Microsoft Ignite 2020 event brought in a lot of innovative features for Microsoft Azure. One of the exciting features which we will talk about today is the Azure Defender and how to use Azure Defender to Improve Security?
Azure Defender is an evolution of the threat-protection technologies in Azure Security Center, protecting Azure and hybrid environments. Microsoft rebranded the offering previously called advanced threat protection services in Azure Security Center as Azure Defender. For example, Advanced Threat Protection for Azure Storage is now Azure Defender for Storage. It is part of integrated cloud workload protection (CWP).
What resource types can Azure Defender secure?
Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases, containers, web applications, networks, and more. It includes protection for Kubernetes and container registry.
When you enable Azure Defender from the Pricing and settings area of Azure Security Center, the following Defender plans are all enabled simultaneously. It provides comprehensive defenses for the compute, data, and service layers of your environment:
- Azure Defender for servers
- Azure Defender for App Service
- Azure Defender for Storage
- Azure Defender for SQL
- Azure Defender for Kubernetes
- Azure Defender for container registries
- Azure Defender for Key Vault
Azure Defender Dashboard
Azure defender dashboard includes the following four sections
- Azure Defender coverage – Here you can see the resource types that are in your subscription and eligible for protection by Azure Defender.
- Security alerts area – When Azure Defender detects a threat in any area of your environment, it generates an alert. These alerts describe details of the affected resources, suggested remediation steps, and in some cases option to trigger a logic app in response. These alerts are grouped on the basis of High, Medium, and Low Severity. It is better to take a risk-based approach in remediating these alerts and we should prioritize High severity alerts followed by medium severity. For fixing of Low severity alerts, we should do a cost-benefit analysis and could also risk acceptance on case to case basis.
- Advanced protection – In this advanced protection section, you can see the status of the resources in your selected subscriptions for advanced protection like Vulnerability assessment, Just in Time VM access, Container Image Scanning, SQL Vulnerability Assessment, File Integrity monitoring, etc. Select any of them to go directly to the configuration area for that protection type.
- Insights -This section contains a rolling pane of news, suggested reading, and high priority alerts relevant to you and your subscription. It is very necessary to give a lot of emphasis on high priority alerts.
Below is how Azure Defender Dashboard Looks like
Please note Azure defender is a paid service. However, you could use it free for 30 days on Trial basis.
Hybrid Cloud Protection
One of the great thing about Azure Defender is that it provides Hybrid cloud protection meaning it could be used to
- Protect your non-Azure servers
- Protect your virtual machines in other clouds (such as AWS and GCP)
To extend protection to virtual machines and SQL databases that are in other clouds or on-premises, deploy Azure Arc and enable Azure Defender. Azure Arc for servers is a free service, but services that are used on Arc enabled servers, for example, Azure Defender, will be charged as per the pricing for that service.
On a closing note, Azure defender is one of the advanced cloud workload protection services and will help improve the cloud security posture by a long margin.
Contact Us for any query related to Microsoft Azure Training.
Deepesh Kumar works as Associate Director – Information Security Risk Management in Novartis. He has also worked with Morgan Stanley and JPMorgan Chase & Co. He holds CISSP, PMP, CIPP-E, AWS Cloud solution Architect, Azure Architect Design, and other Information Security relevant Certifications.