Securing Cloud Infrastructure With Microsoft Defender
Despite all the Security Policies and Privacy Laws developed since the introduction of the Internet, users still face an inherent level of risk to their data
Despite all the Security Policies and Privacy Laws developed since the introduction of the Internet, users still face an inherent level of risk to their data and applications. There is a lot of discussion about this and more so since the evolution of Cloud Computing. However, Engineer Longji Vwamhi is an avid believer in Cloud Computing and is encouraged by all the efforts made by Cloud Providers to secure Cloud Infrastructure and Data.
Longji Vwamhi is an experienced DevOps engineer who has worked in big tech firms. Experienced in various programming languages, DevOps tools, and Cloud Computing.
Cyber Attackers continue to attack IT Infrastructure, they are vastly skilled in coding and programming languages like other people. They exploit the security loopholes they find in IT Infrastructures and data storage. Once they realize their target has a loophole, they enter through that loophole to attack, steal, or manipulate information stored on cloud storage.
What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources . Defender for Cloud covers three vital needs to enable you to manage the security of the cloud and on-premise workloads:
Defender for Cloud Secure Score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts.
Defender for Cloud Recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks.
Defender for Cloud Alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.
Protect all of your resources under one roof
Because Defender for Cloud is an Azure-native service, many Azure services are monitored and protected without needing any deployment, but you can also add resources that are on-premises or in other public clouds.
When necessary, Defender for Cloud can automatically deploy a Log Analytics agent to gather security-related data. For Azure machines, deployment is handled directly. For hybrid and multi-cloud environments, Microsoft Defender plans are extended to non-Azure machines with the help of Azure Arc. CSPM features are extended to multi-cloud machines without the need for any agents (see Defend resources running on other clouds).
Defend your Azure-native resources
Defender for Cloud helps you detect threats across:
Azure PaaS services — Detect threats targeting Azure services including Azure App Service, Azure SQL, Azure Storage Account, and more data services. You can also perform anomaly detection on your Azure activity logs using the native integration with Microsoft Defender for Cloud Apps (formerly known as Microsoft Cloud App Security).
Azure data services — Defender for Cloud includes capabilities that help you automatically classify your data in Azure SQL. You can also get assessments for potential vulnerabilities across Azure SQL and Storage services, and recommendations for how to mitigate them.
Networks — Defender for Cloud helps you limit exposure to brute force attacks. By reducing access to virtual machine ports, using the just-in-time VM access, you can harden your network by preventing unnecessary access. You can set secure access policies on selected ports, for only authorized users, allowed source IP address ranges or IP addresses, and for a limited amount of time.
Defend your on-premises resources
In addition to defending your Azure environment, you can add Defender for Cloud capabilities to your hybrid cloud environment to protect your non-Azure servers. To help you focus on what matters the most, you’ll get customized threat intelligence and prioritized alerts according to your specific environment.
To extend protection to on-premises machines, deploy Azure Arc, and enable Defender for Cloud’s enhanced security features. Learn more in Add non-Azure machines with Azure Arc.
Defend resources running on other clouds
Defenders for Cloud can protect resources in other clouds (such as AWS and GCP).
For example, if you’ve connected an Amazon Web Services (AWS) account to an Azure subscription, you can enable any of these protections:
Defender for Cloud’s CSPM features extends to your AWS resources. This agentless plan assesses your AWS resources according to AWS-specific security recommendations and these are included in your secure score. The resources will also be assessed for compliance with built-in standards specific to AWS (AWS CIS, AWS PCI DSS, and AWS Foundational Security Best Practices). Defender for Cloud’s asset inventory page is a multi-cloud enabled feature helping you manage your AWS resources alongside your Azure resources.
Microsoft Defender for Kubernetes extends its container threat detection and advanced defenses to your Amazon EKS Linux clusters.
Microsoft Defender for Servers brings threat detection and advanced defenses to your Windows and Linux EC2 instances. This plan includes the integrated license for Microsoft Defender for Endpoint, security baselines and OS-level assessments, vulnerability assessment scanning, adaptive application controls (AAC), file integrity monitoring (FIM), and more.
Defender for Cloud continuously discovers new resources that are being deployed across your workloads and assess whether they’re configured according to security best practices. If not, they’re flagged and you get a prioritized list of recommendations for what you need to fix. Recommendations help you reduce the attack surface across each of your resources.
According to Longji Vwamhi, Microsoft Defender is a tool that adds an extra layer of security to your infrastructure, the continuous assessment, and recommendations by Microsoft Defender make it a must-have tool.