The course is part of this learning path
Cloud Security Posture Management describes how well a cloud environment is secured from events, particularly malicious threats, that could compromise the integrity of its data and infrastructure. As cloud environments are virtual and depend on many settings, an enormous opportunity exists for incorrectly configured infrastructure to be exploited. This course introduces the student to Cloud Security Posture Management and how associated tools can assess and aid in securing a cloud environment against external attacks.
Learning Objectives
- Explanation of Cloud Security Posture Management
- Why Cloud Security Posture Management is important
- How Microsoft Defender for Cloud implements Cloud Security Posture Management
Intended Audience
- Students who want to know about Cloud Security Posture Management and how it relates to Microsoft Defender for Cloud
- Students who intend to take the SC-900 exam: Microsoft Security, Compliance, and Identity Fundamentals
Prerequisites
An understanding of general technical concepts.
Let's look at how Cloud Security Posture Management principles have been incorporated into Microsoft Defender for Cloud in Azure. We can access Defender for cloud from links on the Azure home page or by going into resources and typing defender, where you can select from the drop-down list. The first and probably the most important metric is security posture. It's no coincidence that this metric shares a good portion of its name with cloud security posture management.
The security posture score summarizes all your workloads' and resources' security status. To reinforce the concept that cloud security posture management is platform agnostic, we can see here that it is possible to connect AWS and GCP accounts to Defender for cloud for a one-stop shop monitoring solution. This is not saying that Defender for cloud monitors and assesses these other platforms. AWS and GCP have their own implementation of Cloud Security Posture Management and expose the results via an API.
Ideally, we'd want a secure score of 100%, indicating we've implemented all threat protections available to us across all workloads, so 44% is hardly stellar and leaves room for improvement. It looks like we have two recommendations to implement to get to 100% coverage. This is a good time to tell you that there's a fair bit of latency in the initial threat assessment. I've only just created my resources, a VM with a Vnet and an Azure SQL database, and currently, I have two active recommendations.
If I leave Microsoft Defender for Cloud to work its magic while I have lunch and walk the dog, when I come back, there are now seven recommendations. Let's explore our security posture by clicking on the hyperlink. You'll see on the left under Cloud Security, you can access the same view by selecting security posture. Clicking will display CSPM for multiple subscriptions if I have more than one, and I can enable permissions to access other vendors' cloud environments on the upper right. Let's view the current recommendations for this subscription.
As I said, it takes a while for all resources to be assessed across all security controls, and we can see that the top four have a status of completed, while the bottom two have not been assigned to anyone for remediation. In the right-hand Insights column, there's a bar graphic indicating the degree of threat that each attack vector or security control potentially poses.
In the first row, enabling multi-factor authentication - weak passwords, phishing attacks, and other means of compromising user logins are still the most common form of gaining access to a system – will make a big improvement.
Looking at the max score column, MFA is worth ten but currently scoring zero. Encrypt data in transit and Manage access permissions, the other two security controls that have been scored so far are four out of four. That means if I fix MFA right now, I can get a 100% secure score, as the MFA's potential score increase is 56%. The score recommendation dashboard shows us the low-hanging security fruit and the most important issues we need to address to increase our overall score. The current score for each security control shows us progress per control. While multi-factor authentication is an all-or-nothing control, we can drill into others like Enable enhanced security features.
There are two recommendations for increasing the security score here. Enable Microsoft Defender for resource manager and for DNS. One of the important features of a good Cloud Security Posture Management tool is easy and quick remediation, and I can enable Defender for DNS by clicking on the recommendation. This takes me through to a page where I can select fix and then fix one resource. While the remediation may be successful, it won't be reflected instantly in the secure score. As the name suggests, enhanced security features are more than the standard features that come with every Azure plan. We can go to the Defender for cloud overview page and under management, then environment settings, and select the relevant subscription. You'll see additional paid-for features with their prices which you can turn on. You can enable all of them with the button at the top or select individual Defender for cloud services. If you recall, enabling Defender on resource manager was one of the recommendations, so I'll switch that on and save.
Assessing regulatory compliance is another aspect of a good Cloud Security Posture Management tool. Drilling down into regulatory compliance assesses the security environment on Azure Security Benchmark version 3 and three security industry standards.
After 24 hours, my environment has a secure score of 64%. While I've implemented many of the recommended fixes, additional issues have been identified, further illustrating the depth and breadth of Microsoft Defender's Cloud Security Posture Management implementation.
Hallam is a software architect with over 20 years experience across a wide range of industries. He began his software career as a Delphi/Interbase disciple but changed his allegiance to Microsoft with its deep and broad ecosystem. While Hallam has designed and crafted custom software utilizing web, mobile and desktop technologies, good quality reliable data is the key to a successful solution. The challenge of quickly turning data into useful information for digestion by humans and machines has led Hallam to specialize in database design and process automation. Showing customers how leverage new technology to change and improve their business processes is one of the key drivers keeping Hallam coming back to the keyboard.