My TechDecisions

IT Infrastructure, Network Security, News

Microsoft Defender for Cloud Can Now Protect Google Cloud Environments

Microsoft expands Defender for Cloud capabilities and now offers multi-cloud protection across Azure, AWS and Google Cloud resources.

Leave a Comment

Microsoft Defender Google Cloud
Courtesy/Microsoft

Microsoft now offers multi-cloud protection for the cloud industry’s top three platforms by extending the native capabilities for Microsoft Defender for Cloud to the Google Cloud Platform.

This follows cloud security support for AWS in Defender for Cloud, which Microsoft released last November during its Ignite conference.

According to Microsoft, Defender for Cloud support for Google Cloud Platform (GCP) comes with native Cloud Security Posture Management and Cloud Workload Protection, without any dependencies on Google first-party tools.

The offering also comes with a simplified onboarding experience and more than 80 out-of-the-box recommendations designed to harden cloud environments and more.

According to Microsoft, IT and security professionals can now manage their security posture across those top-three cloud platforms from a central place.

The company says support for GCP was designed as an “integral part in Microsoft Defender for Cloud” to give IT professionals a central place from which to understand their security posture cross their connected cloud environments.

Microsoft says this central management of cloud platforms includes a new Secure Score for all clouds combined, as well as the ability to compare compliance status against critical benchmarks, including the Center of Internet Security for GCP and AWS.

“This allows you to understand your organization’s cloud security posture as a whole – across all connected environments,” the company says in a Tech Community blog.

The out-of-the-box recommendations are designed to make it easier for admins to manage security in GCP environments, and are aligned to industry standards and best practices, including a mapping to the CIS benchmark for Google Cloud, Microsoft says.

Some examples of critical recommendations that Microsoft Defender for Cloud now provides for resources in GCP include:

  • Cloud Storage buckets are anonymously or publicly accessible
  • Multi-factor authentication is not enabled for all non-service accounts
  • Cloud SQL database instances do not require incoming connections to use SSL

Admins can also build custom recommendations to meet specific security or compliance requirements set by the organization.

In addition, Microsoft says it built new threat protection capabilities for native GCP workloads across containers and servers, and container protection is available for Google GKE Standard clusters.

Microsoft Defender also provides threat detection capabilities that include Kubernetes behavioral analytics, including anomaly detection for GKE clusters and underlying hosts, in addition to best practices and built-in admission control policies, according to the blog.

Defender for Cloud has also extended its server protection to support Google Compute Engine VMs leveraging protection capabilities for Defender for Endpoint such as EDR and attack surface reduction. IT also provides server-focused vulnerability assessment, behavioral alerts for VMS, OS recommendations across security baselines, antimalware, missing OS updates, adaptive application controls and file integrity monitoring, Microsoft says.

The company also says the process of onboarding Google Cloud environments to Microsoft Defender for Cloud is simple, leveraging native Google APIs. Security teams will soon be allowed to connect the entire organization or individual projects to Microsoft Defender for Cloud without needing any agents or additional Google services.

These capabilities can be deployed to container and server workloads in GCP environments using Azure Arc, and security teams can deploy at scale across all VMs and GKE clusters or within selected Google Cloud projects, Microsoft says.

Microsoft Defender for Cloud can also automatically provision container and server protections to new resources as soon as they’re added to the GCP environment, the company adds.

In addition to these new Microsoft Defender capabilities, Microsoft also announced the pubic preview of CloudKnox Permissions Management to provide visibility into user and workload identities across clouds, secure workload identities with Azure Active Directory and secure payment processing in the cloud with Azure Payment HSM.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ