Now more than ever, organizations are challenged with keeping their employees productive working remotely and interacting with their customers over digital channels.  At the same time there has been an increase in evolving digital security threats as bad actors recognize an opportunity to disrupt your business.  Moreover, security resources are stretched, and prioritization is important.

 

To help you protect all the assets within your organization earlier this week we announced Microsoft Defender. Microsoft Defender delivers comprehensive threat protection spanning users, devices, apps, data, servers, IoT devices, Operational Technology (OT), and more.  Microsoft Defender is Microsoft’s leading Extended Detection and Response (XDR) solution for threat protection across all your technical assets composed of two experiences: Microsoft 365 Defender and Azure Defender.  Azure Defender is an evolution of the threat protection technologies in Azure Security Center, protecting Azure and hybrid environments.  With this announcement, we are rebranding the offerings previously called advanced threat protection services in Azure Security Center as Azure Defender.  For example, Advanced Threat Protection for Azure Storage is now Azure Defender for Storage.

 

 

1. Updated Azure Security Center UI

Following this rebranding, and in order to better reflect the different value pillars that Azure Security Center offers, we have also changed the main Security Center product experience. With the new experience, Security Center serves as the central overarching experience that includes multiple independent cloud security pillars such as Azure Secure Score, Regulatory Compliance and of course Azure Defender. In addition, each of these pillars has its own dedicated dashboard allowing deeper insights and actions around that vertical. Changes to the product can be seen at the following link (http://aka.ms/ascignite2020) during the conference and will be integrated into the product after Ignite 2020.

 

giladelyashar_10-1600959211945.png

 

Figure 1: Azure Security Center Overview window

 

When you click on the Azure Defender dashboard, you can see that you have better visibility into Azure Defender coverage across your different resource types, visibility into onboarding state & agent installation and a holistic view of the threat detection alerts included in Azure Defender.

 

giladelyashar_11-1600959211985.png

 

Figure 2: Azure Defender dashboard

 

2. Protection for multi cloud workloads (AWS & GCP)

As more organizations manage cloud workloads on multiple cloud platforms, they require a security solution that provides visibility & protection across all their cloud environments. To enable that, Security Center is announcing a public preview for protection of workloads in AWS & GCP

  • Customers will be able to onboard their AWS/GCP accounts into ASC.
  • Security Center will include detected misconfigurations and findings from AWS Security Hub and GCP Security Command Center into its Secure Score model and Regulatory Compliance experience, thus providing a central pane to visualize security posture across multi-cloud assets.
  • Azure Defender for Servers will leverage Azure Arc to extend its support for VMs in AWS & GCP including capabilities such as automatic agent provisioning, policy management, vulnerability management, embedded EDR and more., embedded EDR and more.

         giladelyashar_12-1600959211999.png

 

Figure 3: Secure Score Recommendations page including AWS and GCP recommendations

We are also delighted to announce the preview availability of Azure Arc enabled SQL Servers and its integration with Azure Defender and Azure Sentinel. With Azure Arc enabled SQL Server you can now protect SQL Servers anywhere (on-premises, and in other clouds such as AWS, GCP) the same way you protect Azure SQL directly from the Azure portal for a unified, hybrid security experience using Azure Defender. This unified experience simplifies protecting your entire SQL estate. In addition, your security operations team can take the threat information from Azure Security Center and surface it into Azure Sentinel, the industry’s first cloud native SIEM, where when combined with security intelligence from throughout your enterprise, you can now detect and mitigate threats that may traverse laterally across your hybrid environments before attackers have the opportunity to exfiltrate data.

 

giladelyashar_13-1600959212003.png

 

Figure 4. Integration of Azure Arc enabled SQL Server and Azure Security Center

 

 

3. Containers Enhancements

As containers and specifically Kubernetes are becoming more widely used, we are extending our Azure Defender for Kubernetes offering to include Kubernetes level policy management, hardening and enforcement with admission control to make sure that Kubernetes workloads are created secure by default. In addition, Container image scanning by Azure Defender for Container Registries will now support continuous scanning of container images in the Azure Container Registry and re-evaluate registry images for new vulnerabilities to minimize the exploitability of running containers.

 

 

4. General availability for more platform protection

We are announcing the general availability of Azure Defender for Key Vault and for Azure Defender for Storage protection for Azure Files and Azure Data Lake Storage Gen2. 

 

 

5. Azure Defender for IoT, Now With CyberX Agentless Technology

At Ignite, we’re announcing Public Preview of new capabilities for securing Operational Technology (OT) environments such as manufacturing, building automation, life sciences, energy and water utilities, oil & gas, and warehousing & logistics. 

Incorporating agentless technology from Microsoft’s recent acquisition of CyberX, Azure Defender for IoT enables organizations to auto-discover their IoT/OT assets, identify critical vulnerabilities, and continuously monitor for threats. It will initially be available for on-premises deployments, with an Azure-based console to follow. Read more.

 

 

 

6. Azure Security Center cloud security posture management enhancements

Azure Security Center continues to provide cloud security posture management enhancements. At Ignite this year, we are announcing general availability for the new Asset Inventory experience. The new experience enables customers to explore their security posture data in a much deeper way, providing  view, filter and query abilities for all details and insights across all resources protected by ASC, via an easy to use and crystal clear user interface.

This new experience is fully built on top of Azure Resource Graph (ARG) which now holds all of ASCs security posture data, and leveraging its powerful KQL engine enables customers to quickly and easily reach deep insights on top of ASC data and cross reference with any other resource properties.

 

giladelyashar_14-1600959212014.png

 

Figure 5: Azure Security Center Inventory view

 

We are also very excited to announce the public preview of a more fine-grained ability to manage and control security recommendations and their application on one’s resources. This includes ability to exempt specific resources from specific security recommendations, with documented reasoning and easy monitoring of exemptions. Another advanced capability is to customize security findings either by configuring which findings should be applicable, such as by severity, type, name or any other category. This allows maximum flexibility of adjusting the security recommendations to the organization’s policy and priorities and by that better representation of their security posture in Secure Score.

 

 

 

 

For related material, see the following articles: