New cloud-native breadth threat protection capabilities in Azure Defender

As the world adapts to working remotely, the threat landscape is constantly evolving, and security teams struggle to protect workloads with multiple solutions that are often not well integrated nor comprehensive enough. This results in serious threats avoiding detection, as well as security teams suffering from alert fatigue.

Azure Defender helps security professionals with an integrated experience to meet your cloud workload protection needs spanning virtual machines, SQL, storage, containers, IoT, Azure network layer, Azure Key Vault, and more.

Today we are excited to announce we are adding two new protections with the preview of Azure Defender for Resource Manager and Azure Defender for DNS, cloud-native breadth threat protection solutions. These new protections continue to improve your resiliency against attacks from bad actors and increase the number of Azure resources protected by Azure Defender significantly.

Azure Defender for Resource Manager

Azure Resource Manager is the deployment and management service for Azure. It enables the creation and updating of all resources in your Azure account, with features, like access control, locks, and tags.

The cloud management layer is a crucial service-connected to all your cloud resources. Because of this, it is also a potential target for attackers. Consequently, we recommend security operations teams monitor the Resource Manager layer closely.

Azure Defender for Resource Manager will automatically monitor all resource management operations performed in your organization whether they are performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. Defender runs advanced security analytics to detect threats and alert you when suspicious activity occurs.

Figure 1: Azure Defender for Resource Manager monitors resource management operations to protect your Azure environment.

Azure Defender for Resource Manager protects against issues including:

• Suspicious resource management operations, such as operations from suspicious IP addresses, disabling antimalware and suspicious scripts running in virtual machine extensions.
• Use of exploitation toolkits like Microburst or PowerZure.
• Lateral movement from the Azure management layer to the Azure resources data plane.

Learn more about Azure Defender for Resource Manager.

Azure Defender for DNS

Azure Defender for DNS provides an additional layer of protection for your cloud resources by continuously monitoring all DNS queries from your Azure resources and runs advanced security analytics to alert you when suspicious activity is detected.

Azure Defender for DNS protects against issues including:

• Data exfiltration from your Azure resources using DNS tunneling.
• Malware communicating with command and control server.
• Communication with malicious domains as phishing and crypto mining.
• DNS attacks—communication with malicious DNS resolvers.

Learn more about Azure Defender for DNS.

Get started for free today

Protect your entire Azure environment with a few clicks and enable Azure Defender for Resource Manager and Azure Defender for DNS. Both offerings are free during the preview period. Turn Azure Defender on now.

To learn more about Microsoft Security solutions and our Integrated Threat protection solution visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

READ MORE HERE