How to strengthen network protection with Defender for Cloud

In the networking field, Microsoft Azure provides a series of solutions, native to the platform, which allow to obtain a high degree of security if they are adopted in the appropriate way. An important added value to refine and strengthen the security posture of the network is given by Microsoft Defender for Cloud, as it allows you to contemplate, through specific features, also certain aspects of networking. This article explores how Microsoft Defender for Cloud lets you verify, achieve and maintain an Azure networking best practice configuration.

Defender for Cloud overview

The Microsoft Defender for Cloud solution provides a set of features that cover two important pillars of security for modern architectures that adopt cloud components: Cloud Security Posture Management (CSPM) e Cloud workload protection (CWP).

Figure 1– The pillars of security covered by Microsoft Defender for Cloud

Within Cloud Security Posture Management (CSPM) Defender for Cloud can provide the following features:

  • Visibility: to assess the current security situation.
  • Hardening Guide: to be able to improve security efficiently and effectively.

Thanks to a continuous assessment, Defender for Cloud is able to continuously discover new resources that are distributed and evaluate if they are configured according to security best practices. If not,, assets are flagged and you get a priority list of recommendations on what to fix to improve their security. This process occurs specifically also for network resources and the recommendations focus on various networking solutions such as: next generation firewall, Network Security Group e JIT VM access. A complete list of recommendations and related corrective actions, Defender for Cloud recommended for the network, you can consult it in this document.

Figure 2 - Examples of networking recommendations

As regards the scope Cloud Workload Protection (CWP), Defender for Cloud delivers security alerts based onMicrosoft Threat Intelligence. Furthermore, includes a wide range of advanced and intelligent protections for workloads, provided through specific Microsoft Defender plans for the different types of resources present in the subscriptions and in hybrid and multi-cloud environments.

Defender for Cloud specific networking features

What about networking, Defender for Cloud in addition to making a continuous assessment of resources and generating any recommendations, includes other specific features:

Figure 3 - Microsoft Defender for Cloud networking features

Adaptive network hardening

Network Security Groups (NSG) are the main tool to control network traffic in Azure, through which, through deny and permit rules, it is possible to filter the communications between different workloads attested on the Azure virtual networks. However, there may be situations in which the actual network traffic that crosses an NSG corresponds only to a subset of the rules that have been defined within the NSG itself. In these cases, to further improve the security posture it is possible to refine the rules present in the NSG, based on actual network traffic patterns. The functionality of adaptive network hardening of Defender for Cloud verifies just that and generates recommendations to further strengthen the rules present in the NSG. To achieve this result, a machine learning algorithm is used that takes into account the actual network traffic, of the present configuration, threat intelligence and other indicators of compromise.

Figure 4 - Recommendations relating to the adaptive network hardening functionality

Network Map

To continuously monitor the security status of the network, Defender for Cloud provides an interactive map that allows you to graphically view the network topology, including tips and recommendations for hardening network resources. Furthermore, using the map you can check the connections between virtual machines and subnets, until evaluating if each node is configured correctly from the point of view of the network. By checking how the nodes are connected, you can more easily identify and block unwanted connections that could potentially make it easier for an attacker to attack your network. For more information on this feature, you can consult the Microsoft's official documentation.

Figure 5 - Defender for Cloud generated network map

In order to take advantage of these specific features it is necessary to license the plan Defender for Servers Plan 2.

Conclusions

A winning strategy in Azure networking, capable of also supporting the Zero Trust model, it can be obtained by applying a mix-and-match of the different network security services to have protection on multiple levels. At the same time, it is very useful to be able to rely on the features of Defender for Cloud, also to contemplate the aspects related to networking, that through continuous assessment and in-depth visibility allow to obtain environments configured according to best practices even over time.

Please follow and like us: