Demystifying Microsoft Defender for Servers and Cloud: Insights from Defender for Cloud in the Field #27
In this blog post, we will explore the insights from the Demystifying Defender for Servers | Defender for Cloud in the Field #27 Youtube video on how Microsoft offers two server security plans, the integration of Microsoft Defender for Endpoint and Defender for Servers, Azure VMS' network layer threat detection and just-in-time VM access, and the deprecation of Defender for Cloud's log analytics agent integration in August 2024.
Plan 1 and Plan 2 for Defender for Servers
Microsoft offers two server security plans for Defender for Servers. Plan 1 integrates with Microsoft Defender for Endpoint for multi-cloud machines, while Plan 2 offers additional threat detection capabilities. Azure VMS, on the other hand, have network layer threat detection and just-in-time VM access.
Integration of Microsoft Defender for Endpoint and Defender for Servers
Microsoft Defender for Endpoint and Defender for Servers are now integrated into subscriptions, providing software inventory information and security alerts to the MDE back end.
Deprecation of Defender for Cloud's Log Analytics Agent Integration
Defender for Cloud is deprecating the log analytics agent integration in August 2024, so users need to upgrade to the Azure monitor agent for continued support.
Monitoring and Detection with Log Analytics and Azure Monitor Agent
For monitoring and detection, it is recommended to use log analytics or Azure monitor agent. For anti-malware and vulnerability assessment, enable Defender for endpoint integration. Consider Qualys VA for third-party EDR solutions or try agentless VA scanning.
Agentless Scanning for Quicker Vulnerability Assessment
Agentless scanning is recommended for quicker vulnerability assessment insights, but agents are still necessary for more advanced scenarios like cloud workload protection and threat detection.
Using Both Agentless Scanning and Agent-based Solutions for Cloud Security
Use both agentless scanning and agent-based solutions for cloud security, with agentless scanning providing early insights and agent-based solutions fulfilling deployment gaps.