With the Cyber landscape changing on a minute-by-minute basis, businesses all over the world need to make sure that their Cloud deployments in Azure are well fortified.  In this regard, a new tool from Microsoft called the “Defender For Cloud” has been designed to fit this role, and is further reviewed in this article.

What Is It’s Role?

At a very minimum the Defender For Cloud addresses three key needs:

  • It continually monitors the lines of defenses that your company has deployed. This is outputted in terms of a numerical report, so that you and your IT Security team can gauge where you are at in a particular point of time.  This will help you to make the necessary adjustments and tweaks to mitigate your risks to avoid becoming a victim.
  • This tool also provides key strategies and recommendations as to what you need to do, based upon what it is finding at the current time. Although you have ultimate control over which of the recommendations to implement, it is highly advised that you take all suggestions into consideration first.
  • The alert system provides warnings to you of any malicious or suspicious activity that is transpiring from within your internal or external environments. This will allow for your IT Security team to act quickly, and immediately mitigate what is happening.

This is illustrated in the diagram below:

(SOURCE:  1).

The Major Components Of Defender For Cloud

The first component is called the “Cloud Security Posture Management”, or  “CSPM” for short.   This functionality allows you to do the three tasks as previously described, but it also lets you do the following:

  • It provides hardening recommendations: Apart from giving advice, Defender for Cloud also provides key strategies as to how your SaaS applications should be hardened, in terms of patches and upgrades.  This applies to both applications that are already available in Azure, and those that have been created in house.
  • You get a visualization of the various paths that any potential threat vector could take. This comes up as an actual graph, and this tool collects all sorts of information and data from all of your Cloud deployments, whether they are private, hybrid, or even public facing. Examples of this include the following:
    • It tracks and updates all of the digital assets in your inventory;
    • Anywhere that network connections are made to other resources, whether it if from the internal or external environments;
    • Any other kind of exposure to the Internet that could pose unforeseen risk;
    • It also checks for permissions for all of your employees, following the rule of Least Privilege.

From here, a specialized further analysis studies the constructed graph, and engages in an activity that is technically known as “Attack Path Analysis”.  This shows all of the possible routes that a     Cyberattacker can take to enter into your IT and Network Infrastructure.  From here, once again, recommendations are then provided as to how these paths of destruction can be eliminated in   its entirety.

The generated graph is illustrated below:

(SOURCE:  2).

The Attack Path Analysis is also illustrated below:

(SOURCE:  2).

The second major component of the Defender For Cloud is known as the “Cloud Workload Protection Platform”, or the “CWPP” for short.  This functionality is powered by the Microsoft Threat Intelligence, and is designed to specifically protect your workloads (whether it’s yours or your clients) from any security breaches.  A typical example of this are the storage pools that you create in Azure.  If there is any suspicious activity that is arising from there, your IT Security team will be immediately notified so that they can take corrective action.

Conclusions

Some of the other strategic benefits of Defender For Cloud is that it is all inclusive.  This simply means that all of Azure resources are protected under one roof, and you can even add more resources to it, there is no limit.  The first month of Defender For Cloud is free for the first 30 days, but after that, payment is made based upon using the following calculator, which can be seen at the link below:

https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/

If you have any questions, please contact us today.

Sources

  1. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-cloud-introduction
  2. https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-attack-path#what-is-attack-path-analysis