As always, security was at the forefront of Microsoft Corp. at the forefront today at Ignite 2022, with its extensive range of product updates arriving alongside several new features aimed at helping organizations better protect their data and applications.
The focus of today’s security updates from the software and cloud giant was Microsoft Defender for Cloud, the company’s multicloud security offering that extends protection beyond Microsoft Azure to other cloud platforms.
Microsoft Defender for Cloud previously consisted of two separate products, Azure Security Center and Azure Defender. It is designed to provide advanced threat protection in hybrid cloud environments. The company rebranded the platform last year before announcing integration with Amazon Web Services Inc.’s public cloud platform. Since then it has also been integrated with Google Cloud.
The new capabilities in Microsoft Defender for Cloud are designed to help organizations strengthen their cloud security posture by extending threat protection across workloads, with built-in DevOps security now an integral part of the offering.
Microsoft Defender for DevOps is an all-new offering aimed at providing more visibility into DevOps environments and empowering teams to centrally manage DevOps security while strengthening cloud resource configurations in code. Additionally, it can help teams prioritize fixing critical issues in code across multicloud and multipipelined environments. Microsoft Defender for DevOps is now in preview and supports GitHub, Azure DevOps at launch and will soon expand its capabilities to others.
Also in preview, Microsoft is launching Defender Cloud Security Posture Management, a new tool that promises to deliver integrated security insights across cloud resources, including DevOps environments, runtime infrastructure, and external attack surfaces. Defender CSPM provides proactive attack path analysis that builds on the new cloud security graph, Microsoft said, and is designed to help identify the most exploitable resources across connected workloads.
Other new features in Microsoft Defender for Cloud include the new Cloud Security Benchmark, a comprehensive multicloud security framework that maps cloud best practices and industry-specific frameworks to ensure multicloud security compliance. The advanced workload protection capabilities now include support for agentless scanning alongside the existing agent-based approach for virtual machines running on Azure and AWS.
Microsoft 365 Defender
Microsoft’s suite of protection tools for Windows, Office, and other essential software has received new anti-ransomware capabilities. The company said Microsoft 365 Defender now automatically interrupts ransomware attacks as soon as they are detected.
This is possible thanks to the way Microsoft 365 Defender continuously collects and correlates signals across endpoints, documents, identities, email and cloud applications. It curates them as unified incidents so attacks can be detected early, before damage is done, with high confidence.
As the company explains, time is of the essence in ransomware attacks. As such, there should be great benefit from Microsoft 365 Defender’s newfound ability to automatically include impacted assets such as user identities or endpoints. In this way, it can prevent ransomware from spreading laterally, greatly reducing the damage caused by an attack and making it easier for a business to recover.
Microsoft Entra Identity Governance
Microsoft Entra Identity Governance is now in preview and is a brand new offering within its secure identity and access management product, Microsoft Entra. According to the company, it will help organizations ensure the right people have access to the right resources at the right time. In other words, it’s a comprehensive identity governance product for both on-premises and cloud-based user directories, designed to help organizations simplify operations, consolidate multiple identity solutions, and support regulatory compliance.
Its features include lifecycle workflows that automate repetitive tasks, connections to on-premises resources to ensure consistent policies for all users, and segregation of duties in permissions management to ensure compliance.
Microsoft Entra itself is also updated. One of the new features is Workload Identities, a tool for managing and securing identities for digital workloads such as applications and services, which also controls access to cloud resources. It enables customers to create risk-based conditional access policies, detect and respond to compromised workload identities, and enforce access controls to enforce least privilege access.
Another new feature is certificate-based authentication, a new multi-factor authentication method compliant with the US Executive Order on Cybersecurity, now in preview. Businesses can adopt easy-to-deploy and phishing-resistant authentication, Microsoft said.
Finally, Microsoft Entra gets new capabilities around the authentication context for Conditional Access, allowing customers to set access policies at a more granular level, including the specific actions a user takes within an application. Now generally available, this feature gives organizations the ability to require advanced authentication when making a key change or accessing sensitive data within a mission-critical app.
Image: Microsoft
Show your support for our mission by joining our community of experts, Cube Club and Cube Event. Join the community that includes Andy Jassy, CEO of Amazon Web Services and Amazon.com, Michael Dell, Founder and CEO of Dell Technologies, Pat Gelsinger, CEO of Intel, and many more luminaries and experts.
#Ignite #DevOps #ransomware #protection #center #stage #Microsofts #security #updates #SiliconANGLE
Leave a Comment