Security Incident Response

If you think you have or know you have a Security Incident please fill in the form and our experienced Onevinn CSIRT team will reach out shortly.
The team has long experience in supporting customers in Incident Response and Compromised Recovery.
Keep calm and we will be with you shortly!

Olov Norman 05 Dec 2023
2 min

What´s new in Microsoft Defender for Cloud

Key Enhancements in Microsoft Defender for Cloud

In today's ever-evolving cloud landscape, ensuring robust security across multicloud and hybrid environments is imperative. Microsoft Defender for Cloud emerges as a pivotal solution, offering comprehensive security measures throughout the lifecycle of cloud-based applications. Let's delve into the significant updates that bolster the capabilities of Defender for Cloud, equipping security administrators to adopt a holistic cloud-native application protection strategy and fortify security postures across diverse cloud environments and DevOps platforms.

Unifying Identity and Access Insights

The integration with Microsoft Entra Permissions Management marks a crucial update for Defender for Cloud. This enhancement empowers security administrators with a centralized view of Permissions Creep Index, facilitating proactive least privilege access controls for cloud resources. Through this integration, admins gain insights connecting access permissions across Azure, Amazon Web Services (AWS), and Google Cloud, enabling comprehensive attack path analysis. This update is currently available in preview, promising a more cohesive cloud security posture.

DevOps Security Insights Integration

Defender for Cloud expands its horizon by providing deep visibility into application security across major developer platforms. With support for GitHub, Azure DevOps, and the newly introduced GitLab integration, security admins gain in-depth insights into application security posture within these DevOps platforms. This move aims to provide a consolidated view of security across GitHub Advanced Security, GitHub Advanced Security for Azure DevOps, and now GitLab Ultimate, further empowering DevOps security. This feature is currently available in preview.

Strengthening Container Security

Enhancing container security becomes more streamlined with the expansion of Defender Cloud Security Posture Management (CSPM) capabilities. This update extends contextually-driven graph-based capabilities to Amazon Elastic Kubernetes Service (Amazon EKS) and Google Kubernetes Engine (GKE) clusters. By prioritizing misconfigurations and exposures in Kubernetes deployments, security administrators can proactively address containerized application risks. This update is anticipated to be available in preview soon, promising improved container security across multicloud environments.

Proactive Risk Mitigation and Attack Path Analysis

Defender for Cloud introduces a risk-based recommendation engine, enhancing attack path analysis across clouds. This engine aids in efficiently identifying and prioritizing the remediation of complex risks, such as cross-cloud attack paths, reducing recommendation fatigue for admins. Additionally, the code-to-cloud mapping feature accelerates addressing critical security flaws directly in the code. Integration with ServiceNow enables admins to automate or drive risk mitigation using their existing systems. This update is currently available in preview, facilitating faster risk mitigation and comprehensive risk analysis.

Enhanced API Security Posture

Defender for Cloud's General Availability of the Defender for APIs plan brings forth heightened API security. Security admins gain visibility into business-critical APIs, prioritize vulnerability fixes, and detect real-time threats in APIs published via Azure API Management. New preview capabilities powered by Microsoft Purview focus on sensitive data classification, further bolstering API risk mitigation efforts.

Microsoft Security Copilot Integration

The addition of Microsoft Security Copilot in Defender for Cloud harnesses the power of AI-generated guidance. Security admins gain efficiency in discovering and remediating risks through natural language-driven queries. This feature, currently in private preview, promises enhanced efficacy in risk identification and remediation across cloud environments.

In conclusion, the comprehensive updates within Microsoft Defender for Cloud underscore Microsoft's commitment to empowering security administrators with robust tools and capabilities. These enhancements not only fortify cloud security postures but also equip organizations to navigate the intricate cloud landscape confidently, ensuring a resilient defense against evolving threats.

Stay tuned for more updates as Microsoft continues to drive advancements in cloud security.