Comprehensive Overview of Microsoft Defender

Jan 14, 2025

Microsoft Secure Technical Accelerator Session

Introduction

  • Speaker: Gopal Shankar, Product Manager, Microsoft Defender for Cloud
  • Colleagues: Nick Lake, Fernanda Vela
  • Focus: Defender for Cloud

Overview

  • Cloud-Native Application Protection Platform (CNAP): Microsoft's perspective
  • Challenges: Complex security for entire cloud lifecycle, manual insights aggregation
  • Solution: Comprehensive security, combining capabilities into a simple solution

Microsoft Defender for Cloud

  • Features:
    • Comprehensive and continuous security
    • Protection across multi-cloud and hybrid environments
    • Simplifies complexity for visibility and risk prioritization
    • Integrated response tools

CNAP Principles

  • Key Components:
    • DevOps Security Management
    • Cloud Security Posture Management
    • Cloud Workload Protection
    • Cloud Infrastructure Entitlement Management
    • Network Security

Prevention with Defender for Cloud

  • Defender CSPM:
    • Contextual cloud security
    • Attack path analysis
    • Cloud Security Explorer
    • Agentless vulnerability scanning
  • Integrations:
    • Permissions management
    • External attack surface management
  • Shift Left Strategy: Integration with Defender for DevOps

Detection and Response

  • Cloud Workload Protection:
    • Detect potential attacks
    • Enforce policies in early threat stages
  • Multi-cloud Support: AWS, GCP, Azure
  • New Features:
    • Storage malware scanning
    • Sensitive data threat detection
    • Detection of entities without identities

Microsoft Security Stack

  • AI Utilization: Synthesizes 65 trillion signals to identify threats

Cloud Security Challenges (Nick Lake)

  • Complex Scenarios for Security Admins:
    • Full visibility of multi-cloud environments
    • Risk prioritization and hunting
    • Operational expectations
  • Data Awareness:
    • Discovery of cloud data estate
    • Understanding security attributes

CSPM Capabilities

  • Defender CSPM Features:
    • Agentless vulnerability scanning
    • Attack path analysis
    • Governance and prioritization tools
  • Cloud Security Explorer: Custom queries for specific needs

Governance Capabilities

  • Tracking Remediation Progress:
    • Assigning ownership
    • Systematic updates and accountability

Cloud-Native Application Protection (DevOps)

  • Defender for DevOps:
    • Unified visibility into DevOps security posture
    • Infrastructure as code scanning
    • Code to cloud contextualization

Workload Protection Scenarios (Fernanda Vela)

  • Defender for Storage:
    • Protects against malware, data exfiltration, data corruption
    • Sensitive data threat detection
    • Entities without identities detection
    • Malware scanning

Defender for Storage Features

  • Enablement and Migration:
    • Subscription-level protection
    • Granular control for specific accounts
    • Integration with automation workflows
  • Compliance and Evidence:
    • Security alerts and logs for SIEM solutions

Conclusion

  • Comprehensive Cloud Security:
    • Protects from code to cloud
    • Integrated across multiple security aspects
  • Call to Action:
    • Sign up for a trial of Defender for Cloud
    • Explore innovations in Defender CSPM, DevOps, and Storage

End of Session

  • Thanks for attending and exploring Microsoft’s innovations.

Full transcript