Lmst

Protect your Azure virtual machines from malware and other security threats with Microsoft Defender for Cloud, which provides endpoint protection and threat detection capabilities. #DefenderForCloud #EndpointProtection

@msftsecurity #DefenderforCloud - monthly news (July 2024 Edition) #SecOps #XDR #Multicloud #security
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/monthly-news-july-2024/ba-p/4180311?WT.mc_id=ES-MVP-5002880

Monitor and protect your Azure SQL databases with Azure SQL Database Threat Detection, which identifies and alerts you to suspicious activities and potential security vulnerabilities. #AzureSQL #ThreatDetection #DefenderForCloud

Implement multi-layered defenses in Defender For Cloud to safeguard your cloud infrastructure against evolving cyber threats and unauthorized access attempts. #DefenderForCloud #CyberDefense

Leverage Defender for Cloud to automatically detect and respond to security threats across your Azure resources, ensuring continuous protection for your cloud workloads. #DefenderForCloud #AzureSecurity

𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐢𝐧𝐠 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝 𝐋𝐚𝐛𝐬

Our labs project help you get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience for product features, capabilities, and scenarios. The labs are divided into 3 main tracks, a beginner (level 100/200) and an advanced (level 300+) track. The labs contain several modules cover different pillars such as Cloud Security Posture Management (CSPM) to Cloud Workload Protection (CWP). To start using our labs, you will need to create Azure Trial Subscription which provides you all capabilities for 30 days – so you have to finish this lab at this point to take advantage of the free trial.

https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Labs

#defender #defenderforcloud #cnapp #cspm #cwp #cwpp #cloudsecurity #multicloud #azure #aws #gcp #microsoft #microsoftsecurity #soc #server #container #storage #dns #api #devops #database #api #github #arc #agentless #storageaccount #mde #vulnerability #mdvm #siem

I just completed "Secure #Azure services and workloads with Microsoft #DefenderForCloud regulatory compliance controls" #MicrosoftLearn #AppliedSkills assessment. #SecOps #NeverStopLearning #CloudSkills

https://learn.microsoft.com/en-us/users/grozdanovd/credentials/B55402B48E6DCEBB

Security Tech Accelerator - On-demand Recordings mow available!

The Security, Compliance, and Identity Tech Community hosted a virtual "Tech Accelerator", an event consisting of over 12 deep dives & live AMAs for you to engage with Microsoft Product Experts and ask questions.

Event | Microsoft Security Tech Accelerator - December 6, 2023
https://techcommunity.microsoft.com/t5/tech-community-live/microsoft-security-tech-accelerator/ev-p/3968748#M20

#msftadvocate #microsoftdefender #defenderforcloud #microsoftsentinel #security

𝐍𝐞𝐰 𝐮𝐬𝐞 𝐜𝐚𝐬𝐞𝐬 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐩𝐢𝐥𝐨𝐭

📣 The new use cases for Security Copilot now extend beyond investigations in your security operations center to support various security necessities for organizations seeking to strengthen their security against cyberthreats.

➡Device management

➡Identity management

➡Data security

➡Cloud security

➡External attack surface management

📣Security Copilot is expanding into embedded experiences across various Microsoft Security solutions!

https://www.microsoft.com/en-us/security/blog/2023/12/06/microsoft-security-copilot-drives-new-product-integrations-at-microsoft-ignite-to-empower-security-and-it-teams/

#copilot #security #securitycopilot #llm #ai #genai #openai #microsoft #microsoftsecurity #cybersecurity #intune #purview #entraid #soc #xdr #siem #soar #cloud #cloudnative #cloudsecurity #sentinel #microsoftsentinel #cnapp #defenderforcloud #defender #easm #threatintelligence

𝐍𝐞𝐰 𝐮𝐬𝐞 𝐜𝐚𝐬𝐞𝐬 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐩𝐢𝐥𝐨𝐭

➡Device management

➡Identity management

➡Data security

➡Cloud security

➡External attack surface management

📣Security Copilot is expanding into embedded experiences across various Microsoft Security solutions!

https://www.microsoft.com/en-us/security/blog/2023/12/06/microsoft-security-copilot-drives-new-product-integrations-at-microsoft-ignite-to-empower-security-and-it-teams/

𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱

At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:

➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation

➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds

➡Accelerated critical risk remediation with Microsoft Security Copilot integration

➡Integrated security across multiple DevOps platforms

Extended protection for cloud workloads

➡Improved API Security Posture

➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform

More details:

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-new-cnapp-capabilities-in-defender-for-cloud/ba-p/3981941

#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability

𝗣𝗿𝗲𝗱𝗶𝗰𝘁 𝗳𝘂𝘁𝘂𝗿𝗲 𝗮𝘁𝘁𝗮𝗰𝗸𝘀! 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗼𝘀𝘁𝘂𝗿𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝘄𝗶𝘁𝗵 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿

Advanced cloud security protection goes beyond general security recommendations and provides predictive and future-facing defense, so users can prioritize security based on connected risks, visualize potential attack paths, and identify vulnerabilities and misconfigurations that attackers might exploit. Recommendations are ranked based on severity and potential impact, so users can focus on the most critical issues first.

https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/predict-future-attacks-cloud-security-posture-management-with/ba-p/3949053

#defendercspm #cspm #posturemanagement #defenderforcloud #cnapp #defender #microsoft #azure #cloud #multicloud #soc #cybersecurity #xdr

𝗗𝗲𝗳𝗲𝗻𝗱𝗶𝗻𝗴 𝗻𝗲𝘄 𝘃𝗲𝗰𝘁𝗼𝗿𝘀: 𝗧𝗵𝗿𝗲𝗮𝘁 𝗮𝗰𝘁𝗼𝗿𝘀 𝗮𝘁𝘁𝗲𝗺𝗽𝘁 𝗦𝗤𝗟 𝗦𝗲𝗿𝘃𝗲𝗿 𝘁𝗼 𝗰𝗹𝗼𝘂𝗱 𝗹𝗮𝘁𝗲𝗿𝗮𝗹 𝗺𝗼𝘃𝗲𝗺𝗲𝗻𝘁

Nice write-up by Microsoft security researchers about new campaign where attackers attempted to move laterally to a cloud environment through a SQL Server instance.

Attackers are now attempting to move laterally into cloud environments via SQL Server instances—a method previously seen in VMs and Kubernetes clusters but not in SQL Server.

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

#microsoft #microsoftsecurity #securityresearch #azure #SQL #cloudlateralmovement #lateralmovement #cloudsecurity #cloudnative #cybersecurity #soc #defenderforcloud #defenderforendpoint #mde #xdr #edr #defenderforsql #soc

𝐍𝐞𝐰 𝐞𝐱𝐩𝐚𝐧𝐝𝐞𝐝 𝐯𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧𝐭𝐨 𝐦𝐮𝐥𝐭𝐢𝐜𝐥𝐨𝐮𝐝 𝐝𝐚𝐭𝐚 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝

The data security dashboard provides a centralized, complete and current view of the state of your cloud data estate.

The data security dashboard helps you to:

➡ Discover your complete multicloud data estate across managed and hosted data resources

➡Understand your Defender for Cloud protection coverage and gaps across data resources

➡Gain insight on which protected data resources contain sensitive data and the types of sensitive information they contain

➡Use built-in data query templates to speed up cloud security explorer results

➡Focus on sensitive data resources that require attention as a result of active threats or potential risks to your sensitive data

➡View changing trends of resources with sensitive data that require attention to analyze improvement of data security posture over time

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/new-expanded-visibility-into-multicloud-data-security-in/ba-p/3913010

#microft #azure #defender #defenderforcloud #cnapp #aws #gcp #data #datasecurity #cloud #cloudsecurity #soc #cspm #posturemanagement

𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐀𝐏𝐈𝐬 𝐁𝐞𝐭𝐭𝐞𝐫 𝐓𝐨𝐠𝐞𝐭𝐡𝐞𝐫 𝐰𝐢𝐭𝐡 𝐀𝐳𝐮𝐫𝐞 𝐖𝐞𝐛 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 𝐚𝐧𝐝 𝐀𝐳𝐮𝐫𝐞 𝐀𝐏𝐈 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭

The synergy of Microsoft Defender for APIs, Azure WAF, and Azure API Management forms a strong defense against API threats.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/defender-for-apis-better-together-with-azure-web-application/ba-p/3907308

✔️The WAF on Application Gateway checks the request against WAF rules. If the request is valid, then it will proceed.

✔️Application Gateway directs the request to APIM.

✔️APIM accepts and properly maps the requests.

✔️Defender for APIs inspects API endpoints and gives insight on whether the API is properly authenticated, inactive, and externally facing.

✔️Defender for APIs monitors the traffic going to and from APIM to classify sensitive data and alert on exploits and anomalies.

𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐀𝐏𝐈𝐬

Defender for APIs provides visibility into crucial APIs. It facilitates a deep dive into your API security, allowing prioritization of vulnerabilities and quick detection of active threats. Key features include a consolidated view of managed APIs with security insights on external, inactive, or unauthenticated APIs, data classifications of sensitive data in API interactions, and machine learning-driven detection of API threats in alignment with the OWASP API Top 10.

𝐀𝐳𝐮𝐫𝐞 𝐀𝐏𝐈 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭

Azure API Management caters to the entire API lifecycle. APIM includes an API gateway, management platform, and developer portal. The gateway manages requests, ensures authentication, transforms requests and responses, caches responses, enforces usage caps, emits logs, and more.

𝐀𝐳𝐮𝐫𝐞 𝐖𝐞𝐛 𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥

Azure WAF provides a centralized defense against web and API vulnerabilities like SQL injections and cross-site scripting attacks. With its rapid virtual patching, Azure WAF offers quick threat mitigation without needing to individually secure every web application.

#microsoft #azure #azurewaf #waf #api #defenderapi #sqlinjection #apim #apimanagement #defenderforapi #defenderforcloud #defender #cloud #cloudsecurity #cloudnative #soc #owasp #apithreats #cybersecurity

In the realm of cybersecurity, preventing attackers' entry through misconfigurations is paramount. Cloud misconfigurations, particularly in AWS environments, can open doors to vulnerabilities. Microsoft Defender for Cloud steps in as a proactive guardian, identifying these misconfigurations and enabling swift remediation.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/proactively-secure-your-aws-cloud-resources-with-microsoft/ba-p/3901698

🌐 Why Misconfigurations Matter

Misconfigured cloud resources can expose sensitive data, grant unauthorized access, or leave unnecessary openings for exploitation. To maintain a strong security posture, proactive security management is essential.

🛡️ How Microsoft Defender for Cloud Helps

In this blog, I'll guide you through various scenarios of misconfigured AWS Cloud resources and showcase how Microsoft Defender for Cloud empowers security teams to identify, prevent, and remediate risks.

🚀 Getting Started with Proactive Security

To begin safeguarding your AWS resources, set up the connection between your AWS account and Microsoft Defender for Cloud. The cloud security graph, attack path analysis, and the cloud security explorer are invaluable tools for contextual security assessment.

🔍 Scenario 1: Sensitive Data Exposure

Imagine Contoso Bank, using Amazon S3 to store sensitive information. Mistakenly replicating data to a public S3 bucket opens avenues for data exposure. Microsoft Defender CSPM's attack path analysis uncovers this misconfiguration, providing insights and remediation steps.

🔍 Scenario 2: Over-Permissioning via IAM Roles

Datum Corporation's IT Admins manage AWS EC2 instances and want automated backups. Misconfigured IAM roles can lead to over-permissioning, exposing the instance to more access than necessary. Defender CSPM's attack path capability highlights vulnerabilities, effective permissions, and potential risks.

🔍 Scenario 3: Compromising KMS Keys

Fabrikam Inc secures sensitive data on Amazon EC2 instances through a KMS key. However, a high-severity vulnerability on the instance poses a risk of unauthorized access to the KMS. Defender CSPM's attack path analysis identifies potential credential theft and suggests remediation steps.

📚 Continuous Monitoring and Stay Ahead

The battle against misconfigurations isn't a one-time effort. Incorporating attack path analysis into your security strategy empowers teams to monitor and address new misconfigurations introduced during environment changes.

Enhance your AWS security with Microsoft Defender for Cloud. Stay ahead of potential misconfigurations, safeguard sensitive data, and bolster your cloud security strategy.

#CloudSecurity #AWSProtection #MicrosoftDefender #ProactiveSecurity #CyberDefense #microsoft #cnapp #defenderforcloud #aws #azure #multicloud #cspm #bucket #cloud #cloudsecurity #cloudnative #soc #xdr

🔒 𝐄𝐦𝐛𝐫𝐚𝐜𝐢𝐧𝐠 𝐌𝐮𝐥𝐭𝐢𝐜𝐥𝐨𝐮𝐝 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝'𝐬 𝐍𝐞𝐰 𝐈𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧𝐬 🔒

Find out recent news about Microsoft CNAPP platform.

🛡️ Enhanced Multicloud Posture Management for GCP 🛡️

Microsoft Defender for Cloud has unveiled advanced posture management capabilities for Google Cloud Platform (GCP). Cloud Security Graph and Attack Path Analysis now support GCP resources. This empowers organizations to identify, prioritize, and address critical risks within their multicloud environment. Key features include attack path analysis, cloud security exploration, agentless scanning, and data-aware security posture.

🌐 Microsoft Cloud Security Benchmark Expands to GCP 🌐

Microsoft Cloud Security Benchmark (MCSB) now includes Google Cloud Platform in its support, aligning with Azure and AWS. With over 120 built-in GCP-specific assessments, MCSB provides industry-best practices for GCP resource monitoring, enabling optimized cloud security across major providers.

🦠 Malware Scanning and Container Vulnerability Management 📦

Defender for Cloud takes runtime cloud data security to the next level. Malware Scanning in Defender for Storage will soon provide real-time protection against malware entry and distribution in Azure Blob storage accounts. Meanwhile, Defender for Cloud integrates with Microsoft Defender Vulnerability Management to offer agentless vulnerability assessments for containers, fostering secure software supply chains with real-time scans and exploitability insights.

🚀 Elevate Your Cloud Security with Microsoft Defender for Cloud 🚀

From code to cloud, Microsoft Defender for Cloud empowers you to embrace a proactive and advanced approach to multicloud security. With features like enhanced posture management, expanded benchmark coverage, malware scanning, and container vulnerability assessments, staying secure in multicloud environments has never been easier.

💡 Ready to enhance your multicloud security? Learn more about these innovations in Microsoft Defender for Cloud and embark on a journey of fortified cloud protection today. 💡

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/new-multicloud-cnapp-innovations-in-microsoft-defender-for-cloud/ba-p/3895154

#cnapp #microsoft #defender #defenderforcloud #azure #aws #gcp #multicoud #cloud #cloudnative #cloudsecurity #CloudSecurityBenchmark #MCSB #va #vulnerabilitymanagement #vulnerability #edr #xdr #microsoft #soc

Malware Scanning in Defender for Storage will be generally available (GA) for Azure Blob Storage on September 1, 2023

Malware Scanning in Defender for Storage helps protect your Blob storage accounts from malicious content by performing a full, built-in, agentless malware scan on uploaded content in near real time, using Microsoft Defender Antivirus capabilities. It scans all file types and allows you to detect and prevent malware distribution events.

Find out relevant use cases: https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/malware-scanning-for-cloud-storage-ga-pre-announcement-prevent/ba-p/3884470

#defenderforcloud #defenderforstorage #defender #malware #malwarescanning #storage #azure #blob #blobstorage #agentless #av #azure #cloudsecurity #cloudnative #antivirus