If you’re looking for a way to secure your Azure applications and infrastructure, look no further than Defender for DevOps. In this blog post, we’ll introduce you to what Defender for DevOps is and how it can help you secure your Azure deployments. We’ll also highlight where to find the features and enablement of this in Defender for Cloud to provide some tips on getting started with Defender for DevOps so that you can hit the ground running.
Microsoft Ignite in 2022 announced numerous additions throughout the estate of Microsoft Security offerings and solutions most notably was Defender for DevOps which I’ve been meaning to cover at a earlier time frame because this is a game changer for Security Operations.
The offering should show as (Preview) in your Defender for Cloud portal under Cloud Security for onboarding of your repositories you’ll navigate to Environment Settings
This will show a similar screen like the screenshot with a + Add Environment as I’ve already onboarded my resources I’ll skip this portion but as you can see we support Amazon Web Services and Google Cloud Platform.
I’d be remiss if I didn’t populate the documentation supporting the “Preview” state for those unfamiliar with those terms on how Microsoft releases to the public in preview this is not meant for production.
Okay now that onboarding and the details are out of the box lets get our hands dirty I’ve onboarded a Azure DevOps Workspace and Repositories to get started so let’s navigate back to the Defender for DevOps in Defender for Cloud.
So what exactly are we seeing in this view?
DevOps Security portion makes up the portion of findings given the onboarded repositories and DevOps repositories (workspaces), as we can see the OSS vulnerabilities is the highest finding and of course you don’t see “exposed secrets”
So what gives on the vulnerabilities if you click the OSS vulnerabilities the page will navigate to the findings in this fashion
If we expand remediation steps to assist let’s take a look at context provided
We can also see how this maps to MITRE by selecting the visual on the screen as well
So let’s dig into a finding of the findings that are relevant with high findings and explore the context.
We can see even more info on the Additional Information which will have URL’s related to the dependency finding alone if a CVSS score is assigned.
We can also gather that the affected resource in total of findings by selecting Affected Resources so we can clearly focus on what is affecting our resource by severity and prioritize that as needed.
It doesn’t just identify vulnerabilities of underlying resources it can extend to Pull Request Annotations which can extend your visibility of why a repository was checked out along with anything that has changed or deviated.
This will open up a blade to enable this for selected repositories for configuration.
At the moment the “Secret Scanning and Select Levels are set to High” for more information on this refer to the documentation for additional configuration if your utilizing Github Advanced Security.
https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-pull-request-annotations
Key Benefits Defender for DevOps in Microsoft Azure.
Azure Defender for DevOps is a cloud security solution that provides comprehensive protection for your Azure resources. It helps you secure your development and operations processes by providing visibility into potential threats and vulnerabilities, and helping you to respond quickly to incidents.
-Improved security posture: Azure Defender for DevOps helps you to identify and fix security issues early in the development process before they become problems in production.
-Increased visibility: Azure Defender for DevOps gives you visibility into potential threats and vulnerabilities across your entire development and operations processes. This includes identifying issues that could lead to data breaches, malware infections, or other security incidents.
-Faster response times: By identifying potential threats early, Azure Defender for DevOps can help you respond quickly to incidents, minimizing the impact on your business.
What are some best practices for using Defender for DevOps in Azure.
Using Defender for DevOps in Azure provides several benefits including increased security and compliance, as well as improved performance and availability. Some common scenarios where Defender for DevOps can be used in Azure include:
– Deploying and managing Azure resources
– Configuring and managing Azure networking
– Managing and monitoring Azure storage
– Enabling end-to-end encryption for data communications
What are some tips for using Defender for DevOps in Azure.
Some tips for using Defender for DevOps in Azure include:
– Use strong passwords and multi-factor authentication to protect your account and data.
– Keep your software up to date to reduce the risk of exploitation.
– Use role-based access control to limit users’ access to only the resources they need.
– Monitor activity logs to detect suspicious or unauthorized activity.
– Use virtual private networks (VPNs) to encrypt data communications between your on-premises network and your Azure environment.
Conclusion
If you’re looking for a way to improve the security of your Azure DevOps pipeline, then Defender for DevOps is worth considering. It’s easy to get started with and can provide a great deal of protection for your applications and data. Be sure to follow some best practices, such as those listed above, to get the most out of Defender for DevOps in Azure.