Securing Your Containerized Assets with Microsoft Defender for Containers
Microsoft Defender for Containers is a powerful cloud-native solution that helps organizations improve, monitor, and maintain the security of their containerized assets across multicloud and on-premises environments. This comprehensive platform addresses four core domains of container security:
Security Posture Management
Defender for Containers offers both agentless and sensor-based capabilities to help you manage the security posture of your containerized environment:
Agentless Capabilities:
- Agentless Discovery for Kubernetes: Provides zero-footprint, API-based discovery of your Kubernetes clusters, their configurations, and deployments.
- Agentless Vulnerability Assessment: Offers vulnerability assessment for all container images, including recommendations for registry and runtime, quick scans of new images, daily refresh of results, exploitability insights, and more. This vulnerability data is integrated into the security graph for contextual risk assessment, attack path calculation, and enhanced hunting capabilities.
- Comprehensive Inventory Capabilities: Enables you to explore resources, pods, services, repositories, images, and configurations through the security explorer, making it easier to monitor and manage your assets.
- Enhanced Risk-Hunting: Empowers security admins to actively hunt for posture issues in their containerized assets through queries (built-in and custom) and security insights in the security explorer.
- Control Plane Hardening: Continuously assesses the configurations of your clusters and compares them to applied initiatives, generating security recommendations to investigate and remediate issues.
Sensor-Based Capabilities:
- Binary Drift Detection: Alerts you about potential security threats by detecting unauthorized external processes within containers, helping you distinguish between legitimate activities and potential threats.
- Kubernetes Data Plane Hardening: Monitors every request to the Kubernetes API server against a predefined set of best practices, and can be configured to enforce these best practices and mandate them for future workloads.
Vulnerability Assessment
Defender for Containers scans container images in Azure Container Registry (ACR), Amazon AWS Elastic Container Registry (ECR), Google Artifact Registry (GAR), and Google Container Registry (GCR) to provide agentless vulnerability assessment. This includes registry and runtime recommendations, remediation guidance, quick scans of new images, real-world exploit insights, and more. The vulnerability information is integrated into the cloud security graph for contextual risk assessment, attack path calculation, and hunting capabilities.
Run-time Protection for Kubernetes Nodes and Clusters
Defender for Containers provides real-time threat protection for supported containerized environments, generating alerts for suspicious activities. This includes coverage at the cluster, node, and workload levels, using both sensor-based monitoring and agentless analysis of Kubernetes audit logs.
Examples of security events that Defender for Containers monitors include:
- Exposed Kubernetes dashboards
- Creation of high-privileged roles
- Creation of sensitive mounts
Defender for Containers also includes host-level threat detection with over 60 Kubernetes-aware analytics, AI, and anomaly detections based on your runtime workload. The solution monitors the attack surface of multicloud Kubernetes deployments based on the MITRE ATT&CKĀ® matrix for Containers.
Learn More
To learn more about Defender for Containers, check out these blog posts:
To get started, see the Enable Defender for Containers guide, and review the common questions about the service.