Planning Microsoft Defender for Cloud adoption

In this sample chapter from Microsoft Defender for Cloud, you will learn more about Defender for Cloud architecture, use cases, and key considerations for adoption.

Given the threat landscape presented in Chapter 1, it is clear that there is a need for a system that can both unify security management and provide advanced threat protection for workloads running in Azure, on-premises, and on other cloud providers.

Microsoft Defender for Cloud gives organizations complete visibility and control over the security of cloud workloads located in Azure, on-premises, or another cloud provider. By actively monitoring these workloads, Defender for Cloud enhances the overall security posture of the cloud deployment and reduces the exposure of resources to threats. Defender for Cloud also uses intelligent threat detection to assist you in protecting your environment from rapidly evolving cyberattacks.

Defender for Cloud also assesses the security of your hybrid cloud workload and provides recommendations to mitigate threats. In addition, it provides centralized policy management to ensure compliance with company or regulatory security requirements.

In this chapter, you will learn more about Defender for Cloud architecture, use cases, and key considerations for adoption.

Deployment scenarios

As enterprises start their journey to the cloud, they will face many challenges trying to adapt their on-premises tools to a cloud-based model. In a cloud environment, where there are different workloads to manage, it becomes imperative to have ongoing verification and corrective actions to ensure that the security posture of those workloads is always at the highest possible quality. Defender for Cloud has a variety of capabilities that can be used in two cloud solution categories:

  • Cloud Security Posture Management (CSPM) Enables organizations to assess their cloud infrastructure to ensure compliance with industry regulations and identify security vulnerabilities in their cloud workloads.

  • Cloud Workload Protection Platform (CWPP) Enables organizations to assess their cloud workload risks and detect threats against their Server (Infrastructure as a Service [IaaS]), containers, databases (Platform as a Service [PaaS]), and storage. It also allows organizations to identify and remediate faulty configurations with security best-practice recommendations.

It is always recommended to start your cloud security journey by ensuring that you have visibility across all workloads, and once you have this visibility, you want to understand the security state of these workloads. With the free tier of Microsoft Defender for Cloud enabled on the subscription, you can obtain this information and start working on remediating security recommendations that will improve your overall security posture. That’s the scenario for CSPM.

After improving the security hygiene of the environment, you also want to be aware of potential threat actors trying to compromise your workloads, and that’s where CWPP capabilities will come into play. An important factor of threat detections that were tailored specifically for a particular workload is that you are only monitoring threats that are truly relevant for that workload. Microsoft Defender for Cloud has different plans that will vary according to the supported workloads.