Microsoft Defender for Cloud Adds Agentless Virtual Machine Malware Scanning
Microsoft announced on Thursday that it has added agentless malware scanning for servers hosting virtual machines.
The new agentless malware scanning capability is available to organizations that have Microsoft Defender for Servers Plan 2 subscriptions.
Agentless malware scanning was described as kind of an added security safeguard on top of using an agent-based endpoint detection and response tool. For instance, organizations may have security holes with older virtual machine setups or new setups, such as misconfigurations, or there may be security issues with temporary hosted workloads.
Here's how Microsoft characterized the need for agentless scanning, per this December "deep dive" announcement:
While traditional Endpoint Detection & Response security agent (EDR) offers unparalleled depth in threat prevention, detection and response, agentless scanning for cloud VMs stands out as a flexible, lightweight option, particularly effective for rapid deployment in new environments, temporary workloads, or for providing initial security coverage before EDR deployment. This approach is also ideal for managing legacy systems and diverse cloud assets, where installing agents might be impractical.
The new agentless malware scanning is automatically turned on for new Microsoft Defender for Servers Plan 2 subscribers. Existing subscribers would need to activate it, as described here.
Microsoft's agentless malware scanning works across virtual machines hosted on "Azure, AWS, and GCP cloud environments." It uses the Microsoft Defender Antivirus service to detect the malware. It's able to be agentless because all cloud service providers offer APIs for the operating system disks and data disks that are used with the virtual machines, per the "deep dive" announcement.
Microsoft was already using agentless scanning on virtual machines to detect "posture issues." Now, with this new malware scanning capability, it can detect threats to virtual machines as well.
"Onboarded VMs undergo a daily inspection, with MDAV [Microsoft Defender Antivirus] scans combining signature-based with heuristic methods to assess files," the announcement explained.
Organizations need Microsoft Defender for Cloud subscriptions to get the agentless malware virtual machine scanning protection. It will send "detailed alerts with context" to Microsoft Defender for Cloud users. Microsoft Defender XDR already has the new malware scanning capability since Microsoft Defender for Cloud alerts have been integrated with that product.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.