Catégorie : Microsoft Defender for Cloud

Microsoft Defender for DevOps – Overview

Hi,

In today’s fast-paced software development landscape, security has become a top priority for DevOps teams. Security breaches can cause significant financial loss, damage to reputation, and loss of trust from customers. Microsoft Defender for DevOps is a comprehensive security solution designed to help DevOps teams build and deliver secure applications.

Microsoft Defender for DevOps is a cloud-based security solution that integrates with Azure DevOps and GitHub. It provides real-time security analysis of code, build artifacts, and deployment pipelines to detect potential security threats. Microsoft Defender for DevOps uses machine learning algorithms to analyze data and detect potential security vulnerabilities, providing a comprehensive defense against cyber attacks.

One of the key features of Microsoft Defender for DevOps is its ability to provide continuous security monitoring throughout the software development lifecycle. It can scan code repositories and identify potential security vulnerabilities in the codebase. It can also analyze build artifacts and identify potential security vulnerabilities that may have been introduced during the build process. By providing real-time security analysis, Microsoft Defender for DevOps helps DevOps teams identify and remediate potential security threats early in the development process, reducing the risk of security breaches.

Another key feature of Microsoft Defender for DevOps is its ability to provide compliance management. It can help DevOps teams to comply with industry standards such as HIPAA, PCI, and GDPR by providing continuous monitoring of security controls and generating compliance reports. Compliance reports can be generated for individual applications or across an entire organization, making it easy for DevOps teams to demonstrate compliance to auditors and regulators.

Microsoft Defender for DevOps also provides integration with other security tools, such as Microsoft Defender and Azure Sentinel. This integration provides a unified view of security across the organization, making it easier for DevOps teams to identify and remediate security threats.

In conclusion, Microsoft Defender for DevOps is a comprehensive security solution designed to help DevOps teams build and deliver secure applications. By providing continuous security monitoring throughout the software development lifecycle, compliance management, and integration with other security tools, Microsoft Defender for DevOps helps DevOps teams identify and remediate potential security threats early in the development process, reducing the risk of security breaches. By implementing Microsoft Defender for DevOps, organizations can take a proactive approach to cybersecurity and ensure that their applications are secure and compliant with industry standards.

Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-devops-introduction

Maxime.

Malware Scanning for Defender for Storage

Hi,

The malware scanning feature in Microsoft Defender for Storage scans files stored in Azure Blob Storage and Azure Files to detect and remove malware. The scanning process is automatic and continuous, ensuring that your data is always protected. When malware is detected, Microsoft Defender for Storage takes action to remove the threat and prevent it from spreading to other files or systems.

Microsoft Defender for Storage supports both real-time and on-demand scanning. Real-time scanning is performed automatically when files are uploaded to Azure Blob Storage or Azure Files. On-demand scanning can be initiated manually through the Azure portal or using PowerShell scripts. On-demand scanning is useful for detecting and removing malware that may have evaded real-time scanning or for scanning files that have been in storage for some time.

Microsoft Defender for Storage provides detailed reporting and alerts when malware is detected. Reports are available through the Azure portal and provide detailed information on the type of malware detected, the location of the infected files, and the actions taken to remove the threat. Alerts can be configured to notify security teams when malware is detected, allowing them to take immediate action to protect your data.

Limitations:

  • Legacy v1 storage accounts aren’t supported
  • Azure Files isn’t supported for Malware Scanning
  • Client-side encrypted blobs aren’t supported (they can’t be decrypted before scan by the service). [data encrypted at rest by CMK is supported].
  • File size limit is 2 GB
  • The “capping” mechanism is currently not functional. You can set your limitations now, and they’ll set in when “capping” starts working.
  • Malware Scanning scan throughput rate limit per-storage-account – 2GB/min
  • Uploading in a higher rate results in a slow-down scan – files are scanned later
  • Index tag scan result isn’t supported in storage account with Hierarchical namespace enabled (Azure Data Lake Storage Gen2)
  • Append and Page blobs aren’t supported for Malware Scanning.

Source: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan

Maxime.

New alert in Azure Defender for Key Vault

Hi!

Azure Defender for Key Vault has the following new alert:

Alert (alert type)DescriptionMITRE tacticsSeverity
Denied access from a suspicious IP to a key vault
(KV_SuspiciousIPAccessDenied)
An unsuccessful key vault access has been attempted by an IP that has been identified by Microsoft Threat Intelligence as a suspicious IP address. Though this attempt was unsuccessful, it indicates that your infrastructure might have been compromised. We recommend further investigations.Credential AccessLow

You can see a list of all of the alerts available for Key Vault.

Maxime.