At its Ignite conference today, Microsoft announced Defender Cloud Security Posture Management and Defender for DevOps, two new offerings within the company’s Defender for Cloud service (previously Azure Defender) aimed at managing software development and runtime security across multicloud, multiple-pipeline environments. Currently available in public preview, they work with GitHub and Azure DevOps to start, with additional product integrations to come down the line.
In a conversation with TechCrunch, Microsoft CVP of cloud security Shawn Bice said that Defender for DevOps and Defender Cloud Security Posture Management (or Defender CSPM, to refer to it by its more wieldy acronym) arose from the challenges companies are increasingly facing as they use cloud-native services to deploy and manage applications. These customers often have incomplete visibility and a lack of prioritized mitigations, he said, making their security reactive as opposed to proactive.
There’s truth to that. According to a 2020 report from Orca Security, 59% of cybersecurity teams report receiving more than 500 alerts about cloud security per day — a large portion of which are false positives. Tool sprawl is often cited as a challenge in maintaining code security. Responding to a GitLab survey from August, 41% of DevOps teams said that they used between six to 10 tools in their development toolchains, leading them to miss security issues.
“The accelerated cloud transformation journey for our customers has created an urgent need for a unified solution to manage security from development to runtime in multicloud and multiple pipeline environments,” Bice said via email.
Image Credits: Microsoft
To this end, Defender CSPM leverages AI algorithms to perform contextual risk analyses of software dev environments. Resulting recommendations and insights are piped into source code management platforms like GitHub and Azure DevOps to drive remediation efforts; alternatively, users can create workflows connected to security recommendations to trigger automated remediation.
Defender CSPM also provides “attack queries” that security teams can use to explore risk and threat data, as well as a dashboard showing all the rules implemented across dev environments and tools that allow security admins to define new rules.
As for Defender for DevOps, it shows the security posture of pre-production app code and resource configurations. Security teams can use the service to enable templates and container images designed to minimize the chance that cloud misconfigurations reach production environments.
“Leveraging [insights] within Defender for Cloud, security admins can help developers prioritize critical code fixes with actionable remediation and assign developer ownership by triggering custom workflows,” Bice explained.
With the rollout of Defender CSPM and Defender for Cloud, it’s clear Microsoft is angling for a larger slice of the enormous and growing DevSecOps segment. Grand View Research estimates that the market for DevSecOps — which spans tools that automate security practices at every step of software development — was worth $2.79 billion in 2020.
Startups including Spectral, which aims to detect potential security issues in codebases and logs, and Cycode, which offers tools to secure DevOps pipelines, might be perceived as competitors. But Microsoft’s scale — and the fact that both Defender CSPM and Defender for Cloud are free for Defender for Cloud customers during the preview period — give it an advantage.
“Microsoft is committed to enabling security for all,” Bice added, “[with] a comprehensive cloud security benchmark across multiple clouds.”
