Microsoft Defender for Cloud Adds Agentless Virtual Machine Malware Scanning -- Redmondmag.com

Microsoft Defender for Cloud Adds Agentless Virtual Machine Malware Scanning

By Kurt Mackie
01/18/2024

Microsoft announced on Thursday that it has added agentless malware scanning for servers hosting virtual machines.

The new agentless malware scanning capability is available to organizations that have Microsoft Defender for Servers Plan 2 subscriptions.

Agentless malware scanning was described as kind of an added security safeguard on top of using an agent-based endpoint detection and response tool. For instance, organizations may have security holes with older virtual machine setups or new setups, such as misconfigurations, or there may be security issues with temporary hosted workloads.

Here's how Microsoft characterized the need for agentless scanning, per this December "deep dive" announcement:

While traditional Endpoint Detection & Response security agent (EDR) offers unparalleled depth in threat prevention, detection and response, agentless scanning for cloud VMs stands out as a flexible, lightweight option, particularly effective for rapid deployment in new environments, temporary workloads, or for providing initial security coverage before EDR deployment. This approach is also ideal for managing legacy systems and diverse cloud assets, where installing agents might be impractical.

The new agentless malware scanning is automatically turned on for new Microsoft Defender for Servers Plan 2 subscribers. Existing subscribers would need to activate it, as described here.

Microsoft's agentless malware scanning works across virtual machines hosted on "Azure, AWS, and GCP cloud environments." It uses the Microsoft Defender Antivirus service to detect the malware. It's able to be agentless because all cloud service providers offer APIs for the operating system disks and data disks that are used with the virtual machines, per the "deep dive" announcement.

Microsoft was already using agentless scanning on virtual machines to detect "posture issues." Now, with this new malware scanning capability, it can detect threats to virtual machines as well.

"Onboarded VMs undergo a daily inspection, with MDAV [Microsoft Defender Antivirus] scans combining signature-based with heuristic methods to assess files," the announcement explained.

Organizations need Microsoft Defender for Cloud subscriptions to get the agentless malware virtual machine scanning protection. It will send "detailed alerts with context" to Microsoft Defender for Cloud users. Microsoft Defender XDR already has the new malware scanning capability since Microsoft Defender for Cloud alerts have been integrated with that product.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.