Defender Cloud Security Posture Management (CSPM): Preview

Sakaldeep Yadav

Mar 12, 2023 • 3 min read

Currently, Defender Cloud Security Posture Management (CSPM) is in public preview.

What is CSPM

Cloud security posture management(CSPM)is the process of continuously monitoring and assessing the security posture of cloud resources that detects/identify vulnerability, misconfiguration, and other security threats and issues. It also provides possible remediation to fix them and make the cloud resources secure and compliant. Microsoft Defender for Cloud(old Azure Security Center) is an example of the CSPM tool. All the cloud provider has their own CSPM tool to secure the cloud resources.

You might have observed these two plans in Defende for Cloud. Foundational is free and it was there from the very beginning. Defender CSPM is free during the preview.

Foundational CSPM

Below is the capability of Foundational CSPM which is primarily focused on detecting misconfiguration of cloud resources and suggesting remediation.

Defender CSPM

Below are the capabilities of Defender CSPM. A few are new features but some are old. It seems Microsft is reorganizing these features under this umbrella.

Agentless vulnerability scanning is a new one and it looks interesting. Official words on this as below.

"While agent-based methods use OS APIs in runtime to continuously collect security-related data, agentless scanning for VMs uses cloud APIs to collect data. Defender for Cloud takes snapshots of VM disks and does an out-of-band, deep analysis of the OS configuration and file system stored in the snapshot. The copied snapshot doesn't leave the original compute region of the VM, and the VM is never impacted by the scan."

In Defender for Cloud, there is a new tab named 'Cloud Security Explorer(preview)' which provides interactive queries. We need to enable Defender CSPM to work these features.