Want to know Defender CSPM standard plan features in detail.

Question

Want to know Defender CSPM standard plan features in detail.

Can anyone help from where i can get the elaborated features details of CSPM standard plan.

Below are the features which we have in CSPM standard plan.

1.Identity and role assignments discovery 2.Network exposure detection 3.Attack path analysis 4.Cloud security explorer for risk hunting 5.Agentless vulnerability scanning 6.Governance rules to drive timely remediation and accountability 7.Regulatory compliance and industry best practices 8.Data-aware security posture 9.Agentless discovery for Kubernetes 10.Agentless vulnerability assessments for container images, including registry scanning

Answer 1

Hi Prateek,

The full list of Defender for Cloud Policies and their details are here:

https://learn.microsoft.com/en-us/azure/defender-for-cloud/policy-reference

When you click on the link for each policy it will point to the json so you will need some basic understanding of how to read the details in that format.

Answer 2

Hi @Prateek Rana ,

Thanks for reaching out.

I understand you are looking for CSPM capabilities in both the Foundational CSPM plan which is free and Defender CSPM which protects across all your multicloud workloads, but billing only applies for Servers, Databases and Storage accounts at $15/billable resource/month.

Below is a brief detail of each feature in both the plans.

Foundational CSPM

The foundational CSPM includes asset discovery, continuous assessment and security recommendations for posture hardening, compliance with Microsoft Cloud Security Benchmark (MCSB), and a Secure score which measure the current status of your organization's posture.

1. Asset Discovery - Asset discovery involves identifying all assets within your cloud environment, including virtual machines, storage accounts, and databases, and mapping them to the appropriate security controls and policies.
2. Continuous Assessment -Continuous assessment involves regularly scanning your cloud environment for security risks and vulnerabilities and alerting you to any potential issues.
3. Secure Score - Defender of a cloud secure score is a feature that helps organizations to assess and improve their security posture in the cloud. It is based on a set of security best practices and industry standards such as CS and NIST Cybersecurity Framework.
4. Security Recommendation- The recommendations are prioritized based on their potential impact on the overall security posture and are categorized into.

Defender CSPM

1. Agentless vulnerability scanning-
   Agentless scanning provides visibility currently into installed software's and the software vulnerabilities on your servers across Azure and AWS. The major advantage of this is to get frictionless, wide, and instant visibility on actionable posture issues without installed agents, network connectivity requirements, or machine performance impact.
2. Attack path analysis-

Attack path analysis helps you to address the security issues that pose immediate threats with the greatest potential of being exploited in your environment. Defender for Cloud analyzes which security issues are part of potential attack paths that attackers could use to breach your environment.

1. Cloud security explorer for risk hunting -

Cloud Security Explorer allows you to customize defender for cloud findings and run custom queries on top of cloud security graph.

1. Governance rules to drive timely remediation and accountability - Security teams are responsible for improving the security posture of their organization, but they may not have the authority to implement security recommendations. You can define rules that assign an owner who is responsible to remediate these recommendations and set a due date which creates accountability and transparency to the workload owners.
2. Regulatory compliance and industry best practices -
   Regulatory compliance provides a dashboard that provides insights into your compliance posture based on how you are meeting specific compliance requirements.
3. Data-aware security posture -

Data-aware security posture automatically and continuously discovers managed and shadow data resources across clouds, including different types of objects stores and databases.

1. Agentless discovery for Kubernetes-

You can identify security risks that exist in containers and Kubernetes realms with the agentless discovery and visibility capability across SDLC and runtime.

1. Agentless vulnerability assessments for container images, including registry scanning -

You can scan the container images and filters and classify findings from the scanner. Images without vulnerabilities are marked as healthy and Defender for Cloud doesn't send notifications about healthy images to keep you from getting unwanted informational alerts.

1. Network exposure detection -

Network exposure detection is the process of identifying and analyzing network traffic to detect potential security threats and vulnerabilities.

1. Identity and role assignments discovery-

It involves identifying all identities and roles within your cloud environment and helps to ensure that only authorized users have access to sensitive data and resources. CSPM solutions can automate this process by continuously scanning your cloud environment for new identities and role assignments and alerting you to any changes or potential security risks.

Below table is the conclusion of both the plans:

Reference: https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-cloud-security-posture-management

Hope this will help.

Thanks,

Shweta

---

Please remember to "Accept Answer" if answer helped you.