analysis.  

With these new capabilities, organizations can adopt an infinite approach to cloud security and do more with less.

Three of Microsoft Defender for Cloud listed from left to right: DevOps Security Management, Cloud Security Posture Management, and Cloud Workload protection.

Empower security teams with unified DevOps security management across multi-pipeline environments

Security teams have a fragmented view of their DevOps security posture due to many disconnected security tools, and multiple DevOps and cloud platforms throughout their organization. Security and development teams continue to operate in silos, and security tools are not equipped to keep pace with developer speed. These disjointed tool stacks lack the capabilities to provide business risk context and to effectively drive remediation in the development lifecycle. Security teams waste precious resources tracking down the right owners who can fix identified issues. The result is that security practitioners grapple with overwhelming amounts of security issues in production. As bad actors continue to break records exploiting zero-day vulnerabilities, security teams need a unified and integrated approach to securing their cloud applications throughout the lifecycle.1

Defender for DevOps empowers security teams to unify, strengthen, and manage DevOps security to achieve more secure code development and strengthen their overall cloud security. It provides full visibility into the DevOps inventory and the security posture of application code and resource configurations across multi-pipeline and multicloud environments. Infrastructure-as-code and container image scanning help prevent cloud misconfigurations from ever reaching production environments. Security teams can streamline processes to fix security issues in code and get contextual insights connected from code to runtime resources, helping them prioritize and drive remediation in code.

Defender for DevOps integrates with GitHub Advanced Security to enable automated workflows across industry-leading platforms like GitHub and Azure DevOps, fostering stronger collaboration between SecOps and developer teams. Defender for DevOps is the result of close design partnerships with our customers on their journey to “shift left.” As one of our customers who participated in the creation of this product recently shared:

“If we shift left and bring security to the developers right away, code deployment will have tightened protection. Integrating DevSecOps results into Microsoft Defender for Cloud and having a single pane of glass that shows me what is in production, the code quality, and what is coming into the pipeline so that I don’t need to go into multiple places and reports to scan for code errors is going to be priceless for us.”

James Rajeshvincent, Managing Director Head of Platform Development at Rockefeller Capital Management

Microsoft Defender for Cloud dashboard DevOps overview showcasing vulnerabilities in code.

Proactively prioritize and remediate your most critical risk across multicloud resources

Security teams need to cut through the noise and quickly focus on the most critical issues that have a major business impact. But with multicloud deployments, multiple tools, and a lack of visibility into the threat or business value of each resource, it’s hard to know where to even begin remediation.

Defender CSPM helps businesses save time and focus on what matters with contextual insights and attack path analysis, built on top of the new intelligent cloud security graph. It provides comprehensive visibility with agentless scanning for real-time assessments across multicloud environments. Defender CSPM connects the dots for security teams, integrating insights from cloud workloads as well as signals from Defender for DevOps and Microsoft Defender External Attack Surface Management. Instead of sifting through long lists of vulnerable resources, customers can use the proactive attack path analysis to reduce recommendation noise by up to 99 percent and only focus on the most exploitable vulnerabilities along potential attack paths to begin remediation.

Security teams also get integrated recommendations from Microsoft Entra Permissions Management, the cloud infrastructure entitlement management (CIEM) solution from Microsoft, to understand the level of risk associated with the number of unused or excessive permissions across identities and resources. Also, the new Microsoft cloud security benchmark provides a standardized framework for fundamental cloud security principles, along with detailed technical guidance, so teams can implement best practices across cloud platforms. Microsoft is the only major cloud provider to offer a comprehensive cloud security benchmark across multiple clouds, now available in Defender for Cloud as a single pane of glass to consistently maintain your security compliance across clouds.

We have a thriving and passionate community of customers using Defender for Cloud to manage security across clouds. I am excited to introduce these new capabilities today and wanted to share an insight from one of our customers, Rabobank:

“It’s difficult to ensure that we have full insights from a security perspective when our platforms are so varied. We wanted protection and visibility everywhere. That’s why we use Defender for Cloud—it gives us single pane of glass visibility across our hybrid and multicloud environment.”

Raoul van der Voort, Global Service Owner, Cyber Defense Center, Rabobank

Attack path analysis, contextual risk insights, and remediation steps in Microsoft Defender for Cloud dashboard view.

Learn more about Microsoft Defender for Cloud

From code to cloud, Microsoft Defender for Cloud is the platform, powered by intelligence, that will help you do more with less. Develop an infinite mindset to cloud security and learn more about the expansion of the security portfolio in Microsoft Defender for Cloud. Get started today with the preview of these new innovations.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


12021 has broken the record for zero-day hacking attacks, Patrick Howell O’Neill. September 23, 2021.

The post Introducing new Microsoft Defender for Cloud innovations to strengthen cloud-native protections appeared first on Microsoft Security Blog.

https://blogs.technet.microsoft.com/mmpc/feed/