Wednesday, November 30, 2022
HomeCloud ComputingKeep on prime of database threats with Microsoft Defender for Azure Cosmos...

Keep on prime of database threats with Microsoft Defender for Azure Cosmos DB | Azure Weblog and Updates


Databases are always evolving to deal with new use instances, incorporate extra intelligence, and retailer extra knowledge, giving builders and organizations a variety of database varieties to satisfy their various wants. As a result of facets together with structure, capabilities, configuration choices, and authentication strategies are distinctive to every database kind, so are the safety threats—requiring customized safety measures and safety capabilities to handle the commonest threats throughout databases.

Azure Cosmos DB is a completely managed NoSQL database for contemporary, quick, and versatile app growth, providing single-digit millisecond response occasions, computerized and on the spot scalability, and a number of SDKs and APIs to assist a wide range of non-relational knowledge fashions.

In the present day we’re excited to announce a brand new addition to our database safety providing Microsoft Defender for Azure Cosmos DB in preview.

The brand new cloud workload safety capabilities are designed as an Azure-native layer of safety, that detect makes an attempt to take advantage of databases in your Azure Cosmos DB accounts primarily based on the commonest assault strategies and identified dangerous actors—enabling safety groups to detect and reply to those threats extra successfully, utilizing the Microsoft Defender for Cloud toolset.

These detections are delivered primarily based on Microsoft Risk Intelligence, the Microsoft Defender SQL question evaluation engine, and Microsoft Defender behavioral fashions. 

Detect essentially the most crucial threats focusing on Azure Cosmos DB

Defender for Azure Cosmos DB displays your Azure Cosmos DB accounts and protects them from numerous assault vectors, comparable to assaults originating from the appliance layer, SQL injections, suspicious entry patterns, compromised identities, malicious insiders, and direct assaults on the database. Beneath is an summary of the important thing menace strategies that have an effect on Azure Cosmos DB and are supported alert varieties in Microsoft Defender for Cloud.

  • SQL injections: It’s not generally identified that some of the well-liked assault strategies—SQL injection—may be executed towards a database in Azure Cosmos DB. This system permits the attacker to cover behind the appliance’s credentials and behaviors, to allow them to perform an assault with out the necessity to get their very own credentials so as to exploit the database. Attackers can use SQL injection strategies to bypass the appliance’s entry controls and extract delicate knowledge. Defender for Azure Cosmos DB detects these makes an attempt early, in addition to helps with suggestions and insurance policies to harden your functions to assist forestall these exploits within the first place.

Example of a detected SQL injection attack alert in Microsoft Defender for Cloud

  • Key extraction: That is an indicative sample of a compromised id in search of methods to entry the crown jewels of your group—your knowledge. The most typical method for compromised identities and malicious insiders to take advantage of an Azure Cosmos DB database is to extract the entry keys to the account. These keys permit full entry to all knowledge within the Azure Cosmos DB account. In these instances, the place an attacker manages to pay money for a compromised id, it’s crucial to detect a breach early and guarantee they’re not in a position to scan your Azure Cosmos DB account and extract crucial knowledge. Defender for Azure Cosmos DB detects these compromises early and permits you to arrange automation to dam dangerous actors and mitigate the menace.
  • Recognized malicious indicators: Microsoft Defender for Cloud makes use of the in depth menace intelligence of Microsoft’s safety platform, permitting safety groups to detect and reply to malicious actors making an attempt to entry their databases extra successfully.
  • Suspicious habits patterns: Utilizing behavioral modeling over time, Microsoft Defender for Cloud detects suspicious behaviors in your Azure Cosmos DB accounts that may point out compromised identities, leaked keys, or malicious insiders. 

You could find a whole listing of Defender for Azure Cosmos DB alerts with the Microsoft Defender for Azure Cosmos DB alerts reference information.

Overview of the threat detection and response experience in Microsoft Defender for Cloud

Simply allow safety for all of your database varieties in Microsoft Defender for Cloud

The brand new menace safety providing for Azure Cosmos DB is now obtainable in Microsoft Defender for Cloud, alongside a newly designed database-centric enablement expertise.

To simplify the method of enabling database safety throughout the totally different database varieties in your cloud and hybrid environments, we created a central administration expertise throughout SQL databases, MariaDB, and now Azure Cosmos DB. Whereas every database kind requires a tailor-made strategy with customized safety controls and uniquely optimized menace detection fashions, we have now standardized the safety expertise in Microsoft Defender for Cloud throughout them.

You’ll be able to allow safety for Azure Cosmos DB at both the subscription degree or the useful resource degree, or just allow safety for all of your database varieties with a single click on. For detailed step-by-step directions, try our introduction to Microsoft Defender for SQL documentation.

UI of the new plan enablement experience for database protection in Microsoft Defender for Cloud

With the addition of assist for Azure Cosmos DB, Microsoft Defender for Cloud now offers some of the complete workload safety choices for cloud-based databases, giving safety groups and database house owners a centralized expertise to handle database safety of their environments.

Microsoft Defender for Cloud is an answer for cloud safety posture administration (CSPM) and cloud workload safety (CWP) that finds weak spots throughout your cloud configuration, helps strengthen the general safety posture of your surroundings, and might shield workloads throughout multicloud and hybrid environments from evolving threats.

Study extra

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments