Defender for Azure Cosmos DB Preview Announced by Microsoft
Microsoft Defender for Cloud users are getting a preview of Microsoft Defender for Azure Cosmos DB, per a Tuesday Microsoft announcement.
Organizations can use this Microsoft Defender for Azure Cosmos DB preview to protect workloads against "the most common attack techniques and known bad actors," the announcement explained.
Azure Cosmos DB is an Azure datacenter-hosted and fully managed NoSQL nonrelational database service, typically used with applications. It's subject to attacks unique to its database type, the announcement argued, and so Microsoft Defender for Azure Cosmos DB is adding an "Azure-native layer of security" to detect those kinds of attack behaviors.
Various threats can be detected by Microsoft Defender for Azure Cosmos DB. Microsoft suggested that it is "commonly known" that Azure Cosmos DB is subject to SQL injection attacks, where a query is input into a text box to carry out backend manipulations. These kinds of attacks get detected by the security solution, Microsoft contended.
Microsoft Defender for Azure Cosmos DB will also detect and block attempts to extract account access keys. It also checks for suspicious behaviors suggesting "compromised identities, leaked keys, or malicious insiders."
The threats get detected using a combination of "Microsoft Threat Intelligence, the Microsoft Defender SQL query analysis engine and Microsoft Defender behavioral models," Microsoft explained.
Organizations get access to Microsoft Defender for Azure Cosmos DB through the Microsoft Defender for Cloud service, which is designed to strengthen the security posture of workloads in multicloud and "hybrid" (cloud plus premises) environments. Microsoft Defender for Cloud is a newly renamed product that combines the Azure Security Center and Azure Defender products.
Microsoft recently added Google Cloud Platform support to Microsoft Defender for Cloud at the preview stage.
Protection for Azure Cosmos DB and other database types using Microsoft Defender for Cloud can be enabled by "a single click" using the Azure Portal. Microsoft described how to make that happen in this document.
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.