Microsoft announced with Defender for Cloud Security Posture Management a new plan in the Defender for Cloud product family which focuses on a central view on the security posture of the customer.
In this article I will give a overview about which topics Defender for CSPM covers, how it will be enabled and how the pricing is actual working which holds some suprises if Defender for Servers is already in use.
Defender for CSPM overview
Cloud Security Posture Management is a default available function in the Microsoft Defender space and was formaly known as Azure Security Center. Microsoft then announced as threat protection solution Azure Defender side by side to Azure Security Center and decided in 2021 to renamed the hole solution in the new brand Defender for Cloud.
Azure Security Center Center free changed to CSPM capabilities and was always a free Plan which contains the hole Security recommendatons in the Defender for Cloud area, which based in the backend on Azure Policy. The Defender for Cloud Stack has been enhanced with additional features during this time like Defender for Servers, Defender for DNS, etc.
The Defender for CSPM free tier grows which additional features and focuses on Multicloud capabilitites to cover the Security posture on AWS and GCP. Microsoft decided to integrate more functionalility in the CSPM solution and announced Defender for CSPM which contains additional extensions compared to the free tier wich are listed in the following table.
|Features||Foundational CSPM||Defender for CSPM||Cloud availability|
|Security recommendations to fix misconfigurations||Yes||Yes||Azure, AWS, GCP, lokal|
|Asset inventory||Yes||Yes||Azure, AWS, GCP, lokal|
|Secure score||Yes||Yes||Azure, AWS, GCP, lokal|
|Data exporting||Yes||Yes||Azure, AWS, GCP, lokal|
|Workflow automation||Yes||Yes||Azure, AWS, GCP, lokal|
|Tools for remediation||Yes||Yes||Azure, AWS, GCP, lokal|
|Microsoft Cloud Security Benchmark||Yes||Yes||Azure, AWS|
|Governance||Yes||Azure, AWS, GCP, lokal|
|Regulatory compliance||Yes||Azure, AWS, GCP, lokal|
|Cloud security explorer||Yes||Azure, AWS|
|Attack path analysis||Yes||Azure, AWS|
|Agentless scanning for machines||Yes||Azure, AWS|
|Agentless discovery for Kubernetes||Yes||Azure|
|Container registries vulnerability assessment, including registry scanning||Yes||Azure|
|Data aware security posture||Yes||Azure, AWS|
|EASM insights in network exposure||Yes||Azure, AWS|
Defender for CSPM is a Multicloud capability plan, that focus on different ressources/services. Actual Defender for CSPM secured the following ressources:
- Virtual Machines (Azure VM & VMs via connected via Azure Arc)
- Storage Accounts
- SQL Managed Instances
- SQL on Azure VMs
- OSS DBs
Like all Defender for Cloud plans currently, Defender for CSPM is activated at the subscription level. Select in the Azure Portal Defender for Cloud and inside the Defender for Cloud blade under the “Management” topic Environment setting. Select inside the view the planned Subscription on which Defender for CSPM should be activated.
After enablement please go to the “Settings” tab and enable the current features for your environment.
There was a long ongoing discussion on Microsoft about the planned pricing for Defender for CSPM. Defender for CSPM will be billed on subscription level per supported ressource. Actual billable workloads will be VMs, Storage Accounts, OSS DBs, & SQL PaaS & Servers on VMs. Microsoft released DEfender for CSPM as a public preview at the end of March. With this announcement, the
pricing of $15 per supported resource was published.
Pricing should start from 1st August 2023 and will be 5$ per billable resource.
Microsoft has now responded to feedback and revised the original pricing for this plan. Supported resources will now cost only $5 instead of
$15 previously and the planned discount when using overlapping plans (like Defender for Server P2, and more) has been withdrawn, making billing much simpler.
- Overview of Cloud Security Posture Management (CSPM) | Microsoft Learn
- Microsoft Defender PoC Series – Defender CSPM
- YouTube – New Contextual CSPM a Context-Aware Security Intelligence
- Introducing the Azure Workbook for Defender CSPM
- SC-200 – Manage your cloud security posture management
Defender for CSPM features
- Security recommendations to fix misconfigurations
- Asset inventory
- Secure score
- Data exporting
- Workflow automation
- Tools for remediation
- Microsoft Cloud Security Benchmark
- Regulatory compliance
- Attack path analysis
- Agentless scanning for machines
- Container registries vulnerability assessment, including registry scanning
- Data aware security posture
- EASM insights in network exposure