New Microsoft Security Suite Focuses on Cloud, Ransomware

Microsoft put the emphasis on security at Ignite 2022, launching Defender for DevOps and Defender Cloud Security Posture Management in public preview. The two offerings protect software development with runtime security across multicloud and multiple-pipeline environments. The company also touted improved protection tools for Windows and Office, beefing-up anti-ransomware capabilities for Microsoft 365 Defender, which now automatically repels attacks immediately on detection. To combat increasingly pervasive conditions like “tool sprawl” and “alert fatigue,” Microsoft combined six product lines into a single security portfolio.

In a blog post, Microsoft corporate VP of security, compliance, identity and privacy Vasu Jakkal says the company processes 43 trillion signals daily for more than 785,000 customers in 120 countries. That responsibility was the inspiration to offer simplified security management with built-in threat intelligence.

Microsoft Defender for Cloud is the result of combining what were previously two discrete products: Azure Security Center and Azure Defender. They were rebranded last year, before Microsoft “announced it was integrating with Amazon Web Services Inc.’s public cloud platform,” subsequently expanding its sphere of influence to include Google Cloud as well, SiliconANGLE writes.

“The new capabilities in Microsoft Defender for Cloud are designed to help organizations strengthen their cloud security posture by extending its threat protections across workloads, with integrated DevOps security now a staple of the offering.”

Defender for DevOps is completely new, providing “more visibility across DevOps environments, giving teams a way to centrally manage DevOps security while strengthening cloud resource configurations in code,” SiliconANGLE notes, adding it can also “help teams to prioritize the remediation of critical issues in code, across multicloud and multipipeline environments.”

Microsoft Defender Cloud Security Posture Management (known as Defender CSPM) “leverages AI algorithms to perform contextual risk analyses of software dev environments,” reports TechCrunch. Users can then create workflows that trigger automated remediation.

The service can be used to enable templates and container images “designed to minimize the chance that cloud misconfigurations reach production environments,” TechCrunch says. Agentless scanning is one convenience. Defender CSPM can “connect  the dots” by integrating feedback from Defender for DevOps, Microsoft Defender External Attack Surface Management (EASM), and workload protection solutions.

“Leveraging [insights] within Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows,” Microsoft CVP of cloud security Shawn Bice told TechCrunch.

“Instead of sifting through long lists of vulnerable resources, customers can use the attack path analysis built on the cloud security graph to help reduce recommendation noise by up to 99 percent so you can identify the most critical risk on the most important cloud resources along potential attack paths,” Jakkal says.

Microsoft 365 Defender “continuously collects and correlates signals across endpoints, documents, identities, emails and cloud applications,” SiliconANGLE reports, stating “it curates them as unified incidents so it can identify attacks early,” before serious damage is done. Ideally, this reduces or contains cyberattacks and makes recovery easier.

For more on the latest from Microsoft, visit the Ignite 2022 site.