#cnapp — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cnapp, aggregated by home.social.
-
Near-realtime-защита внутри облака: как мы боролись с лавиной ИБ-событий и превращали их в полезные данные
Меня зовут Владислав Архипов, я архитектор команды разработки security‑сервисов в Yandex Cloud. Мы занимаемся как непосредственной безопасностью облачной платформы и её клиентов, так и созданием сервисов безопасности. Итоги 2025 года в сфере информационной безопасности показали, что нагрузка на security‑команды любого уровня растёт вместе с ростом потока данных. На нашем примере: к середине 2025 года количество типовых событий безопасности, которые мы обрабатывали, в среднем составляло 28 млрд в день, а рост за год составил 20%. При этом всё чаще необходимо анализировать потоковые источники данных, где традиционные подходы с периодической выгрузкой информации просто исчерпали себя. В этой статье вместе с руководителем Cloud Security Operations Юрием Наместниковым @namestnikov мы расскажем, как создаём Security Deck и добиваемся прозрачности процессов ИБ, а также о том, как хронологическое хранилище помогает справляться с растущими потоками данных. Покажем, как мы превращаем разрозненные события в стейт и храним в хронологической базе данных, а также в чём отличие нашего запатентованного решения от других на уровне архитектуры.
https://habr.com/ru/companies/yandex_cloud_and_infra/articles/994478/
#безопасность #хронологическое_хранилище #temporal_bd #ydb #security_operation_center #soc #cspm #cnapp
-
Cloud compliance dashboards, CNAPP, and CSPM can all show green, but they don't show your entire attack surface.
The issue is not with the dashboards, but with the blind spots that lie outside their view, such as leaked developer personal access tokens or overprivileged pipelines that do not appear as non-compliant.
In this blog post, Joe Durbin looks at those gaps around tokens, pipelines, and third-party build services. He explains how human-led configuration reviews and custom threat actor simulations work alongside provider tools to show and test your actual attack surface.
📌https://www.pentestpartners.com/security-blog/beyond-cloud-compliance-dashboards-whats-next/
#cloudsecurity #cloudnative #devsecops #cnapp #cspm #cybersecurity
-
От CNAPP до CTEM — ИБ-термины простыми словами
Современные облачные сервисы и другие области ИТ включают большое количество специализированных терминов и аббревиатур, связанных с информационной безопасностью. Чтобы упростить понимание этих понятий, мы подготовили компактный словарь для менеджеров и начинающих специалистов. Простыми словами объясняем распространённые термины, обозначающие механизмы и решения для защиты различных сред: от управления правами доступа до межсетевых экранов. Материал поможет разобраться в технологиях безопасности и сделать их использование максимально эффективным.
-
Fortinet Expands Cloud Security Portfolio with Lacework Acquisition https://www.securityweek.com/fortinet-expands-cloud-security-portfolio-with-lacework-acquisition/ #CloudSecurity #Funding/M&A #M&ATracker #Featured #Fortinet #Lacework #CNAPP #DSPM
-
Fortinet Expands Cloud Security Portfolio with Lacework Acquisition https://www.securityweek.com/fortinet-expands-cloud-security-portfolio-with-lacework-acquisition/ #CloudSecurity #Funding/M&A #M&ATracker #Featured #Fortinet #Lacework #CNAPP #DSPM
-
𝐌𝐚𝐩 𝐂𝐨𝐧𝐭𝐚𝐢𝐧𝐞𝐫 𝐈𝐦𝐚𝐠𝐞𝐬 𝐟𝐫𝐨𝐦 𝐂𝐨𝐝𝐞 𝐭𝐨 𝐂𝐥𝐨𝐮𝐝 𝐰𝐢𝐭𝐡 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝
When a vulnerability is identified in a container image stored in a container registry or running in a Kubernetes cluster, it can be difficult for a security practitioner to trace back to the CI/CD pipeline that first built the container image and identify a developer remediation owner.
With DevOps security capabilities in Microsoft Defender Cloud Security Posture Management (CSPM), you can map your cloud-native applications from code to cloud to easily kick off developer remediation workflows and reduce the time to remediation of vulnerabilities in your container images.
Details: https://learn.microsoft.com/en-us/azure/defender-for-cloud/container-image-mapping
#defender #cspm #CloudSecurityPostureManagement #devops #pipeline #codetocloud #container #vulnerabilities #Kubernetes #cnapp #cwpp #cloudnative #cloudsecurity #soc #microsoft #microsoftsecurity #azure #multicoud
-
#Dynatrace Unlocks AI-Driven Compliance & Protection With #Runecast Acquisition
-
𝐈𝐧𝐭𝐫𝐨𝐝𝐮𝐜𝐢𝐧𝐠 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝 𝐋𝐚𝐛𝐬
Our labs project help you get ramped up with Microsoft Defender for Cloud and provide hands-on practical experience for product features, capabilities, and scenarios. The labs are divided into 3 main tracks, a beginner (level 100/200) and an advanced (level 300+) track. The labs contain several modules cover different pillars such as Cloud Security Posture Management (CSPM) to Cloud Workload Protection (CWP). To start using our labs, you will need to create Azure Trial Subscription which provides you all capabilities for 30 days – so you have to finish this lab at this point to take advantage of the free trial.
https://github.com/Azure/Microsoft-Defender-for-Cloud/tree/main/Labs
#defender #defenderforcloud #cnapp #cspm #cwp #cwpp #cloudsecurity #multicloud #azure #aws #gcp #microsoft #microsoftsecurity #soc #server #container #storage #dns #api #devops #database #api #github #arc #agentless #storageaccount #mde #vulnerability #mdvm #siem
-
𝐍𝐞𝐰 𝐮𝐬𝐞 𝐜𝐚𝐬𝐞𝐬 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐩𝐢𝐥𝐨𝐭
📣 The new use cases for Security Copilot now extend beyond investigations in your security operations center to support various security necessities for organizations seeking to strengthen their security against cyberthreats.
➡Device management
➡Identity management
➡Data security
➡Cloud security
➡External attack surface management
📣Security Copilot is expanding into embedded experiences across various Microsoft Security solutions!
#copilot #security #securitycopilot #llm #ai #genai #openai #microsoft #microsoftsecurity #cybersecurity #intune #purview #entraid #soc #xdr #siem #soar #cloud #cloudnative #cloudsecurity #sentinel #microsoftsentinel #cnapp #defenderforcloud #defender #easm #threatintelligence
-
𝐍𝐞𝐰 𝐮𝐬𝐞 𝐜𝐚𝐬𝐞𝐬 𝐟𝐨𝐫 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐨𝐩𝐢𝐥𝐨𝐭
📣 The new use cases for Security Copilot now extend beyond investigations in your security operations center to support various security necessities for organizations seeking to strengthen their security against cyberthreats.
➡Device management
➡Identity management
➡Data security
➡Cloud security
➡External attack surface management
📣Security Copilot is expanding into embedded experiences across various Microsoft Security solutions!
#copilot #security #securitycopilot #llm #ai #genai #openai #microsoft #microsoftsecurity #cybersecurity #intune #purview #entraid #soc #xdr #siem #soar #cloud #cloudnative #cloudsecurity #sentinel #microsoftsentinel #cnapp #defenderforcloud #defender #easm #threatintelligence
-
Prepare to onboard Microsoft Defender for Cloud (MDC) with Terraform: The new Terraform module, "mdc-defender-plans-azure" allows you to configure MDC plans for your subscriptions or management groups with just a few lines of code!
"Simplifying Onboarding to Microsoft Defender for Cloud with Terraform" - Microsoft Community Hub
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/simplifying-onboarding-to-microsoft-defender-for-cloud-with/ba-p/3974789#MicrosoftDefenderForCloud #DefenderCSPM #IaC #Terraform #CSPM #CNAPP #MDFC #Security #Cybersecurity #Microsoft #Azure
-
Earlier this year @baileybercik and I presented at SANS #Cloud #Security summit on what we've learned from the last 18 or so months of deploying #CIEM as part of that broader #CNAPP strategy. We focused mostly on #Microsoft #Entra Permissions Management. The talk is now posted, https://www.youtube.com/watch?v=q2pdf_8aorg. If you want to learn more about #CNAPP see this post, https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/announcing-new-cnapp-capabilities-in-defender-for-cloud/ba-p/3981941. We also recently released an operations guide which has been very helpful for customers. Give it a read. https://learn.microsoft.com/en-us/entra/architecture/permissions-manage-ops-guide-intro. #InfoSec #Azure #AWS #GCP
-
𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱
At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:
➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation
➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds
➡Accelerated critical risk remediation with Microsoft Security Copilot integration
➡Integrated security across multiple DevOps platforms
Extended protection for cloud workloads
➡Improved API Security Posture
➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform
More details:
#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability
-
𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱
At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:
➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation
➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds
➡Accelerated critical risk remediation with Microsoft Security Copilot integration
➡Integrated security across multiple DevOps platforms
Extended protection for cloud workloads
➡Improved API Security Posture
➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform
More details:
#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability
-
𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱
At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:
➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation
➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds
➡Accelerated critical risk remediation with Microsoft Security Copilot integration
➡Integrated security across multiple DevOps platforms
Extended protection for cloud workloads
➡Improved API Security Posture
➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform
More details:
#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability
-
𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱
At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:
➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation
➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds
➡Accelerated critical risk remediation with Microsoft Security Copilot integration
➡Integrated security across multiple DevOps platforms
Extended protection for cloud workloads
➡Improved API Security Posture
➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform
More details:
#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability
-
𝗔𝗻𝗻𝗼𝘂𝗻𝗰𝗶𝗻𝗴 𝗻𝗲𝘄 𝗖𝗡𝗔𝗣𝗣 𝗰𝗮𝗽𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗶𝗻 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿 𝗳𝗼𝗿 𝗖𝗹𝗼𝘂𝗱
At Ignite 2023, we are excited to announce new innovations in Microsoft Defender for Cloud that will help security admins strengthen their CNAPP deployment, improve the cloud security posture through additional code to cloud insights, and protect cloud-native applications across multicloud environments in a unified solution:
➡ Unified insights from Microsoft Entra Permissions Management (CIEM) to enable comprehensive risk mitigation
➡Enhanced attack path analysis engine to swiftly pinpoint critical risks across clouds
➡Accelerated critical risk remediation with Microsoft Security Copilot integration
➡Integrated security across multiple DevOps platforms
Extended protection for cloud workloads
➡Improved API Security Posture
➡Go beyond workload protection – detect and respond to threats across the enterprise in a unified platform
More details:
#cnapp #devops #api #protection #ciem #cwp #cspm #defender #defenderforcloud #azure #gcp #aws #cloud #cloudnative #cloudprotection #cloudsecurity #multicloud #microsoft #microsoftsecurity #soc #ignite #microsoftignite #permissionmanagement #ai #mitre #copilot #securitycopilot #vulnerability
-
It's taken me almost a year to write (and edit) my rant about categories and acronyms in cybersecurity. Which acronyms or categories annoy you the most? Security teams don't need more tools, they need efficient ways to mitigate risk and respond quickly to threats or attacks - especially now to keep up with faster development cycles.
https://www.techtarget.com/searchsecurity/opinion/Cloud-native-app-security-Ignore-acronyms-solve-problems
#cloudsecurity #applicationsecurity #appsec #cspm #sast #dast #iast #sca #sbom #ciem #asoc #dspm #aspm #cnapp #cdr #mdr #itdr #ndr #mdr #xdr #edr #cnapp #wapp #devsecops #cybersecurity #infosec #ciso #cso -
I must admit, I am pretty proud of this one...
#Runecast Earns Frost & Sullivan's 2023 European New Product #Innovation Award for Delivering an #Al-driven Unique #CNAPP
-
𝗣𝗿𝗲𝗱𝗶𝗰𝘁 𝗳𝘂𝘁𝘂𝗿𝗲 𝗮𝘁𝘁𝗮𝗰𝗸𝘀! 𝗖𝗹𝗼𝘂𝗱 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗣𝗼𝘀𝘁𝘂𝗿𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝘄𝗶𝘁𝗵 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗗𝗲𝗳𝗲𝗻𝗱𝗲𝗿
Advanced cloud security protection goes beyond general security recommendations and provides predictive and future-facing defense, so users can prioritize security based on connected risks, visualize potential attack paths, and identify vulnerabilities and misconfigurations that attackers might exploit. Recommendations are ranked based on severity and potential impact, so users can focus on the most critical issues first.
#defendercspm #cspm #posturemanagement #defenderforcloud #cnapp #defender #microsoft #azure #cloud #multicloud #soc #cybersecurity #xdr
-
𝐍𝐞𝐰 𝐞𝐱𝐩𝐚𝐧𝐝𝐞𝐝 𝐯𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲 𝐢𝐧𝐭𝐨 𝐦𝐮𝐥𝐭𝐢𝐜𝐥𝐨𝐮𝐝 𝐝𝐚𝐭𝐚 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝
The data security dashboard provides a centralized, complete and current view of the state of your cloud data estate.
The data security dashboard helps you to:
➡ Discover your complete multicloud data estate across managed and hosted data resources
➡Understand your Defender for Cloud protection coverage and gaps across data resources
➡Gain insight on which protected data resources contain sensitive data and the types of sensitive information they contain
➡Use built-in data query templates to speed up cloud security explorer results
➡Focus on sensitive data resources that require attention as a result of active threats or potential risks to your sensitive data
➡View changing trends of resources with sensitive data that require attention to analyze improvement of data security posture over time
#microft #azure #defender #defenderforcloud #cnapp #aws #gcp #data #datasecurity #cloud #cloudsecurity #soc #cspm #posturemanagement
-
In the realm of cybersecurity, preventing attackers' entry through misconfigurations is paramount. Cloud misconfigurations, particularly in AWS environments, can open doors to vulnerabilities. Microsoft Defender for Cloud steps in as a proactive guardian, identifying these misconfigurations and enabling swift remediation.
🌐 Why Misconfigurations Matter
Misconfigured cloud resources can expose sensitive data, grant unauthorized access, or leave unnecessary openings for exploitation. To maintain a strong security posture, proactive security management is essential.
🛡️ How Microsoft Defender for Cloud Helps
In this blog, I'll guide you through various scenarios of misconfigured AWS Cloud resources and showcase how Microsoft Defender for Cloud empowers security teams to identify, prevent, and remediate risks.
🚀 Getting Started with Proactive Security
To begin safeguarding your AWS resources, set up the connection between your AWS account and Microsoft Defender for Cloud. The cloud security graph, attack path analysis, and the cloud security explorer are invaluable tools for contextual security assessment.
🔍 Scenario 1: Sensitive Data Exposure
Imagine Contoso Bank, using Amazon S3 to store sensitive information. Mistakenly replicating data to a public S3 bucket opens avenues for data exposure. Microsoft Defender CSPM's attack path analysis uncovers this misconfiguration, providing insights and remediation steps.
🔍 Scenario 2: Over-Permissioning via IAM Roles
Datum Corporation's IT Admins manage AWS EC2 instances and want automated backups. Misconfigured IAM roles can lead to over-permissioning, exposing the instance to more access than necessary. Defender CSPM's attack path capability highlights vulnerabilities, effective permissions, and potential risks.
🔍 Scenario 3: Compromising KMS Keys
Fabrikam Inc secures sensitive data on Amazon EC2 instances through a KMS key. However, a high-severity vulnerability on the instance poses a risk of unauthorized access to the KMS. Defender CSPM's attack path analysis identifies potential credential theft and suggests remediation steps.
📚 Continuous Monitoring and Stay Ahead
The battle against misconfigurations isn't a one-time effort. Incorporating attack path analysis into your security strategy empowers teams to monitor and address new misconfigurations introduced during environment changes.
Enhance your AWS security with Microsoft Defender for Cloud. Stay ahead of potential misconfigurations, safeguard sensitive data, and bolster your cloud security strategy.
#CloudSecurity #AWSProtection #MicrosoftDefender #ProactiveSecurity #CyberDefense #microsoft #cnapp #defenderforcloud #aws #azure #multicloud #cspm #bucket #cloud #cloudsecurity #cloudnative #soc #xdr
-
Steps Forward: Can ‘CNAPP’ solutions truly unify cloud, on-premises best cybersecurity practices?
Byron Acohido hosts a #CNAPP conversation with #Runecast, Data Theorem, Palo Alto Networks, and #Gartner.
#CSPM #CWPP
https://www.lastwatchdog.com/steps-forward-can-cnapp-solutions-truly-unify-cloud-on-premises-best-cybersecurity-practices/ -
𝐃𝐚𝐭𝐚 𝐀𝐰𝐚𝐫𝐞 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐏𝐨𝐬𝐭𝐮𝐫𝐞 𝐢𝐧 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐃𝐞𝐟𝐞𝐧𝐝𝐞𝐫 𝐟𝐨𝐫 𝐂𝐥𝐨𝐮𝐝 𝐢𝐬 𝐧𝐨𝐰 𝐆𝐞𝐧𝐞𝐫𝐚𝐥𝐥𝐲 𝐀𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞
For more information, see Data-aware security posture in Microsoft Defender for Cloud: https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-data-security-posture
#microsoft #security #data #cloud #azure #cspm #defendercspm #defender #defenderforcloud #cnapp #aws #cgp #cloudnative #cloudsecurity #soc #purview #microsoftpurview #storage #defenderforstorage #cybersecurity
-
𝗛𝗼𝘄 𝘁𝗼 𝘀𝗲𝗰𝘂𝗿𝗲 𝗮 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻 𝗔𝗽𝗽?
𝚂̲𝚎̲𝚌̲𝚞̲𝚛̲𝚎̲ ̲𝚘̲𝚙̲𝚎̲𝚛̲𝚊̲𝚝̲𝚒̲𝚘̲𝚗̲
➡️Defender for Cloud for assessment of potential configuration-related security vulnerabilities
➡️Log and monitor: diagnostic settings to configure streaming export of platform logs and metrics
➡️Require HTTPS
➡️Securing keys with Azure key Vault
➡️Enable App Service Authentication/Authorization
➡️Use Azure API Management (APIM) to authenticate requests
➡️Run your function app with the lowest possible permissions
➡️Store data encrypted
𝚂̲𝚎̲𝚌̲𝚞̲𝚛̲𝚎̲ ̲𝚍̲𝚎̲𝚙̲𝚕̲𝚘̲𝚢̲𝚖̲𝚎̲𝚗̲𝚝̲
➡️Disable FTP
➡️Secure the scm endpoint
𝙽̲𝚎̲𝚝̲𝚠̲𝚘̲𝚛̲𝚔̲ ̲𝚜̲𝚎̲𝚌̲𝚞̲𝚛̲𝚒̲𝚝̲𝚢̲
➡️Set access restrictions
➡️Secure the storage account
➡️Private site access with Azure Private Endpoint
➡️Deploy your function app in isolation configuring a Web Application Firewall (WAF) for App Service Environment.
More details: https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4
#security #azure #cloud #data #management #streaming #functionapp #serverless #waf #appservice #privateendpoint #networksecurity #securedeployment #apim #ftp #keyvault #key #vulnerability #assessment #misconfiguration #encryption #storage #storageaccount #defender #defenderforcloud #cnapp #cspm #cwpp #microsoft #microsoftsecurity #cloudsecurity #cloudnative #siem #monitoring #soc
-
What's new in Microsoft Defender for Cloud?
Updates in May include:
➡️New alert in Defender for Key Vault
➡️Agentless scanning now supports encrypted disks in AWS
➡️Revised JIT (Just-In-Time) rule naming conventions in Defender for Cloud
➡️Onboard selected AWS regions
➡️Multiple changes to identity recommendations
➡️Deprecation of legacy standards in compliance dashboard
➡️Two Defender for DevOps recommendations now include Azure DevOps scan findings
➡️New default setting for Defender for Servers vulnerability assessment solution
More details: https://learn.microsoft.com/en-us/azure/defender-for-cloud/release-notes#may-2023
#microsoft #azure #devops #cloud #aws #compliance #gcp #defender #defenderforcloud #cnapp #cspm #cwpp #soc #cloudsecurity #multicloud #securityplatform #microsoftsecurity
-
My new blog post addresses my issues with the concept of "shift left security." It's not wrong, it's just misunderstood.
Shifting left is about empowering developers to better secure their applications, freeing up security teams to scale to better support them. Security teams need to work with development throughout the SDLC to drive efficiency for remediation - helping both teams.
#devsecops #cloudsecurity #infosec #developersecurity #cnapp #applicationsecurity #appsec
-
I am very much looking forward to this discussion, as I typically take advantage of any opportunity that I have to talk with either of these guys, so having both together is a big treat. 😎 🎬 👏🏽
#CNAPP #CSPM #CWPP #CloudSecurity
https://www.runecast.com/register-now/how-to-make-a-well-informed-cnapp-buying-decision-in-2023