Safeguarding Your Containerized Infrastructure with Microsoft Defender for Containers

Microsoft Defender for Containers is a comprehensive, cloud-native solution designed to improve, monitor, and maintain the security of your containerized assets, including Kubernetes clusters, nodes, workloads, container registries, and container images, across multicloud and on-premises environments.

Four Core Domains of Container Security

Defender for Containers assists you with four key areas of container security:

1. Security Posture Management:

   • Provides continuous monitoring of cloud and Kubernetes APIs to discover resources, offer comprehensive inventory capabilities, detect misconfigurations, and provide guidelines to mitigate them.
   • Enables contextual risk assessment and empowers security admins to perform enhanced risk hunting through the Defender for Cloud security explorer.
   • Continuously assesses the configurations of your clusters and compares them with applied initiatives, generating security recommendations for investigation and remediation.

2. Vulnerability Assessment:

   • Offers agentless vulnerability assessment for container images in Azure, AWS, and GCP registries, including recommendations for registry and runtime, quick scans of new images, daily refresh of results, and exploitability insights.
   • Adds vulnerability information to the cloud security graph for contextual risk assessment, attack path calculation, and hunting capabilities.

3. Run-time Threat Protection:

   • Provides real-time threat protection for Kubernetes clusters, nodes, and workloads, powered by Microsoft’s leading threat intelligence.
   • Maps security alerts to the MITRE ATT&CK framework for easy understanding of risk and relevant context, offers automated response, and integrates with SIEM/XDR solutions.
   • Includes host-level threat detection with over 60 Kubernetes-aware analytics, AI, and anomaly detections based on runtime workload.

4. Deployment and Monitoring:

   • Monitors your Kubernetes clusters for missing sensors and provides frictionless at-scale deployment for sensor-based capabilities.
   • Supports standard Kubernetes monitoring tools and manages unmonitored resources.

Learn More and Get Started

To learn more about Microsoft Defender for Containers, check out the following resources:

• Introducing Microsoft Defender for Containers
• Demonstrating Microsoft Defender for Cloud
• Enable Defender for Containers
• Common questions about Defender for Containers

To get started with securing your containerized infrastructure, explore the comprehensive capabilities of Microsoft Defender for Containers today.

Source: Center for Threat-Informed Defense