Microsoft Defender for Cloud is a multicloud application protection platform (CNAPP) designed to protect your cloud-based applications from code-to-cloud. A key component of cloud security is continuously monitoring and managing new vulnerabilities across your cloud workloads. Vulnerability management helps organizations improve their security posture, reduce the attack surface, and prevent security breaches.
We are thrilled to announce that Defender for Cloud is unifying our vulnerability assessment engine to Microsoft Defender Vulnerability Management (MDVM) across servers and containers. Security admins will benefit from Microsoft’s unmatched threat intelligence, breach likelihood predictions and business contexts to identify, assess, prioritize, and remediate vulnerabilities - making it an ideal tool for managing an expanded attack surface and reducing overall cloud risk posture.
Introducing a unified Vulnerability Management for Defender for Cloud – powered by Microsoft Defender Vulnerability Management (MDVM):
Microsoft Defender Vulnerability Management is a powerful in-house vulnerability assessment solution natively integrated in Defender for Cloud. Our goal is to enable our customers to have one solution for vulnerability assessments (VA) for all their different cloud and hybrid workloads, then have seamless integration to Defender for Cloud using the same tools and user experience. Its vulnerability assessments are automatically populated in the Defender for Cloud portal as recommendations. With Microsoft Defender Vulnerability Management, Defender for Cloud customers will have access to both agent-based and agentless scans. Here are the benefits of Defender for Cloud’s unified vulnerability assessment offering with MDVM:
When it comes to server protection, robust server vulnerability scanning plays a crucial role. Servers, often accessible from the internet, are an entry point for attackers to get access to an enterprise’s network environment, which is why vulnerability scanning (and remediation!) are crucial parts of reducing your organization’s attack surface. Servers’ vulnerability assessment solution powered by MDVM is available through both Defender for Servers and Defender Cloud Security Posture Management plans, and includes the following key benefits:
Vulnerability assessment scanning for containers, powered by Microsoft Defender Vulnerability Management (MDVM), is an integrated solution that empowers security teams to easily discover and remediate vulnerabilities for container images. This offering is now generally available in Azure and will soon be released for AWS and GCP containers. Container vulnerability assessment scanning powered by MDVM is available through both the Microsoft Defender for Containers and Defender Cloud Security Posture Management plans, and retains all existing capabilities of our current vulnerability assessment offering, while adding new and improved capabilities:
Capability |
Current offering |
New offering powered by MDVM |
Agentless vulnerability assessment for container images in registry |
Support environments: Azure Container Registry (ACR) |
Supported environments: Azure Container Registry (ACR), Elastic Container Registry (ECR), Google Container Registry (GCR) Google Artifact Registry (GAR)
|
Runtime vulnerability assessment for container images |
Agent-based
Supported environments: Azure Kubernetes Services (AKS) |
Agent-based and agentless
Supported environments: Azure Kubernetes Services (AKS), Elastic Kubernetes Services (EKS), Google Kubernetes Engine (GKE)
|
One click onboarding with zero configuration |
Supported environments: Azure Container Registry (ACR) Azure Kubernetes Services (AKS)
|
Supported environments: Azure Kubernetes Services (AKS), Elastic Kubernetes Services (EKS)*, Google Kubernetes Engine (GKE) Azure Container Registry (ACR), Elastic Container Registry (ECR), Google Container Registry (GCR) Google Artifact Registry (GAR) |
Quick scan of new images |
Neal real-time scan in Azure |
Neal real-time scan in Azure Typically, within few hours in AWS and GCP
|
Rescan frequency |
Once every 7 days |
Daily |
Scan criteria |
Scan on push Scan images pulled in last 30 days Scan running images indefinitely |
Scan on push Scan images pulled in last 30 days. Scan running images indefinitely. Scan images pushed in last 90 days |
Supported OS packages |
• Alpine Linux 3.12-3.16 • Ubuntu 10.10-22.04 • FreeBSD 11.1-13.1 |
• Alpine Linux 3.12-3.16 |
Language specific packages |
• Python |
• Python |
Real-world exploitability insights |
N/A |
Uses threat intelligence to provide real-world exploitability information for CVEs, helping customers to prioritize remediation of vulnerabilities with known exploit methods and exploitability tools. Exploit sources including CISA kev, exploit DB ,Microsoft Security Response Center, and more. |
Software vulnerability evidence: |
N/A |
Each reported vulnerability OS package is provided with commands that can be used to find the vulnerable package on the image.
|
Support for private links |
Azure Container Registry (ACR)
|
Azure Container Registry (ACR)
|
See what our customers are already saying about container VA scanning powered by MDVM:
“Our AI-powered Icertis Contract Intelligence (ICI) platform manages more than 2 billion metadata elements across 10 million contracts, delivering the only enterprise-grade contract lifecycle management solution built on Microsoft Azure. To promote the responsible and secure use of contract data, our security team prioritizes staying up to date on container security posture for various container technologies that ICI uses on the backend. The new Microsoft Defender for Cloud container scanning capabilities using Microsoft Defender Vulnerability Management (MDVM) enable us to do this more effectively by onboarding images for vulnerability assessment without any agents or configurations, while also providing us with actionable insights to help better protect data and bolster our security.”
“Defender for Containers vulnerability assessment scanning powered by Microsoft Defender Vulnerability Management has been invaluable in identifying risks in published containers but also enabling platform engineers to drive change to security processes and in collaboration with application developers to ensure these risks are identified earlier: “shifting left”. The frequent scanning on a clearly defined schedule has further driven confidence in the service.”
Vulnerability assessment offering powered by Microsoft Defender Vulnerability Management is available for both Servers and Containers. To start enjoying this new offering, ensure that agentless scanning for servers and containers is enabled and use the vulnerability assessments results provided for servers and containers as recommendations. You can also benefit from improved refresh times, for servers, by enabling endpoint protection and selecting MDVM for the vulnerability assessment in the Defender for Servers settings, and for container runtime scanning by deploying the Containers’ agent.
Lastly, if you are consuming vulnerability assessments results through API, you should update your API calls to the new API schema for Servers and Containers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.