Defender Cloud Security Posture Management (CSPM): Preview
Currently, Defender Cloud Security Posture Management (CSPM) is in public preview.
What is CSPM
Cloud security posture management(CSPM)is the process of continuously monitoring and assessing the security posture of cloud resources that detects/identify vulnerability, misconfiguration, and other security threats and issues. It also provides possible remediation to fix them and make the cloud resources secure and compliant. Microsoft Defender for Cloud(old Azure Security Center) is an example of the CSPM tool. All the cloud provider has their own CSPM tool to secure the cloud resources.
You might have observed these two plans in Defende for Cloud. Foundational is free and it was there from the very beginning. Defender CSPM is free during the preview.
Foundational CSPM
Below is the capability of Foundational CSPM which is primarily focused on detecting misconfiguration of cloud resources and suggesting remediation.
Defender CSPM
Below are the capabilities of Defender CSPM. A few are new features but some are old. It seems Microsft is reorganizing these features under this umbrella.
Agentless vulnerability scanning is a new one and it looks interesting. Official words on this as below.
"While agent-based methods use OS APIs in runtime to continuously collect security-related data, agentless scanning for VMs uses cloud APIs to collect data. Defender for Cloud takes snapshots of VM disks and does an out-of-band, deep analysis of the OS configuration and file system stored in the snapshot. The copied snapshot doesn't leave the original compute region of the VM, and the VM is never impacted by the scan."
In Defender for Cloud, there is a new tab named 'Cloud Security Explorer(preview)' which provides interactive queries. We need to enable Defender CSPM to work these features.
Use template
There are many predefined templates that we can use. It gives a good start.
When we click on the template then it will create the query automatically. We can change the query as per the need.
Another example, we choose Internet exposed VMs template. It is showing all the VMs that has exposed to the internet.
We can make our own query using the query builder.
Conclusion
Agentless vulnerability scanning and Cloud security explorer are really good improvements to the Defender for cloud suits.
Hope this was helpful, contact me on Twitter @sakaldeep for any queries.