Microsoft Defender for Cloud
It montiors the security of not only azure cloud resources, but also on-prem, hybrid and multi-cloud. It helps with the current security and also notifies about possible security problems.
Azure-native protections
MS Defender for Cloud protects the following:
- Azure PaaS services: Detect threaths against Azure PaaS like App Service, Azure SQL, Azure Storage account and so on
- Azure data services: It will automatically classify the data for me in Azure SQL and also assess for possible vulnerabilities.
- Networks: Limits the exposure for brute force attacks. It also detects the network attacks.
Defend hybrid resouces
Azure Arc extends the Defender for Cloud to on-prem and multi-cloud resources. It needs to be deployed and the Defender for Cloud's enhanced security feature will need to be enabled.
Secure multi-cloud resources
It also protects cloud resources from AWS for example. I need to add it to my Azure subscription.
For AWS the following services are protected:
- Defender for Clouds's CSPM features
- Microsoft Defender for Containers
- Microsoft Defender for Servers
Assess, Secure and Defend
Three vital needs are managed by the Defender for Cloud:
- Continuous assess: Know the security state of the resources
- Secure: Protect the resources with Azure Security Benchmark
- Defend: Detect and respond to threats
Graph from MS:
Continuously assess
It assess the environment and gives out security scores and recommendations.
Secure
Workloads need to be secure In Defender for cloud, I can create policies and run them on management gorups, subscirptions and even tenants. Scalibility is one of the most important parts in cloud. So if a resource scales up, the Defender for cloud automatically starts to protect and monitor it.
Defend
Security alerts are one of the most important parts of the Defender for Cloud. The following security alerts are available:
- Describe affected resources
- Remediation steps
- Option to trigger a logic app