Microsoft Defender for Cloud

This article will introduce you to MDFC, Cloud Security Position Management, and the Cloud Workload Protection Platform.

Introduction of MDFC

MDFC stands for Microsoft Defender for the Cloud. MDFC is a Defender product collection that provides security and visibility into your Azure security posture. This blog will concentrate on how Microsoft Defender for Cloud (MDFC) can help secure your Azure environment. MDFC provides both free and paid features for your cloud workloads. 

 

Cloud Security Posture Management

Cloud Security Posture Management (CSPM) refers to an IT tool that monitors your cloud security posture continuously and reports any misconfigurations or compliance issues. Based on the scanning, MDFC provides visibility into the environment and hardening recommendations.

The secure score is the first thing you'll notice in MDFC's CSPM section. This number ranges from 1 to 100 and indicates the level of safety in your environment. The higher the number, the safer your environment. Microsoft uses its own benchmark for this score, but you can also choose NIST or Azure CIS.

The cloud security graph is an exciting feature of MDFC. The cloud security graph gathers information from various clouds and data sources, which MDFC then analyses. Data collected can range from networks to software inventory to exposure to the public internet. All of the collected data is built into the graph, and depending on which environments you have linked, it will display that information in the cloud portal. The graph is used in attack path analysis to display compromises or vulnerabilities so that you can take the appropriate action.

One of the nice things about Microsoft CSPM is that it has a free version with a lot of useful information and action points to help secure your IT environment. There will also be a paid version that goes even further, but this is currently a preview feature. I'll go over briefly what the paid version brings to the table.

Cloud Workload Protection Platform

The Cloud Workload Protection Platform (CWPP) protects all of your workloads. Microsoft offers a variety of workload protection options, each of which will be covered in a separate post in this blog series. The services listed below are currently available.

  • Microsoft Defender for Servers
  • Microsoft Defender for Storage
  • Microsoft Defender for SQL
  • Microsoft Defender for Containers
  • Microsoft Defender for App Service
  • Microsoft Defender for Key Vault
  • Microsoft Defender for Resource Manager
  • Microsoft Defender for DNS
  • Microsoft Defender for open-source relational databases
  • Microsoft Defender for Azure Cosmos DB
  • Defender Cloud Security Posture Management (CSPM)
  • Security governance and regulatory compliance
  • Cloud security explorer
  • Attack path analysis
  • Agentless scanning for machines
  • Defender for DevOps

If you want to enable Defender for Azure resources, you may not need to deploy any agents or push configurations. Activating the Defender SKU is as simple as clicking a button for many Azure resources. Microsoft will begin scanning, collecting, and publishing data onto the Defender page for you to view and act on. If the Azure resources require an agent, Microsoft will frequently deploy it in the background, ensuring a smooth start with Defender. MDFC, as mentioned in the CSPM section, is not limited to Azure resources. Both Amazon Cloud and Google Cloud have connectors. You can install Azure Arc agents in any public or private cloud (data centre) that you use. MDFC gathers all of the data and displays it in the same portal view. It can divide the collected data into each cloud, allowing you to prioritise any remediation or optimisation efforts.

The cloud workload protection areas have been set up to secure each Azure component and spread it to other public clouds via connectors or Azure Arc. Defender for DevOps is still in beta, but it can scan GitHub and Azure DevOps. The community and customers may also request the expansion of Defender for DevOps to other products. MDFC for data services can assist in automating data classification for Azure SQL and assessing SQL and storage account vulnerabilities.

Some of the hardening recommendations include built-in Azure policies to help protect and remediate resource settings. Blocking public access to blob storage is one example.

Conclusion

This brief overview of Microsoft Defender for Cloud aims to provide an understanding of what MDFC can do for your business, regardless of where your resources are hosted. Cloud Security Posture Management ensures visibility into your environment and provides hardening advice for both the free and paid versions of Defender for Cloud. The CSPM will constantly monitor your environment and keep you up-to-date on any recommendations it has for you.

Cloud workload protection ensures the security of your resources and, in conjunction with the CSPM, will assist you in hardening those resources even further. Microsoft's approach to hardening policies and recommendations ensures that you can get started quickly and efficiently. However, before you hit the deploy button, you must first understand how Azure policies work. If you don't know what you're doing, you may end up breaking the services you're attempting to protect.