Microsoft Defender for Containers is a powerful cloud-native solution that helps organizations improve, monitor, and maintain the security of their containerized assets across multicloud and on-premises environments. This comprehensive platform addresses four core domains of container security: security posture management, vulnerability assessment, runtime threat protection, and deployment and monitoring.

Security Posture Management Defender for Containers provides agentless capabilities that enable zero-footprint, API-based discovery of your Kubernetes clusters, their configurations, and deployments. The platform also offers agentless vulnerability assessment for container images, including recommendations for registry and runtime, quick scans of new images, daily refresh of results, exploitability insights, and more. This vulnerability information is added to the cloud security graph, enabling contextual risk assessment, attack path calculation, and enhanced risk-hunting capabilities.

Additionally, Defender for Containers continuously assesses the configurations of your clusters and compares them with the initiatives applied to your subscriptions. When it finds misconfigurations, it generates security recommendations that you can investigate and remediate. You can use the resource filter to review the outstanding recommendations for your container-related resources.

Defender for Containers also includes sensor-based capabilities, such as binary drift detection, which alerts you about potential security threats by detecting unauthorized external processes within containers. The platform also offers Kubernetes data plane hardening, which monitors every request to the Kubernetes API server against a predefined set of best practices before allowing it to be persisted to the cluster.

Vulnerability Assessment Defender for Containers scans the container images in Azure Container Registry (ACR), Amazon AWS Elastic Container Registry (ECR), Google Artifact Registry (GAR), and Google Container Registry (GCR) to provide agentless vulnerability assessment. This includes registry and runtime recommendations, remediation guidance, quick scans of new images, real-world exploit insights, and exploitability insights. The vulnerability information is added to the cloud security graph for contextual risk, attack path calculation, and hunting capabilities.

Runtime Threat Protection Defender for Containers provides real-time threat protection for supported containerized environments, generating alerts for suspicious activities. This includes threat protection at the cluster, node, and workload levels, with both sensor-based coverage and agentless coverage based on analysis of Kubernetes audit logs. Examples of the security events monitored include exposed Kubernetes dashboards, creation of high-privileged roles, and creation of sensitive mounts.

You can view the security alerts in the Defender for Cloud’s overview page and security alerts page. Defender for Containers also includes host-level threat detection with over 60 Kubernetes-aware analytics, AI, and anomaly detections based on your runtime workload.

Learn More To learn more about Microsoft Defender for Containers, check out the following resources:

Next Steps To get started with Defender for Containers, follow these steps: