With greater than 90 p.c of organizations adopting a multicloud technique1 and cloud-based cyberattacks rising 48 p.c 12 months over 12 months,2 securing multicloud and hybrid environments is extra essential than ever. To efficiently shield multicloud infrastructure—the place clients are using two or extra cloud suppliers—in addition to functions and knowledge, right now’s organizations have to each proactively scale back threat and rapidly detect and reply to threats in actual time.
Multicloud and multiplatform deployments improve the potential for safety dangers and knowledge breaches. At this time, many shoppers are working to safe a posh patchwork of applied sciences throughout totally different gadgets, functions, platforms, and clouds. Some are additionally coping with separate safety infrastructures for every cloud they’re working in, which introduces unimaginable complexity, creates seams for attackers to take advantage of, and will increase the chance of errors.
I’m excited to share a number of improvements that enhance multicloud visibility and assist clients proactively scale back threat and reply to threats in actual time. Learn on to see how we proceed to increase our end-to-end safety answer to assist organizations defend towards threats throughout all endpoints and clouds.
Microsoft Defender for Cloud
Shield multicloud and hybrid environments with complete safety throughout the complete lifecycle, from growth to runtime.
Lengthen multicloud visibility to proactively stop breaches
At this time, we’re thrilled to announce new superior multicloud posture administration capabilities for Google Cloud Platform (GCP) in Microsoft Defender for Cloud to assist clients proactively stop breaches throughout multicloud and hybrid environments.
Microsoft is acknowledged as a Consultant Vendor within the 2023 Gartner Market Information for Cloud Native Software Safety Platforms.3 Microsoft Defender for Cloud grew to become the primary cloud supplier to supply multicloud workload safety for cloud infrastructure, functions, and knowledge throughout the complete lifecycle for all three public clouds.4 Since then, we’ve quickly expanded our CNAPP capabilities to offer superior posture administration with Microsoft Defender Cloud Safety Posture Administration (Defender CSPM), DevSecOps safety with integrations into GitHub Superior Safety, and continued investments in our cloud workload safety (CWP) options throughout servers, containers, APIs, storage, and databases.
Determine 1. Assault path exhibiting a GCP digital machine uncovered to the web with permissions to an information retailer.
On August 15, 2023, Defender CSPM will prolong its superior agentless scanning, data-aware safety posture, cloud safety graph, and assault path evaluation capabilities to GCP, offering a single contextual view of cloud dangers throughout Amazon Internet Providers (AWS), Azure, GCP, and hybrid environments. Defender CSPM offers superior posture administration capabilities and is acknowledged by KuppingerCole as an Total Chief, Market Champion, Product Chief, and Innovation Chief in its 2023 CSPM Management Compass, noting “Organizations searching for a CSPM which offers multicloud capabilities together with data-aware safety posture ought to take into account Microsoft Defender for Cloud.”5 Defender CSPM offers superior posture administration capabilities with full visibility throughout cloud and hybrid assets from agentless scanning, built-in contextual insights from code, identities, knowledge, web publicity, compliance, assault path evaluation, and extra, to prioritize your most important dangers. Prospects will have the ability to leverage agentless scanning to realize full visibility of their GCP, AWS, Azure, and on-premises compute assets within the cloud safety graph and assault path evaluation to prioritize and mitigate threat towards potential threats.
Inside the new Defender CSPM capabilities for GCP, we’re additionally extending our delicate knowledge discovery capabilities to GCP Cloud Storage. With this development, clients will have the ability to uncover all their GCP Cloud Storage buckets, determine greater than 100 delicate data sorts, and assess their knowledge safety posture via cloud safety graph queries and assault path evaluation. Now clients can determine probably delicate knowledge publicity dangers throughout Azure, AWS, and GCP storage assets and harden their multicloud knowledge safety posture.
We selected Microsoft Defender for Cloud as our CNAPP due to the strong, clever end-to-end cloud safety it offers with proactive CSPM and in defending our cloud workloads. We’ve already been impressed with the worth of Microsoft’s cloud workload safety, so it was a simple option to additionally use Defender CSPM. Its agentless scanning permits us to rapidly acquire insights about our VMs, storage accounts, and containers, and assault path evaluation with its contextual insights helps us prioritize and remediate dangers. Defender for Cloud is crucial in additional serving to our safety groups save time to concentrate on stopping safety incidents and provides us peace of thoughts by realizing we have now safety throughout the appliance lifecycle.
—Cloud Safety Supervisor, Mercedes-Benz Group AG
Get multicloud coverage monitoring as a free providing
Microsoft’s cloud safety benchmark (MCSB) extends safety management steering and compliance checks to GCP, finishing multicloud monitoring throughout Azure, AWS, and GCP as a free providing. MCSB offers a cloud-centric management framework mapped to main regulatory trade benchmarks (CIS, PCI, NIST, and extra) and cloud-specific implementation instruments turned on by default to keep up your cloud safety compliance throughout clouds.6 At this time, together with current Azure and AWS steering, organizations can now leverage the MCSB safety steering for GCP environments and entry GCP checks (as a preview characteristic) within the context of MCSB controls within the regulatory compliance dashboard in Microsoft Defender for Cloud. Along with the coverage compliance checking obtainable via MCSB, Microsoft clients additionally profit from the free expanded cloud logging assist we introduced final month.
Stop malware add and distribution in close to actual time
Defender for Cloud can also be advancing cloud knowledge safety at runtime. We’re excited to share the upcoming common availability of Malware Scanning in Microsoft Defender for Storage.7 Beginning September 1, 2023, safety groups can allow an extra layer of safety to detect and stop storage accounts from appearing as some extent of malware entry and distribution.
Organizations depend on cloud storage to retailer and entry knowledge and recordsdata, which frequently include delicate and demanding knowledge. Nevertheless, as a consequence of its crucial and related function in a company’s cloud surroundings, cloud storage may be an efficient assault vector for malicious actors to add and distribute malware. Malware safety strategies prior to now have centered totally on compute assets. Safety for storage on this outdated mannequin would require advanced networking workarounds that negatively affect total efficiency.
We constructed Malware Scanning in Defender for Storage to chop via the networking complexities and optimize malware detection for Microsoft Azure Blob Storage in close to actual time when content material is uploaded. Content material is mechanically scanned for metamorphic and polymorphic malware, with outcomes mechanically recorded on the blob metadata.
Learn extra about Defender for Cloud’s new multicloud safety capabilities.
Handle vulnerability threat throughout cloud deployments
As organizations undertake new applied sciences throughout cloud computing, Web of Issues (IoT) gadgets, and distant work, their assault floor is increasing, making vulnerability administration more and more difficult. Safety groups should rethink safe a rising and numerous portfolio of gadgets exterior of conventional organizational boundaries, including complexity to the vulnerability administration course of. This course of requires a mixture of coverage and scope definition that can not be bought off the shelf. As a substitute, it should be established and matured inside a company, based mostly on its particular threat urge for food and maturity degree.
In recent times, Microsoft has established itself as a number one answer for vulnerability threat administration (VRM) by leveraging its risk intelligence and safety experience. Microsoft Defender Vulnerability Administration has change into a number one answer for an enormous vary of buyer organizations, offering them end-to-end capabilities throughout the VRM lifecycle. It’s designed to assist organizations determine, assess, prioritize, and remediate vulnerabilities of their IT environments, making it a perfect software for managing an expanded assault floor and lowering total threat posture, We’re thrilled to announce Defender Vulnerability Administration is now supplied as a standalone answer, which signifies that clients should buy it individually and reap the benefits of the complete set of core and premium capabilities throughout their portfolio of managed and unmanaged gadgets. Microsoft 365 E5 and Defender for Endpoint Plan 2 clients have the core capabilities included and may proceed to get the complete vulnerability administration answer with the Defender Vulnerability Add-on.
Determine 2. Core and premium capabilities of Microsoft Defender Vulnerability Administration and the way clients would purchase them.
Dedicated to defending the whole group’s property, we’re excited to announce the final availability of vulnerability assessments for containers in Defender CSPM and the preview of vulnerability assessments for containers in Microsoft Defender for Containers utilizing Defender Vulnerability Administration. With the rise of containerization and microservices, it’s extra essential than ever to safe the software program provide chain and make sure that container photographs are free from vulnerabilities. Defender Vulnerability Administration’s new container vulnerability evaluation capabilities allow organizations to scan container photographs for vulnerabilities and prioritize remediation efforts, based mostly on the severity of the vulnerabilities.
Learn extra in regards to the new standalone provide and the expanded capabilities of Defender Vulnerability Administration.
Get further safety and expanded endpoint protection
You’ll be able to’t shield and handle what you’ll be able to’t see. Which means that a Zero Belief mannequin can’t simply be restricted to the endpoints enrolled in Microsoft Intune—it should prolong to gadgets built-in with Microsoft Safety options. In case you can’t distribute compliance or safety insurance policies to all of your gadgets, you’ll be able to’t implement a Zero Belief mannequin.
Now you’ll be able to increase protection and supply further safety from a single unified pane of glass with Microsoft Intune, which might handle the safety settings of any machine with Microsoft Defender for Endpoint, together with Home windows, macOS, and Linux endpoints.8 These insurance policies and settings permit safety admins to stay within the Defender portal to handle Defender for Endpoint and the Intune endpoint safety insurance policies for Defender safety settings configurations. Now safety admins can deploy insurance policies from Intune to handle the Defender safety settings on gadgets onboarded to Defender for Endpoint, with out enrolling these gadgets with Intune.
Safe Rating integration with Microsoft Intune signifies that suggestions for machine well being and safety settings to your group’s endpoints from Intune at the moment are included in Microsoft Safe Rating. Safe Rating is the measurement of a company’s safety posture. This rating is used to evaluate threat, drive configuration actions, plan enhancements, and report back to administration. Extra factors in Safe Rating equates to extra actions taken to enhance a company’s safety posture.
And eventually, we lately introduced a brand new answer that provides one other layer of safety for Samsung Galaxy gadgets with hardware-backed machine attestation.9 System attestation is an important mechanism to confirm machine belief and well being to assist detect if a tool has been compromised. Constructing on our strategic partnership with Samsung, this attestation helps to forestall malicious endpoints from accessing group assets utilizing legitimate consumer data taken from one other machine and limiting tampering with consumer requests. Samsung’s hardware-backed cryptography and Intune app safety insurance policies confirm the consumer endpoint and safe the communication between Intune consumer and repair. It permits a trusted, on-device hardware-backed well being verify, giving organizations that permit Samsung Galaxy cellular gadgets to entry their company community the boldness that personally owned Galaxy gadgets have the identical sturdy degree of additional safety as company-owned gadgets.
Persevering with to ship for our clients
With our newest product and have bulletins, clients working to safe their multicloud and multiplatform deployments can have a clearer view of their surroundings, scale back threat, and acquire enhancements within the security of their knowledge and techniques. At Microsoft, we’re dedicated to offering our clients with the instruments and assets they should shield every thing.
Be a part of us at Black Hat 2023
Microsoft Safety has a central presence at this 12 months’s Black Hat USA, happening August 5 to 10, 2023, at Mandalay Bay in Las Vegas, Nevada. In case you haven’t already made plans to attend, try our earlier weblog publish for details about our Black Hat periods, product demos, conferences at our sales space (quantity 1740), and a buyer joyful hour.
Be taught extra
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and Twitter (@MSFTSecurity) for the most recent information and updates on cybersecurity.
12023 State of the Cloud Report, Flexera. 2023.
2Cloud-based cyber assaults elevated by 48 p.c in 2022, Continuity Central. January 19, 2023.
3Gartner®, Market Information for Cloud-Native Software Safety Platforms, Neil MacDonald, et al. March 14, 2023.
4The subsequent wave of multicloud safety with Microsoft Defender for Cloud, a Cloud-Native Software Safety Platform (CNAPP), Vlad Korsunsky. March 22, 2023.
5Management Compass: Cloud Safety Posture Administration, KuppingerCole. July 27, 2023.
6Saying Microsoft cloud safety benchmark (Public Preview), Jim Cheng. October 13, 2022.
7Malware Scanning for cloud storage GA pre-announcement | stop malicious content material distribution, Inbal Argov. July 26, 2023.
8Handle safety settings for Home windows, macOS, and Linux natively in Defender for Endpoint, Dan Levy. July 11, 2023.
9{Hardware}-backed machine attestation powers cellular employees, Michael Wallent. July 27, 2023.
