With greater than 90 p.c of organizations adopting a multicloud technique1 and cloud-based cyberattacks rising 48 p.c yr over yr,2 securing multicloud and hybrid environments is extra necessary than ever. To efficiently shield multicloud infrastructure—the place clients are using two or extra cloud suppliers—in addition to functions and knowledge, right now’s organizations have to each proactively scale back threat and rapidly detect and reply to threats in actual time.
Multicloud and multiplatform deployments improve the potential for safety dangers and knowledge breaches. In the present day, many purchasers are working to safe a posh patchwork of applied sciences throughout completely different gadgets, functions, platforms, and clouds. Some are additionally coping with separate safety infrastructures for every cloud they’re working in, which introduces unbelievable complexity, creates seams for attackers to take advantage of, and will increase the probability of errors.
I’m excited to share a number of improvements that enhance multicloud visibility and assist clients proactively scale back threat and reply to threats in actual time. Learn on to see how we proceed to broaden our end-to-end safety resolution to assist organizations defend in opposition to threats throughout all endpoints and clouds.
Microsoft Defender for Cloud
Shield multicloud and hybrid environments with complete safety throughout the total lifecycle, from improvement to runtime.
Prolong multicloud visibility to proactively forestall breaches
In the present day, we’re thrilled to announce new superior multicloud posture administration capabilities for Google Cloud Platform (GCP) in Microsoft Defender for Cloud to assist clients proactively forestall breaches throughout multicloud and hybrid environments.
Microsoft is acknowledged as a Consultant Vendor within the 2023 Gartner Market Information for Cloud Native Software Safety Platforms.3 Microsoft Defender for Cloud turned the primary cloud supplier to supply multicloud workload safety for cloud infrastructure, functions, and knowledge throughout the total lifecycle for all three public clouds.4 Since then, we’ve quickly expanded our CNAPP capabilities to supply superior posture administration with Microsoft Defender Cloud Safety Posture Administration (Defender CSPM), DevSecOps safety with integrations into GitHub Superior Safety, and continued investments in our cloud workload safety (CWP) options throughout servers, containers, APIs, storage, and databases.
Determine 1. Assault path exhibiting a GCP digital machine uncovered to the web with permissions to an information retailer.
On August 15, 2023, Defender CSPM will prolong its superior agentless scanning, data-aware safety posture, cloud safety graph, and assault path evaluation capabilities to GCP, offering a single contextual view of cloud dangers throughout Amazon Net Providers (AWS), Azure, GCP, and hybrid environments. Defender CSPM supplies superior posture administration capabilities and is acknowledged by KuppingerCole as an General Chief, Market Champion, Product Chief, and Innovation Chief in its 2023 CSPM Management Compass, noting “Organizations in search of a CSPM which supplies multicloud capabilities together with data-aware safety posture ought to contemplate Microsoft Defender for Cloud.”5 Defender CSPM supplies superior posture administration capabilities with full visibility throughout cloud and hybrid assets from agentless scanning, built-in contextual insights from code, identities, knowledge, web publicity, compliance, assault path evaluation, and extra, to prioritize your most crucial dangers. Clients will be capable of leverage agentless scanning to realize full visibility of their GCP, AWS, Azure, and on-premises compute assets within the cloud safety graph and assault path evaluation to prioritize and mitigate threat in opposition to potential threats.
Throughout the new Defender CSPM capabilities for GCP, we’re additionally extending our delicate knowledge discovery capabilities to GCP Cloud Storage. With this development, clients will be capable of uncover all their GCP Cloud Storage buckets, establish greater than 100 delicate data varieties, and assess their knowledge safety posture by means of cloud safety graph queries and assault path evaluation. Now clients can establish probably delicate knowledge publicity dangers throughout Azure, AWS, and GCP storage assets and harden their multicloud knowledge safety posture.
We selected Microsoft Defender for Cloud as our CNAPP due to the strong, clever end-to-end cloud safety it supplies with proactive CSPM and in defending our cloud workloads. We’ve already been impressed with the worth of Microsoft’s cloud workload safety, so it was a simple option to additionally use Defender CSPM. Its agentless scanning permits us to rapidly achieve insights about our VMs, storage accounts, and containers, and assault path evaluation with its contextual insights helps us prioritize and remediate dangers. Defender for Cloud is vital in additional serving to our safety groups save time to concentrate on stopping safety incidents and provides us peace of thoughts by realizing we now have safety throughout the applying lifecycle.
—Cloud Safety Supervisor, Mercedes-Benz Group AG
Get multicloud coverage monitoring as a free providing
Microsoft’s cloud safety benchmark (MCSB) extends safety management steering and compliance checks to GCP, finishing multicloud monitoring throughout Azure, AWS, and GCP as a free providing. MCSB supplies a cloud-centric management framework mapped to main regulatory business benchmarks (CIS, PCI, NIST, and extra) and cloud-specific implementation instruments turned on by default to take care of your cloud safety compliance throughout clouds.6 In the present day, together with present Azure and AWS steering, organizations can now leverage the MCSB safety steering for GCP environments and entry GCP checks (as a preview characteristic) within the context of MCSB controls within the regulatory compliance dashboard in Microsoft Defender for Cloud. Along with the coverage compliance checking out there by means of MCSB, Microsoft clients additionally profit from the free expanded cloud logging assist we introduced final month.
Stop malware add and distribution in close to actual time
Defender for Cloud can be advancing cloud knowledge safety at runtime. We’re excited to share the upcoming normal availability of Malware Scanning in Microsoft Defender for Storage.7 Beginning September 1, 2023, safety groups can allow a further layer of safety to detect and stop storage accounts from appearing as some extent of malware entry and distribution.
Organizations depend on cloud storage to retailer and entry knowledge and information, which frequently comprise delicate and important knowledge. Nonetheless, on account of its vital and linked position in a company’s cloud surroundings, cloud storage will be an efficient assault vector for malicious actors to add and distribute malware. Malware safety strategies prior to now have centered totally on compute assets. Safety for storage on this outdated mannequin would require advanced networking workarounds that negatively influence general efficiency.
We constructed Malware Scanning in Defender for Storage to chop by means of the networking complexities and optimize malware detection for Microsoft Azure Blob Storage in close to actual time when content material is uploaded. Content material is robotically scanned for metamorphic and polymorphic malware, with outcomes robotically recorded on the blob metadata.
Learn extra about Defender for Cloud’s new multicloud safety capabilities.
Handle vulnerability threat throughout cloud deployments
As organizations undertake new applied sciences throughout cloud computing, Web of Issues (IoT) gadgets, and distant work, their assault floor is increasing, making vulnerability administration more and more difficult. Safety groups should rethink easy methods to safe a rising and numerous portfolio of gadgets exterior of conventional organizational boundaries, including complexity to the vulnerability administration course of. This course of requires a mix of coverage and scope definition that can’t be bought off the shelf. As a substitute, it have to be established and matured inside a company, primarily based on its particular threat urge for food and maturity stage.
Lately, Microsoft has established itself as a number one resolution for vulnerability threat administration (VRM) by leveraging its risk intelligence and safety experience. Microsoft Defender Vulnerability Administration has change into a number one resolution for an unlimited vary of buyer organizations, offering them end-to-end capabilities throughout the VRM lifecycle. It’s designed to assist organizations establish, assess, prioritize, and remediate vulnerabilities of their IT environments, making it a really perfect software for managing an expanded assault floor and lowering general threat posture, We’re thrilled to announce Defender Vulnerability Administration is now supplied as a standalone resolution, which signifies that clients can buy it individually and benefit from the total set of core and premium capabilities throughout their portfolio of managed and unmanaged gadgets. Microsoft 365 E5 and Defender for Endpoint Plan 2 clients have the core capabilities included and may proceed to get the total vulnerability administration resolution with the Defender Vulnerability Add-on.
Determine 2. Core and premium capabilities of Microsoft Defender Vulnerability Administration and the way clients would purchase them.
Dedicated to defending your entire group’s property, we’re excited to announce the overall availability of vulnerability assessments for containers in Defender CSPM and the preview of vulnerability assessments for containers in Microsoft Defender for Containers utilizing Defender Vulnerability Administration. With the rise of containerization and microservices, it’s extra necessary than ever to safe the software program provide chain and be certain that container pictures are free from vulnerabilities. Defender Vulnerability Administration’s new container vulnerability evaluation capabilities allow organizations to scan container pictures for vulnerabilities and prioritize remediation efforts, primarily based on the severity of the vulnerabilities.
Learn extra in regards to the new standalone provide and the expanded capabilities of Defender Vulnerability Administration.
Get extra safety and expanded endpoint protection
You’ll be able to’t shield and handle what you’ll be able to’t see. Which means a Zero Belief mannequin can’t simply be restricted to the endpoints enrolled in Microsoft Intune—it should prolong to gadgets built-in with Microsoft Safety options. In the event you can’t distribute compliance or safety insurance policies to all of your gadgets, you’ll be able to’t implement a Zero Belief mannequin.
Now you’ll be able to broaden protection and supply extra safety from a single unified pane of glass with Microsoft Intune, which might handle the safety settings of any system with Microsoft Defender for Endpoint, together with Home windows, macOS, and Linux endpoints.8 These insurance policies and settings enable safety admins to stay within the Defender portal to handle Defender for Endpoint and the Intune endpoint safety insurance policies for Defender safety settings configurations. Now safety admins can deploy insurance policies from Intune to handle the Defender safety settings on gadgets onboarded to Defender for Endpoint, with out enrolling these gadgets with Intune.
Safe Rating integration with Microsoft Intune signifies that suggestions for system well being and safety settings to your group’s endpoints from Intune are actually included in Microsoft Safe Rating. Safe Rating is the measurement of a company’s safety posture. This rating is used to evaluate threat, drive configuration actions, plan enhancements, and report back to administration. Extra factors in Safe Rating equates to extra actions taken to enhance a company’s safety posture.
And at last, we not too long ago introduced a brand new resolution that provides one other layer of safety for Samsung Galaxy gadgets with hardware-backed system attestation.9 Machine attestation is a vital mechanism to confirm system belief and well being to assist detect if a tool has been compromised. Constructing on our strategic partnership with Samsung, this attestation helps to forestall malicious endpoints from accessing group assets utilizing legitimate shopper data taken from one other system and limiting tampering with shopper requests. Samsung’s hardware-backed cryptography and Intune app safety insurance policies confirm the shopper endpoint and safe the communication between Intune shopper and repair. It allows a trusted, on-device hardware-backed well being verify, giving organizations that enable Samsung Galaxy cellular gadgets to entry their company community the arrogance that personally owned Galaxy gadgets have the identical robust stage of additional safety as company-owned gadgets.
Persevering with to ship for our clients
With our newest product and have bulletins, clients working to safe their multicloud and multiplatform deployments can have a clearer view of their surroundings, scale back threat, and achieve enhancements within the security of their knowledge and methods. At Microsoft, we’re dedicated to offering our clients with the instruments and assets they should shield every part.
Be part of us at Black Hat 2023
Microsoft Safety has a central presence at this yr’s Black Hat USA, happening August 5 to 10, 2023, at Mandalay Bay in Las Vegas, Nevada. In the event you haven’t already made plans to attend, take a look at our earlier weblog put up for details about our Black Hat periods, product demos, conferences at our sales space (quantity 1740), and a buyer comfortable hour.
Be taught extra
To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and Twitter (@MSFTSecurity) for the newest information and updates on cybersecurity.
12023 State of the Cloud Report, Flexera. 2023.
2Cloud-based cyber assaults elevated by 48 p.c in 2022, Continuity Central. January 19, 2023.
3Gartner®, Market Information for Cloud-Native Software Safety Platforms, Neil MacDonald, et al. March 14, 2023.
4The subsequent wave of multicloud safety with Microsoft Defender for Cloud, a Cloud-Native Software Safety Platform (CNAPP), Vlad Korsunsky. March 22, 2023.
5Management Compass: Cloud Safety Posture Administration, KuppingerCole. July 27, 2023.
6Asserting Microsoft cloud safety benchmark (Public Preview), Jim Cheng. October 13, 2022.
7Malware Scanning for cloud storage GA pre-announcement | forestall malicious content material distribution, Inbal Argov. July 26, 2023.
8Handle safety settings for Home windows, macOS, and Linux natively in Defender for Endpoint, Dan Levy. July 11, 2023.
9{Hardware}-backed system attestation powers cellular staff, Michael Wallent. July 27, 2023.
