News
Microsoft Defender for Cloud adds Google Cloud Protection
Microsoft on Wednesday announced a bunch of security product enhancements at the preview stage.
One of the highlights is that its cloud security management service, Microsoft Defender for Cloud, will now secure workloads and configurations for Google Cloud Platform (GCP) users.
Other security tooling advances, now at preview, include CloudKnox Permissions Management for tracking human and machine identities, plus anomalous workload detections in the Azure Active Directory Identity Protection service. Microsoft Sentinel, Microsoft's "security information and event management" solution, is getting new Basic Logs and Archived Log options. Microsoft also previewed a new Azure payment processing service.
All of these security product announcements appear to be a prelude to Microsoft's Feb. 24 "What's Next in Security" online presentation (sign-up here).
Microsoft Defender for Cloud GCP Preview
Microsoft added support for GCP in Microsoft Defender for Cloud, which is now at the preview stage. GCP support was added because organizations are implementing multicloud models, Microsoft indicated. Such support is unique to the Microsoft Defender for Cloud product, Microsoft claimed.
"With GCP support, Microsoft is now the only cloud provider with native multicloud protection for the industry's top three platforms: Microsoft Azure, Amazon Web Services (AWS) (announced at Ignite last November), and now Google Cloud Platform (GCP)," said Vasu Jakkal, corporate vice president for security, compliance, identity and management at Microsoft, in the announcement.
Microsoft Defender for Cloud is a recently renamed product that combines Azure Security Center and Azure Defender capabilities. It provides cloud workload protections and cloud configuration checks for multicloud and "hybrid" environments (cloud plus premises), and is deemed to be a "cloud security posture management" product by Microsoft..
Microsoft Defender for Cloud's added support for GCP will let IT pros configure "GCP environments in line with key security standards like the Center for Internet Security (CIS) benchmark," said Jakkal. It'll have more than 80 out-of-the-box recommendations that can be immediately rolled out to secure GCP.
CloudKnox Permissions Management Preview
Microsoft also had some news concerning its CloudKnox acquisition. Its CloudKnox Permissions Management solution, which aims at helping enterprises strengthen their zero trust security efforts in multicloud environments, is now in public preview.
Microsoft had announced the acquisition of CloudKnox back in July. It's a "cloud infrastructure entitlement management" solution that can show information about machine and human identities and activities associated with cloud services. CloudKnox Permissions Management will help IT reign in the growing problem of managing permissions and identities in a time when working from home is on the rise.
"CloudKnox provides complete visibility into user and workload identities across clouds, with automated features that consistently enforce least privilege access and use machine learning-powered continuous monitoring to detect and remediate suspicious activities," said Jakkal.
Azure Active Directory Identity Protection for Workloads Preview
The Azure AD Identity Protection service can now extend identity safeguards to apps and service workloads with a new workloads preview.
The workloads preview will flag things like "anomalous application behavior, including suspicious login patterns and directory changes," explained Alex Weinert, director of identity security at Microsoft, in the announcement. IT pros can set Azure AD Conditional Access policies to address such anomalous workloads.
These kinds of workloads aren't necessarily associated with end users. They might be better conceived as software or services workloads, Weinert explained:
As businesses shift to cloud computing, organizations are deploying software workloads (e.g., apps, services, or scripts) that access cloud resources. These have workload identities in Azure AD -- applications, managed identities, and service principals.
Anomalous workloads are typically associated with attackers trying to move laterally in computing environments, and so Microsoft is enabling their detections with the new preview.
Microsoft Sentinel New Log Options
Microsoft added two new log options to Microsoft Sentinel, called "Basic" and "Archived," according to an announcement.
Basic Logs allow Microsoft's cloud-native security information and event management tool "to sift through high volumes of data and find high-severity, low-visibility threats." It's conceived of as a lower cost option for handling large data sets.
Archived Logs add the ability to retain Basic Log data and Analytics Log data for up to seven years "at very low cost," according to Microsoft.
Microsoft Sentinel is also getting bolstered with MITRE ATT&CK techniques. It's getting log ingestion integration with Azure Purview for monitoring data stores within Azure and "Amazon resources, like Amazon S3."
Microsoft Sentinel is also getting integration with SAP data via "a public preview of SAP solutions User Master Data capability." Microsoft has also created a "new unified GitHub community" for security operations center teams, which lets them find "the latest hunting queries and analytics for Microsoft Sentinel and Microsoft Defender."
Microsoft Azure Payment HSM Service Preview
Microsoft has a new service for payment card issuers and payment processors that's now in public preview in its Azure East US and North Europe regions.
The new Microsoft Azure Payment HSM service protects cryptographic keys and customer PINs for secure payment transactions. The "HSM" abbreviation refers to the hardware security modules used by payment processors. Microsoft's new service (in preview) offers a way for payment processors to move from "legacy on-premises applications and hardware security modules (HSM) to a cloud-based infrastructure that is not generally under their direct control," Microsoft explained.
Microsoft's solution leverages technologies from Thales, including the Thales payShield 10K payment HSMs, which are used in the cryptographic key operations associated with payment transactions that occur in the Azure cloud. The Thales payShield Manager is used by Microsoft for "secure remote access to the HSMs." Microsoft claims its new solution complies with Payment Card Industry requirements.