Azure Security Center and Azure Defender are now part of Microsoft Defender for Cloud. In this blog, we walk through how Defender for Cloud works and how it provides security for your cloud environment.
Towards the end of 2021, Microsoft brought its Azure Security Center and Azure Defender products under the new umbrella of Microsoft Defender for Cloud. It did this to further support, natively, its security management of multicloud environments and better demonstrate its integrated cloud platform security capabilities.
This enhancement built on Azure Security Center’s maturation into a market-leading Cloud Security Posture Management (CSPM) solution since its birth in 2016 – a status to which Forrester attested in determining that ASC had delivered a 219 percent ROI over three years and a payback in fewer than six months.
Comprehensive Cloud Security Monitoring, Management and Protection
Now, with its unified Azure components, Defender for Cloud is a comprehensive security solution that delivers high-visibility-and-control security management and threat protection for cloud workloads, Azure-managed services, on-premises environments, and other cloud platforms, such as GCP and AWS.
The hybrid environments it safeguards include databases, virtual machines, serverless resources, and containers, and its oversight extends to vulnerability, compliance, identity, access, and event management, as well as threat intelligence.
Its real-time threat detection and response is refined through artificial intelligence (AI) and machine-learning proficiencies that let it continuously grasp and, over time, apply lessons from security events. Its design allows integrations with a broad range of third-party solutions, such as Microsoft Sentinel or comparable incident-management tools.
Defender for Cloud can do all of this because it’s designed to be agile, vigilant, and eyes on everything. It can readily undertake multiple-cloud-platform security monitoring and management because it has a unified, ever-present view of the entire cloud security deployment and a high degree of scalability and flexibility.
It simplifies and establishes compliance with regulatory standards through automated compliance assessments and uninterrupted compliance monitoring and reporting.
Cloud Security Recommendations for Action
Cloud Security Posture Management capabilities in Defender for Cloud yield recommendations describing actions to secure your cloud and on-premises resources.
Centralized policy management provides recommendations to identify the resource configurations that violate your security policy so you can define the security conditions you want. Users can monitor the security baseline, which applies guidance from the benchmark, and subsequently find Azure policy definitions in the regulatory compliance section of the Defender for Cloud portal page.
The baseline list features pertinent Azure Security conditions so that you can measure your compliance with the benchmark controls and recommendations. Microsoft’s built-in cloud security benchmark standard subsequently applies security principles containing detailed technical implementation guidance for Azure and other cloud providers.
The secure score tool aggregates security findings based on the recommendations into a single score to quickly show you how secure you are at any time. The more security remedies implemented, the higher the score and the lower the identified risk level. This is how you can view the secure score dashboard, which shows the score as a percentage value and includes the underlying values:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls
Basic CSPM has a dashboard that reveals any security posture weaknesses, while advanced CSPM tools to identify security deficiencies include governance that drives security posture improvements.
The data-aware security posture feature finds where sensitive data is stored and mitigates the risk of data breaches. At the same time, attack path analysis models the traffic on your network so you can spot potential risks before you make changes to your cloud environment.
High Marks from Defender for Cloud Users
Microsoft Defender for Cloud is well-regarded by its customers. The latest Gartner Peer Insights ratings overview, based on user reviews from the previous 12 months (through February 2024), found that 95 percent of the respondents gave Defender for Cloud either a 4- or 5-star review, with an overall average of 4.3 (out of a possible 5).
Broken down into categories, the Microsoft solution received a 4.6 score on Integration & Deployment, Product Capabilities, and Service & Support, and a 4.5 rating on Evaluation & Contracting. A separate ratings overview report from the same period by the software marketplace G2 was just as bullish, with more than 95 percent of respondents also assigning 4- or 5-star ratings to Defender for Cloud.
We also know some of the main reasons why customers are making Defender for Cloud their cloud security solution. The enterprise technology review site PeerSpot reported that security product users cited four big factors behind their choice of Defender for Cloud.
- Multi-cloud capabilities. Cloud security solutions must protect workloads wherever they’re hosted and defend multicloud architectures that span various environments. As one reviewer said, “The most valuable feature of this solution is the support for a multicloud environment.”
- Single view capability for security posture management. A single dashboard, or pane of glass, gives users comprehensive and integrated visibility of the entire security landscape and makes life easier for security teams, which no longer must switch views between multiple solutions. Here is what it looks like:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/overview-page
- Advanced threat protections. People endorsing Defender for Cloud on this basis spoke favorably about ransomware protection and access controls, improved incident response times, correlated alerts, and effective integration for automated incident response.
- Automation. The automated use case in the Microsoft solution frees up IT managers and staff from much of the manual process work that can make incident alerts unmanageable.
Making Extended Detection and Response More Effective
Integrations now available from Microsoft Defender for Cloud are strengthening the effectiveness of extended detection and response, or XDR – a new platform that implements a holistic protection strategy against cyberattacks by drawing upon and coordinating data from security instruments in a company’s technology stack.
About 60 percent of cloud security breach incidents identified by Defender for Cloud involved identify-related compromises across email, SaaS apps, or endpoints. This finding proves that cyberattacks are going beyond end-user assets to target cloud and hybrid workloads. However, a security operations center can’t stop these cross-domain invasions unless it can see and, subsequently, correlate alerts across end-user assets and their corresponding cloud workloads.
To ensure that all-encompassing visibility is available, Microsoft has recently integrated cloud workload alerts, signals, and asset information from Defender for Cloud into Microsoft Defender XDR. This included new cross-workload-related correlations and cloud-specific content.
The integration was automatically enabled for existing Defender for Cloud clients, who could see the new insights in their assets, alerts, and incidents in the Defender portal. They also could readily transition from incident response into the portal to take protective actions involving any of their cloud or hybrid resources.
Conclusion
Clearly, Defender for Cloud has incorporated Azure technology to create a comprehensive security operation. This operation combines versatility and flexibility with an omniscient perspective on all aspects of threat identification. Additionally, it provides a uniformly effective response to those threats at any time. It is the all-in-one solution for your actual and potential cybersecurity challenges.
Want more great content like this? Check out our blog.
Not quite sure where to go next with Microsoft Defender for Cloud? Our Modern Workplace and Cybersecurity experts are here to help. Contact us
