The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP)
Credit to Author: Christine Barrett| Date: Wed, 22 Mar 2023 17:00:00 +0000
With digital transformation in the face of macroeconomic pressures, strategies to optimize both cloud environments and cloud security are increasingly appealing to enterprises. Organizations worry about vulnerabilities in code getting deployed, critical misconfigurations, overprivileged access to cloud infrastructure, and evolving threats that can cause sensitive data loss. Unfortunately, most reported security incidents involve bad actors exploiting vulnerabilities that security teams aren’t even aware of.
The answer is an end-to-end solution that offers comprehensive cloud security from development to runtime—a Cloud-Native Application Protection Platform (CNAPP).
Let’s dive into what’s driving CNAPP adoption and walk through how Microsoft Defender for Cloud—one of the only platforms with comprehensive coverage and integrated insights all in one solution—can help organizations embed security from code to cloud.
What is CNAPP, and why does it matter?
CNAPPs are the leading edge of cloud security. A CNAPP unifies security and compliance capabilities to prevent, detect, and respond to modern cloud security threats from development to runtime.
A CNAPP delivers a unified experience for organizations that synthesizes insights and drives effective collaboration among developers, DevOps teams, security teams, and security operations center (SOC) analysts to reduce excessive risks for cloud-native applications and to embed security across the continuous integration and continuous delivery (CI/CD) lifecycle.
Why do organizations need a CNAPP for modern cloud security?
A CNAPP directly addresses critical challenges faced by cloud security teams as they aim to strengthen their security posture, detect and respond to threats, and prevent critical data breaches:
- The need for “shifting security left” into the DevOps pipeline: Development and security teams need to be empowered to collaborate to embed security into the code itself so that cloud-native applications can start secure and stay secure.
- Lack of visibility and prioritization in managing multicloud security posture: The dynamic nature of cloud-native applications creates flexibility but also blind spots for posture management. Multicloud and hybrid scenarios add to the complexity, making a centralized, prioritized view with contextual security insights crucial to reducing recommendation fatigue and helping security teams focus on what matters.
- Advanced threat actors and increasing cost of breach: The evolving threat landscape worsens the threat response challenge, resulting in SOC analysts and security admin teams that are overwhelmed by mounting threat signals.
- Mismanaged and misconfigured cloud infrastructure entitlement: Security admins also worry about overprivileged access to infrastructure, which can leave room for exploitation and infiltration.
Key CNAPP capabilities
Security teams need an end-to-end platform for cloud security. This means security integration into DevOps, visibility across their multicloud environments, a prioritized view of their most critical vulnerabilities and misconfigurations, built-in governance and automated remediation tools, and the means to detect and respond to modern threats across their cloud workloads.
To acheive this, an effective CNAPP should combine capabilities across cloud security posture management, DevOps security management, cloud workload protection, cloud infrastructure entitlement management, and network security.
Microsoft’s unified CNAPP is recognized as a Representative Vendor in the Gartner® 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPPs) and our platform includes:
- Cloud security posture management (CSPM): CSPM solutions provide visibility across multicloud and hybrid environments from development to runtime, provide alerts and recommendations to security teams on critical vulnerabilities and misconfigurations that could lead to issues, and have built-in workflows to strengthen security posture and help drive remediation (and at scale). Microsoft Defender Cloud Security Posture Management in Defender for Cloud helps cut through the noise to focus on remediating your most critical risk with integrated insights across the SOC, DevOps, External Attack Surface Management (EASM), identity and access management, and compliance. It has a single connected view in the cloud security graph with attack path analysis to help security teams identify exploitable resource paths and the built-in tools to mitigate risk across cloud environments.
- Cloud workload protection (CWP): CWP solutions are comprehensive services that provide real-time detection and response to modern threats across your cloud workloads including virtual machines, containers and Kubernetes, databases, storage accounts, network layers, app Services, and more. Cloud Workload Protection in Defender for Cloud analyzes workloads using advanced analytics and threat intelligence to help reduce the attack surface and respond to emerging threats quickly. The integrated experience with Microsoft 365 Defender and Microsoft Sentinel enables a comprehensive detection and response solution for a modern security operations center.
- DevOps security: Microsoft Defender for DevOps in Defender for Cloud empowers security teams to unify, strengthen, and manage multipipeline DevOps security, shift security left, and enable code-to-cloud protections in a central console. This solution helps security teams rightfully focus on critical evolving threats by enabling the security of Infrastructure as Code (IaC) templates and container images to minimize cloud misconfigurations reaching production environments, and correlate contextual cloud security intelligence from runtime to dev platforms to prioritize remediation in code.
- Cloud infrastructure entitlement management (CIEM): Permissions give identities the ability to perform an action on a resource. Across major clouds, more than 40,000 permissions can be granted, of which over 50 percent are high risk, meaning they can cause service disruption, service degradation, or data leakage when used improperly.1 To help support a viable multicloud strategy and avoid accidental or malicious permission misuse, streamlined permissions management is essential. Microsoft Entra Permissions Management helps you understand the real footprint of your cloud infrastructure entitlements, prevent permissions creep, and enforce the principle of least privilege across your multicloud environment. Defender for Cloud integrates with Permissions Management, enabling security teams to get unified visibility and recommendations in a central cloud security dashboard.
- Network security: Network security protects your cloud network infrastructure and applications from distributed denial-of-service, web application, and network attacks. Azure Network Security offers the full benefits of cloud-native services for securing your cloud and hybrid network infrastructure and applications. Based on Zero Trust network security, Azure Network Security is designed to provide organizations with granular segmentation controls, intelligent threat protection by Microsoft Threat Intelligence, traffic encryption in transit and at rest, and private access linking to infrastructure as a service (IaaS), platform as a service (PaaS), and on-premises resources. Defender for Cloud continuously analyzes the security state of Azure resources for network security best practices. Security teams can get adaptive recommendations for network hardening in a central place and use the end-to-end view to improve security posture across network infrastructure and applications.
Microsoft’s CNAPP: Comprehensive cloud-native protection with unparalleled integrated insights
Microsoft’s comprehensive CNAPP seamlessly combines security and compliance capabilities into a single platform to provide end-to-end cloud security for full-stack workloads across Amazon Web Services, Google Cloud Platform, and Azure Cloud Services. Security admins no longer need to manually synthesize data and tools across products, and instead can proactively address security threats across their multicloud and hybrid environments in a single platform.
Defender for Cloud is empowering security teams with a more comprehensive and differentiated approach:
- Integrated CNAPP capabilities and more in a single portal on a single platform: All managed in Microsoft Defender for Cloud, organizations get centralized visibility and integrated insights across Azure Network Security, Permissions Management, Microsoft 365 Defender for detection and response, and Microsoft Sentinel for security information and event management and security orchestration, automation, and response capabilities.
- Additional capabilities to accelerate cloud-native protection: Further, Defender for Cloud’s integration with Microsoft Defender External Attack Surface Management enables true identification of internet-exposed resources, augmenting signals from configurations and cloud APIs.
- Protection across your multicloud data estate: Security teams can enable comprehensive data protection in cloud storage and SQL database resources across PaaS, IaaS, and open-source databases, and detect potential threats to data such as brute-force attacks, SQL injection, and suspicious data extraction.
- Full lifecycle protection: Microsoft helps security teams minimize vulnerabilities from making it to production with code scanning and IaC scanning, and reduce time to remediate with integrated workflows into developer environments. Microsoft Defender for DevOps integrations with Azure DevOps and GitHub unify multipipeline DevOps security and ensure secure development.
- Unparalleled view of the evolving threat landscape: Defender for Cloud leverages leverages the comprehensive threat intelligence coming from synthesizing 65 trillion signals a day to identify emerging threat vectors and help security teams respond quickly.
- Cloud scale and integrated CNAPP: Defender for Cloud is designed with scale and insights gained from running Microsoft Azure, one of the leading public cloud platforms in the industry. Microsoft is the only public cloud provider to enable a CNAPP solution natively in the cloud portal, helping security teams simplify security management in Azure and extend it to other clouds.
Even with these capabilities, Microsoft is only getting started. And our continued investments for ushering the next wave of cloud-native security is featured in Omdia’s February report on Defender for Cloud, “Microsoft is developing a full cloud-native security platform.“
More innovations to come
To learn more about critical upcoming CNAPP innovations in Microsoft Defender for Cloud, register to join me at Microsoft Secure, our free, virtual Microsoft Security event on March 28, 2023, as I’ll share news in Breakout Session 11, “Protect multicloud environments with cloud-native security innovations.” And immediately following this session, attend our CNAPP interactive product session (CATE11) to get your questions answered.
You can also explore Microsoft Defender for Cloud and sign up for a free trial today.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
12021 State of Cloud Permissions Risks Report, Microsoft. 2021.
Gartner® , Market Guide for Cloud-Native Application Protection Platforms, March 14, 2023. Neil MacDonald, et al.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
The post The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP) appeared first on Microsoft Security Blog.