Catégorie : Microsoft Defender for Cloud

ACR | Containers vulnerability assessment powered by Microsoft Defender Vulnerability Management (MDVM)

Hi!

Enhanced by Microsoft Defender Vulnerability Management (MDVM), the Azure Vulnerability Assessment is an effortless, plug-and-play solution, empowering security teams to swiftly identify and rectify vulnerabilities within Linux container images. This process requires no initial configuration for onboarding and eliminates the need for agent deployment.

Notably, this feature exclusively supports the scanning of images within the Azure Container Registry (ACR). Images stored in alternative container registries must be imported into ACR for coverage.

MDVM-powered Container Vulnerability Assessment boasts the following key capabilities:

  • Scanning OS Packages: This feature allows for the scanning of vulnerabilities present in packages installed by the OS package manager in Linux. Refer to the comprehensive list of supported OS and their versions for further details.
  • Language-Specific Packages: Support is extended to language-specific packages and associated files, along with their dependencies, whether installed or copied without the involvement of the OS package manager. For a complete list of supported languages, please consult our resources.
  • Image Scanning in Azure Private Link: This capability enables the scanning of images within container registries accessible through Azure Private Links. It is contingent upon access to trusted services and authentication with the registry. Learn how to enable access through trusted services.
  • Exploitability Insights: Each vulnerability report undergoes scrutiny within exploitability databases, assisting customers in gauging the actual risk associated with each reported vulnerability.
  • Comprehensive Reporting: Container Vulnerability Assessment for Azure, powered by Microsoft Defender Vulnerability Management (MDVM), furnishes vulnerability reports with the following recommendations:
    • Querying Vulnerability Information via Azure Resource Graph: This functionality facilitates the querying of vulnerability information through the Azure Resource Graph. Find out how to query recommendations via ARG.
    • Querying Vulnerability Information via Subassessment API: Obtain scan results through the REST API.
    • Support for Exemptions: Learn to create exemption rules for a management group, resource group, or subscription.
    • Support for Disabling Vulnerabilities: Gain insights into disabling vulnerabilities on images.

One-Time Triggering:

  • Each image pushed or imported to a container registry undergoes scanning immediately after the operation. Typically, the scan concludes within minutes, but may occasionally extend up to an hour.
  • [Preview] Images pulled from a registry are scheduled for scanning within 24 hours.

Microsoft Defender Vulnerability Management (MDVM) now incorporates an additional trigger for scanning images retrieved from an ACR. This enhancement extends coverage to active images, complementing existing triggers for scanning images pushed to an ACR within the last 90 days and images currently operational in AKS.

Continuous Rescan Triggering:

A continuous rescan is vital to ensure that images, previously scanned for vulnerabilities, receive updates to their vulnerability reports in the event of a newly discovered vulnerability.

  • A rescan is executed once daily for:
    • Images pushed within the last 90 days.
    • [Preview] Images pulled within the last 30 days.
    • Images currently active on the Kubernetes clusters monitored by Defender for Cloud, either via agentless discovery and visibility for Kubernetes or the Defender agent.

Maxime.

Private Endpoint support for Malware Scanning in Defender for Storage

Hi!

I wanted to inform you that Private Endpoint support is now available as part of the Malware Scanning public preview in Defender for Storage. If you’re unfamiliar with the Malware Scanning feature in Defender for Storage, I highly recommend reading this informative blog post.

This exciting capability allows you to enable Malware Scanning on storage accounts that utilize private endpoints. By leveraging private endpoints, you can establish secure connectivity to your Azure Storage services, effectively eliminating any exposure to the public internet. This security measure aligns with the best practices for safeguarding your data.

If you already have Malware Scanning enabled on storage accounts with private endpoints, it’s important to note that you will need to disable and re-enable the plan with Malware Scanning for this new feature to work seamlessly.

Maxime.

Microsoft Defender for DevOps – Overview

Hi,

In today’s fast-paced software development landscape, security has become a top priority for DevOps teams. Security breaches can cause significant financial loss, damage to reputation, and loss of trust from customers. Microsoft Defender for DevOps is a comprehensive security solution designed to help DevOps teams build and deliver secure applications.

Microsoft Defender for DevOps is a cloud-based security solution that integrates with Azure DevOps and GitHub. It provides real-time security analysis of code, build artifacts, and deployment pipelines to detect potential security threats. Microsoft Defender for DevOps uses machine learning algorithms to analyze data and detect potential security vulnerabilities, providing a comprehensive defense against cyber attacks.

One of the key features of Microsoft Defender for DevOps is its ability to provide continuous security monitoring throughout the software development lifecycle. It can scan code repositories and identify potential security vulnerabilities in the codebase. It can also analyze build artifacts and identify potential security vulnerabilities that may have been introduced during the build process. By providing real-time security analysis, Microsoft Defender for DevOps helps DevOps teams identify and remediate potential security threats early in the development process, reducing the risk of security breaches.

Another key feature of Microsoft Defender for DevOps is its ability to provide compliance management. It can help DevOps teams to comply with industry standards such as HIPAA, PCI, and GDPR by providing continuous monitoring of security controls and generating compliance reports. Compliance reports can be generated for individual applications or across an entire organization, making it easy for DevOps teams to demonstrate compliance to auditors and regulators.

Microsoft Defender for DevOps also provides integration with other security tools, such as Microsoft Defender and Azure Sentinel. This integration provides a unified view of security across the organization, making it easier for DevOps teams to identify and remediate security threats.

In conclusion, Microsoft Defender for DevOps is a comprehensive security solution designed to help DevOps teams build and deliver secure applications. By providing continuous security monitoring throughout the software development lifecycle, compliance management, and integration with other security tools, Microsoft Defender for DevOps helps DevOps teams identify and remediate potential security threats early in the development process, reducing the risk of security breaches. By implementing Microsoft Defender for DevOps, organizations can take a proactive approach to cybersecurity and ensure that their applications are secure and compliant with industry standards.

Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction

Maxime.