News

Microsoft Offering New Defender Vulnerability Management Standalone Product

New "Standalone" product has premium capabilities to address security vulnerabilities and misconfigurations across endpoints and cloud workloads.

• By Kurt Mackie
• 08/10/2023

Microsoft this week announced multiple improvements across its enterprise-grade security products.

The improvements included Google Cloud Platform support in Microsoft Defender for Cloud (coming on Aug. 15), the ability of Microsoft Defender for Storage to scan for malware (starting in Sept. 1) and the availability of a new Microsoft Defender Vulnerability Management "Standalone" product.

Defender Vulnerability Management Standalone
The Microsoft Defender Vulnerability Management service now has a "Standalone" product addition, per a Wednesday announcement. It's said to be available, presumably meaning "general availability" (GA) commercial release, although Microsoft steers clear of such language with this product. The Standalone product is priced at $3 per user per month.

Defender Vulnerability Management offers discovery, risk-based prioritization and remediation of security vulnerabilities and misconfigurations across "endpoints and cloud workloads," per its product page description. It previewed last year, but has been available as an Add-On license for Defender for Endpoint Plan 2 users since March. The Add-On to Defender for Endpoint Plan 2 is priced at $2 per user per month.

The Standalone Microsoft Defender Vulnerability Management product offers "core capabilities" plus "premium capabilities." Defender for Endpoint Plan 2 users must purchase the Add-On to get the premium capabilities, which include things like security baseline assessment, blocking vulnerable apps, digital certificate assessment and more.

The following chart in Microsoft's Wednesday announcement shows the Microsoft Defender Vulnerability Management Standalone capabilities and licensing options:

Malware Scanning in Microsoft Defender for Storage
Microsoft Defender for Storage will get the ability to scan for malware at the GA stage starting in September. This capability will be offered as an Add-On, "priced at $0.15 (USD) per GB of data scanned," per this Wednesday Microsoft announcement.

It's necessary to scan cloud storage because it "can be an effective attack vector for malicious actors to upload and distribute malware," according to Vasu Jakkal, corporate vice president for security, compliance, identity and management at Microsoft, in the announcement. This solution is particularly optimized to check for malware in "Microsoft Azure Blob Storage in near real time when content is uploaded," she added. The content is automatically scanned in memory (not stored by Microsoft), with "agentless detection."

Malicious files can be blocked, quarantined or deleted. A security alert gets automatically triggered for security operations center personnel.

Microsoft Defender for Cloud and GCP Support
Microsoft is expanding support for the Google Cloud Platform (GCP) in its Microsoft Defender for Cloud product.

On Aug. 15, Microsoft plans to add its "advanced agentless scanning, data-aware security posture, cloud security graph, and attack path analysis capabilities to GCP," according to Jakkal. Also, Microsoft will be "extending our sensitive data discovery capabilities to GCP Cloud Storage."

Here's how Jakkal characterized those GCP support additions in Defender for Cloud:

With this advancement, customers will be able to discover all their GCP Cloud Storage buckets, identify more than 100 sensitive information types, and assess their data security posture through cloud security graph queries and attack path analysis. Now customers can identify potentially sensitive data exposure risks across Azure, AWS, and GCP storage resources and harden their multicloud data security posture.

The expanded GCP support in Defender for Cloud also will let users scan for "vulnerabilities and hidden secrets in Google Compute Instances," Microsoft indicated.

Additionally, the Microsoft Cloud Security Benchmark tool now supports GCP at the preview stage. The Microsoft Cloud Security Benchmark is free tool for Microsoft Defender for Cloud users, with more than 120 built-in assessments for GCP. This security "best practices" assessment tool also works with Microsoft Azure and Amazon Web Services clouds.

Other Cloud Security Perks
Microsoft shared lots more news this week about its security products advancements.

Microsoft Defender Cloud Security Posture Management (CSPM), used to find misconfigurations and compliance risks, now has an "agentless container posture management" capability that reached the GA stage. The ability of Defender CSPM to scan container images is at the public preview stage.

Microsoft also previewed the ability to conduct vulnerability assessments of containers using Defender for Containers, which is "powered by Defender Vulnerability Management."

If that weren't enough, Microsoft announced on Wednesday that Microsoft Sentinel, its security information and event management service, now has access to solutions for Exchange Online and Exchange Server that can be used for "better detecting threats and misconfigurations of your Exchange environment."

Notices
Microsoft also gave notice this week that its text-based Azure Serial Console, used to connect serial ports for virtual machines or virtual machine scale set instances, can be abused by attackers. "Azure Serial Console is very leveraged to circumvent security features and that’s precisely the reason why it's a sweet target for adversaries," the announcement explained.

Organizations should monitor the Azure Serial Console's use and lock it down. They can also use the Just in time access (JIT) feature of Microsoft Defender for Cloud as a security measure.

The Microsoft Security Response Center (MSRC) also indicated this week that it is updating how it classifies vulnerabilities associated with artificial intelligence (AI) systems. Three categories are being added to aid security researchers. The vulnerabilities can be induced by using or abusing the AI.

The three "top-level" AI security vulnerability categories that the MSRC is adding are "inference manipulation" through commands or inputs, "model manipulation" by "poisoning" the model or the data, and "inferential information disclosure." The latter vulnerability is exploited to "infer information about the model's training data, architecture and weights."