Many organizations use multiple cloud providers today, which makes security misconfigurations more likely due to the solution scale and complexity. Moreover, different practices and concepts among each cloud provider’s implementation create bigger internal knowledge gaps.
No matter how many cloud providers an organization uses, a database is the core of each application, storing the organization’s most valuable data: PII, financial and payment information, medical information, and other sensitive data. This makes databases the most attractive attack target for any threat actor – from inside or outside.
Even though there is more awareness of exposure misconfigurations (thanks to cybersecurity education and posture management products that reveal these issues), public datasets show that the most risky database misconfiguration - exposing databases to the internet is not going down. This fact emphasizes the importance of threat protection that will act as a last line of defense and help detect, in near real-time, attacks that endanger databases and the critical data they contain.
Internet exposed databases count through time.
(Source: Time series · General statistics · The Shadowserver Foundation)
Microsoft Defender for open-source relational databases have been long focusing on providing comprehensive protection for Azure databases.
Today, we're excited to announce another significant milestone in our cloud database security journey: Microsoft Defender for open-source relational databases plans now extend their protection to multicloud environments, starting with Amazon RDS on AWS. The workloads supported in AWS RDS are:
This release includes full parity with the alert types of support for managed Azure OSS databases:
Under public preview, you can turn on the Defender for open-source relational databases plan for AWS RDS at no cost. This marks a pivotal moment in our commitment to securing your business-critical data across cloud environments.
This announcement makes Microsoft the sole major security provider offering multicloud database protection, a significant step forward in building an end-to-end multicloud & Cloud native application protection platform (CNAPP).
Defender for Cloud stands out with its comprehensive approach, covering a diverse range of databases and leveraging Microsoft's dual role as a cloud and security provider. This integration enables us to provide unparalleled scanning depth and real-time threat detection capabilities, enhancing security across multicloud environments.
This multicloud database protection announcement is part of Microsoft's commitment to build a comprehensive Cloud Native Application Protection Platform (CNAPP). CNAPP integrates advanced data threat intelligence, , and data threat protection to provide in depth cloud data security insight and breadth of data security protection across various cloud platforms.
Microsoft's CNAPP infographic
You will now have full flexibility to mix and match the protection on your multicloud databases:
Protection layers for multicloud database protection
Recommendations are evaluated and generated OOTB for all connected cloud environments.
Misconfigurations and sensitive data are discovered and displayed as part of an attack path
Attack path also highlights active attack on the vulnerable resources
MDC lists the alert history on the resource we can see brute force attacks, connections from harmful applications and more
Brute force attack detected from an IP that was reported as a Tor exit node
Defender XDR identified an incident where the same IP tried to brute force cloud databases in AWS and Azure
Sensitive data discovery is built-in!
Defender for open-source databases on AWS will be the first database threat protection plan to bundle sensitive data discovery as part of its core value, without depending on other plans (such as DCSPM) or incur additional costs. Once the plan is enabled the discovery process will be scheduled weekly and you will be able to consume the findings in all the main MDC experiences:
In conclusion, Microsoft Defender for open-source relational databases now support multicloud database protections in AWS RDS environments. This change signifies a pivotal advancement in cloud security. Through its holistic approach embodied by CNAPP, Microsoft empowers organizations to safeguard their critical data assets consistently across diverse cloud platforms.
To learn more about Defender for Cloud, click here.
Read about Defender for open-source relational databases documentation here.
Read about sensitive data discovery.
Defender for open-source relational databases alerts reference.
Start free trial here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.