azure:az-500:alt:microsoft_defender_for_cloud

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:az-500:alt:microsoft_defender_for_cloud [2022/09/06 23:01] – [Defender for Servers] mmuzeazure:az-500:alt:microsoft_defender_for_cloud [2023/03/02 16:20] (current) – [Enhanced Security Features] mmuze
Line 3: Line 3:
  
   * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**.   * **Microsoft Defender for Cloud** was previously known as **Azure Security Center**.
-  * The free tier provides the //Secure Score// and related tools.+  * The **//free/basic tier//** provides the //Secure Score//, continuous assessment and security recommendations. 
 +  * The **//paid tier//** is the **//enhanced security//** tier.
  
 Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises, continually assess, secure and defend. Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises, continually assess, secure and defend.
  
   * Defender continuously assesses the security posture of environments and their resources and produces a score (based on the **Azure Security Benchmark**) for it.   * Defender continuously assesses the security posture of environments and their resources and produces a score (based on the **Azure Security Benchmark**) for it.
-      * **Security** Posture assessment how well and environment is hardened against attacks.+      * **Security Posture assessment** shows how well an environment is hardened against attacks.
       * There is also **threat detection** capability that uses real-time signals to detect threats.       * There is also **threat detection** capability that uses real-time signals to detect threats.
   * Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats.   * Defender is about identifying security vulnerabilities whereas Sentinel is about detecting threats.
   * Defender works for Azure, other clouds and on-prem resources.   * Defender works for Azure, other clouds and on-prem resources.
   * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier)   * JIT VM Access is a feature of Defender that only allows VM access after approval and for a short. fixed amount of time. This mitigates against brute-force types of attacks. (requires the Enhanced Security tier)
-  * The free tier does not include monitoring non-Azure resources; this requires the Enhance tier of the service.+  * The free tier does not include monitoring non-Azure resources; this requires the enhanced tier of the service.
   * **Example:** Defender would not detect if there is a new version of an OS, but it would detect of there are critical security updates that are missing.   * **Example:** Defender would not detect if there is a new version of an OS, but it would detect of there are critical security updates that are missing.
-  * **Azure Policy** provides most of the data Defender for Cloud uses +  * Defender can trigger **//alerts//** 
-  * A **Log Analytics Workspace** is used just for data coming from virtual machines+    * In addition to being available in the Azure portal or programmatically, Security alerts and incidents are audited as events in Azure Activity Log 
 +  * **Azure Policy** provides most of the data Defender for Cloud uses for CSPM 
 +  * A **Log Analytics Workspace** is used just for data coming from virtual machines (i.e. WinEventLog, syslog) 
 + 
 +====== Enhanced Security Features ====== 
 +  * Enhanced security features are a paid add-on 
 +  * Just in time VM access 
 +  * Regulatory compliance dashboard and reports 
 +  * Alerts for real-time threat detection 
 + 
 +===== Alerts ===== 
 +> Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment. 
 ===== Defender for Servers ===== ===== Defender for Servers =====
 > Microsoft Defender for Servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they're running in Azure, AWS, GCP, and on-premises environment. > Microsoft Defender for Servers is one of the enhanced security features of Microsoft Defender for Cloud. Use it to add threat detection and advanced defenses to your Windows and Linux machines whether they're running in Azure, AWS, GCP, and on-premises environment.
  • azure/az-500/alt/microsoft_defender_for_cloud.1662505262.txt.gz
  • Last modified: 2022/09/06 23:01
  • by mmuze