Microsoft Defender for Containers is a comprehensive cloud-native solution designed to improve, monitor, and maintain the security of your containerized assets across multicloud and on-premises environments. This powerful platform provides a range of security capabilities to help you protect your Kubernetes clusters, nodes, workloads, container registries, and container images.

Security Posture Management

Defender for Containers offers both agentless and sensor-based capabilities to help you manage the security posture of your containerized environment:

Agentless Capabilities

  • Agentless Discovery for Kubernetes: Provides zero-footprint, API-based discovery of your Kubernetes clusters, their configurations, and deployments.
  • Agentless Vulnerability Assessment: Scans container images in Azure Container Registry (ACR), Amazon ECR, Google Artifact Registry, and Google Container Registry to provide vulnerability assessment, including recommendations, remediation guidance, exploit insights, and more.
  • Comprehensive Inventory: Enables you to explore and manage your containerized resources, pods, services, repositories, and configurations through the Defender for Cloud security explorer.
  • Enhanced Risk Hunting: Empowers security admins to actively hunt for security posture issues using queries and security insights in the Defender for Cloud security explorer.
  • Control Plane Hardening: Continuously assesses your Kubernetes cluster configurations and provides security recommendations to investigate and remediate misconfigurations.

Sensor-Based Capabilities

  • Binary Drift Detection: Alerts you to potential security threats by detecting unauthorized external processes within containers, with customizable drift policies.
  • Kubernetes Data Plane Hardening: Monitors and enforces best practice recommendations for your Kubernetes workloads using Azure Policy for Kubernetes.

Vulnerability Assessment

Defender for Containers provides agentless vulnerability assessment for container images across Azure, AWS, and Google Cloud, including registry and runtime recommendations, remediation guidance, and exploitability insights. This information is integrated into the Defender for Cloud security graph to enhance contextual risk assessment and attack path analysis.

Run-time Protection

Defender for Containers offers real-time threat protection for Kubernetes clusters, nodes, and workloads. It generates security alerts for suspicious activities, such as exposed Kubernetes dashboards, high-privilege role creation, and sensitive mount creation. The alerts are mapped to the MITRE ATT&CK framework for Containers, providing valuable context for investigation and remediation.

By leveraging Microsoft’s leading threat intelligence and Kubernetes-aware analytics, Defender for Containers helps you quickly identify and address security issues, strengthening the overall security of your containerized applications.

To learn more, check out the Defender for Containers documentation and the related blog posts: