Explain Cloud Workload Protections in Azure Defender (part 4 of 4)

 


To read part 1 please click here
To read part 2 please click here
To read part 3 please click here


Azure Defender for Resource Manager

Azure Resource Manager is the deployment and management service for Azure which provides a management layer that allows you to create, update, and delete resources in your Azure account as well as capable of automatically monitoring the resource management operations in your organization, even if  they are performed through the Azure portal, Azure REST APIs, Azure CLI, or the other Azure programmatic clients while simultaneously running advanced security analytics to detect threats and alert you about any suspicious activity.

What are the benefits of Azure Defender for Resource Manager?

Azure Defender for Resource Manager readily protects against issues including:
  • Suspicious resource management operations, such as the operations from suspicious IP addresses, disabling antimalware and suspicious scripts running in VM extensions.
  • Use of exploitation toolkits like Microburst or PowerZure.
  • Lateral movement from the Azure management layer to the Azure resources data plane.

Azure Defender for DNS

Azure DNS is a hosting service especially available for the DNS domains that offers name resolution by using Microsoft Azure infrastructure and at the same time provides an extra layer of protection for your cloud resources by:
  • Continuously monitoring all the DNS queries from your Azure resources.
  • Running advanced security analytics to alert you about any suspicious activity.

What are the benefits of the Azure Defender for DNS?

Azure Defender for DNS protects against the following issues:
  • Data exfiltration from your Azure resources using DNS tunneling
  • Malware communicating with C&C server
  • Communication with malicious domain as phishing and crypto mining
  • DNS attacks- communication with the malicious DNS resolvers

Azure Defender for Kubernetes

Azure Kubernetes Service (AKS) is the Microsoft's managed service for developing, deploying, and managing containerized applications. You should enable Azure Defender for kubernetes to detect threat for your kubernetes clusters as well as for Host-level threat detection of your Linux AKS nodes.

What are the benefits of Azure Defender for Kubernetes?

Security Center provides threat protection at different levels:

  • Host level (provided by Azure Defender for servers)- The Log Analytics agent that Security Center uses on the other VMs is used by  Azure Defender to monitor your Linux AKS nodes for any suspicious activities, such as web shell detection and connection with known suspicious IP addresses. The agent also monitors for container-specific analytics such as privileged container creation, suspicious access to API servers, and Secure Shell (SSH) servers running inside a Docker container.

  • If you don't want to install the agents on your hosts, you will only receive a subset of the threat protection benefits and security alerts but you'll still be able to receive alerts related to the network analysis and communications with malicious servers.

  • AKS cluster level (provided by Azure Defender for kubernetes)- At the cluster level, the threat protection is based on analyzing kubernetes' audit logs and to enable this agentless monitoring, you have to enable Azure Defender. To generate alerts at this level, Security Center monitors your AKS-managed services using logs retrieved by AKS.     

Azure Defender for Container Registries

Azure Container Registry (ACR) is a managed, private Docker registry service that stores and manages your container images for Azure deployments in a central registry and you should enable Azure Defender to protect all the Azure Resource Manager based registries in your subscription, enable Azure Defender for container registries at the subscription level. Security Center will scan the images that are pushed to the registry, imported into the registry, or any images pulled within the last 30 days. This feature is charged per image. 

What are the benefits of Azure Defender for Container Registries?

Azure Defender for Container Registries includes a vulnerability scanner to scan images in your Azure Resource Manager-based Azure Container Registry registries and provide deeper visibility into your images' vulnerabilities. The integrated scanner is powered by Qualys, the industry-leading vulnerability scanning vendor. 

When issues are found by Qualys or Security Center, you'll get notified in the Security Center dashboard which provides all the actionable recommendations for every vulnerability, along with a severity classification and guidance for how to remediate the issue.


To read part 1 please click here
To read part 2 please click here
To read part 3 please click here

Comments

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

Deployment (Part 3)

Project Resourcing (Part 2)