Container adoption is booming - production deployments of Kubernetes clusters and containers continue to soar as organizations increasingly containerize applications to meet their needs for scalability, portability, and more. Since 2016, the use of containers in production has increased by 300%.
In line with these widespread adoption trends, the security & threat landscape has shown a rapid increase in the number and sophistication of attacks targeting containers and Kubernetes as shown in image 1.
Traditional security tools aren’t setup to provide visibility into container usage and monitor traffic flows, making it challenging to stay on top of secure configurations drifts. Unlike traditional compute, containerized applications are elastic, spawn, and are often short lived – creating the need to fix vulnerabilities early and often and making a dedicated container security strategy essential.
To address the evolving security challenges surrounding container solutions, we are excited to announce Microsoft Defender for Containers – a new cloud workload protection plan designed around the unique needs of container-based solutions including Azure Kubernetes Service, Amazon EKS, and on-prem environments. It is part of Microsoft Defender for Cloud.
Critical capabilities include native at-scale onboarding for Kubernetes, hardening controls, vulnerability assessment, and run-time protection. The new plan merges the capabilities of the two existing Microsoft Defender for Cloud plans, Microsoft Defender for Kubernetes and Microsoft Defender for container registries, and adds a new set of critical features shown in image 2.
For a live demo of the new capabilities, watch the latest episode of Defender for Cloud in the field.
Starting today, Microsoft Defender for Containers is available as a new plan in Microsoft Defender for Cloud. You can onboard any of your Azure subscriptions or AWS accounts and start protecting your container solutions with a broad set of capabilities.
We understand how critical it is to protect containers as soon as they are deployed into your environment. That’s why we developed an automatic deployment capability, so you can easily enable Microsoft Defender for Containers across all Kubernetes resources in your organization, in the Microsoft Defender for Cloud portal.
The solution is designed to support any Kubernetes, Azure & non-Azure workloads with a DaemonSet, that is deployed and maintained on the Kubernetes control plane. This gives customers visibility and management capabilities directly via Kubernetes-native tooling. It is also integrated into the Azure Kubernetes Service (AKS) as a Security profile and into Azure Arc connected clusters as a cluster extension for both multi-cloud and on-prem scenarios.
To expand threat detection beyond the Kubernetes management layer, Microsoft Defender for Containers now offers host level threat detection with over 60 (!) new Kubernetes-aware analytics, AI, and anomaly detections based on your runtime workload. The solution monitors the growing attack surface of multi-cloud Kubernetes deployments and tracks the MITRE ATT&CK® matrix for Containers, a framework that was developed by the Center for Threat-Informed Defense in close partnership with Microsoft and others.
The full list of available threat detection alerts can be found here.
To make investigations easier by providing runtime context, we have added new entities to Kubernetes security alerts including image, registry, pod, service, namespace, and more. In addition, the new entities can be used to provide more granularity for customers' suppression logic to fine tune alerts and reduce alert fatigue.
Coming soon: Fileless attack detection. Fileless attacks are typically used by attackers to execute code without presence on the filesystem; thereby preventing detection by traditional anti-virus software. With the new Fileless Attack Detection capability, automated memory forensic techniques will identify fileless attack toolkits, techniques, and behaviors. The detection mechanism periodically scans your nodes at runtime and extracts insights directly from the memory of the running processes. It can find evidence of exploitation, code injection and execution of malicious payloads. Fileless attack detection generates detailed security alerts to accelerate alert triage, correlation, and downstream response time.
A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Microsoft Defender for Cloud provides out of the box vulnerability assessment capabilities and integrates with the tools of your choice to regularly check your resources for vulnerabilities.
As part of the Microsoft Defender for Containers plan, we added a new detection for Runtime visibility of vulnerabilities. This new recommendation shows only running images with vulnerabilities, enabling customers to better prioritize and focus on the vulnerabilities that pose the highest risk to their organization.
We also enhanced the periodic scanning of images that have been pulled from Azure Container registry (ACR) during the last 30 days, with a continuous image scan for all ACR images running on a Kubernetes cluster.
We know that understanding cost across your workloads and protections is critical. That’s why we created a cost estimation workbook that allows you to estimate the anticipated costs for Microsoft Defender for Containers across all your subscriptions. The workbook estimates costs for your Kubernetes clusters based on your average usage over the last 30 days. In addition, it shows the number of container images that are included for vulnerability assessment scanning based on your configuration. You can deploy the workbook to your Defender for Cloud environment using the ARM template and learn more in the Defender for Cloud GitHub repository.
The new Microsoft Defender for Containers plan provides organizations with a streamlined way to enable advanced threat protection for all their container workloads across Azure, AWS, and in hybrid cloud environments and keep their critical resources secure.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.