As the world adapts to work remotely, security becomes a crucial issue that poses a great challenge to businesses. The threat landscape is constantly evolving and the attack surfaces are ever wider, something that compromises IT departments, which must strive to face threats with multiple solutions that are often not well integrated, nor interconnected. and what is worse, they are not complete enough.
To meet this need, Microsoft offers Microsoft Defender , a set of security solutions that prevent, detect and respond to advanced threats, providing companies with complete visibility and coordinated defense. It is divided into two families:
- Microsoft 365 Defender for End User Environments is an integrated set of solutions that prevent, detect, and respond to sophisticated threats and attacks on identities, teams, cloud applications, email, and documents.
- Azure Defender It is an evolution of Azure Security Center with threat protection capabilities to protect infrastructures wherever they are, including virtual machines, databases, containers, IoT and much more, whether they are hosted in the hybrid cloud (Azure and / or other clouds) as if they still reside in a classic on-premises datacenter.
In the previous article we went into detail on Microsoft 365 Defender and in this article we are going to explain how Azure Defender helps.
The solution to protect your workloads in the cloud
With Azure Defender, integrated with Azure Security Center, you get an additional layer of security with which you can protect your workloads hosted in any cloud and / or on-premises against the most advanced threats, such as attacks from brute force remote desktop protocol (RDP) or SQL injection attacks. Also, with Azure Defender you can optimize your security with artificial intelligence and automation.
Azure Defender console built into Azure Security Center
What types of resources does Azure Defender protect?
Azure Defender unifies security management for different types of workloads within Azure Security Center by providing comprehensive defenses on the following types of resources:
- Azure Defender for Servers: Advanced protection and threat detection for Windows and Linux machines including machine learning technology and vulnerability assessment analysis on virtual machines.
- Azure Defender for App Service: Identifies attacks targeting web applications running through App Service, constantly scanning applications for potential vulnerabilities.
- Azure Defender for Storage: This is a native Azure security intelligence layer that detects unusual and potentially dangerous attempts to access or breach storage accounts. It uses advanced security artificial intelligence and Microsoft Threat Intelligence capabilities to deliver contextual security alerts and recommendations.
- Azure Defender for SQL: Extend the Azure Security Center data security suite to protect your databases and data wherever it is, hosted in Azure virtual machines, on-premises, or in other clouds.
- Azure Defender for Kubernetes – Azure Kubernetes Service (AKS) is a Microsoft-managed service that enables you to develop, deploy, and manage containerized applications. Azure Defender provides environment hardening, workload protection, and runtime protection.
- Azure Defender for Container Logs: Container image scanning for potential vulnerabilities and generating security recommendations to avoid threats.
- Azure Defender for Key Vault: Azure Key Vault is a cloud service that protects encryption keys and secrets, such as certificates, connection strings, and passwords. Azure Defender provides an additional layer of security intelligence for this service.
- Azure Defender for Resource Manager: Azure management and deployment service that enables the creation and updating of all the resources in your Azure account. Azure Defender automatically monitors resource management operations for any organization, regardless of whether they occur through the Azure portal, Azure REST APIs, Azure CLI, or other Azure scheduling clients.
- Azure Defender for DNS: Provides an additional layer of protection for cloud resources by continuously monitoring all DNS queries from your Azure resources and running advanced security analysis to alert when suspicious activity is detected.
- Azure Defender for IoT: Threat detection and analysis in IoT environments and Azure IoT solution, providing an inventory of resources and functionalities for vulnerability management and threat detection on all IoT devices.
In addition to defending your Azure environment, you can add Azure Defender capabilities to protect non-Azure server workloads and virtual machines from other clouds (such as AWS and GCP)
Security alerts integrated with Azure Sentinel
The Microsoft Defender threat protection suite, Microsoft 365 Defender and Azure Defender, are integrated with Azure sentinel, Microsoft’s security information and event management tool. With Azure Sentinel, you can bring all Microsoft Defender security analysis together in a single, unified view, reducing complexity and increasing visibility so your IT team can see what matters, and when it matters.
In the case of Azure Defender, when it detects a threat in any of the areas of the environment, it generates a security alert that contains the details of the affected resources, suggested remediation steps and, in some cases, an option to trigger an application logic as an answer.
In conclusion, Azure Defender provides unified, intelligent, and automated security to enable businesses to gain threat visibility – a critical security capability that every organization must have. Additionally, Microsoft Defender’s unified end-to-end protection is key to increasing resilience and preventing attacks.
At Softeng, we are committed to providing solutions to our clients and offering them our experience in this area, so we encourage you to follow our blog where we will continue to inform you about the security tools and solutions that we can offer you.
Do you want to know more about Azure Defender? Contact us!