Today at its Ignite conference, Microsoft announced Defender Cloud Security Posture Management and Defender for DevOps, two new offerings in the company’s Defender for Cloud service (formerly Azure Defender) aimed at managing software development and runtime security in multicloud, multiple-pipeline environments. Currently available in public preview, it works with GitHub and Azure DevOps to get started, with additional product integrations to come.
In a conversation with TechCrunch, Microsoft CVP of Cloud Security Sean Bice said that companies are facing challenges when using Defender for DevOps and Defender Cloud Security Posture Management (or Defender CSPM, to refer to it using its more vivid acronym). Cloud-native services for deploying and managing applications. These customers often have incomplete visibility, and a lack of prioritization makes their security reactive versus proactive.
There is truth in that. According to Orca Security’s 2020 report, 59% of cybersecurity teams report receiving more than 500 alerts about cloud security every day—a large portion of which are false positives. Tool sprawl is often cited as a challenge to maintaining code security. Responding to a GitLab survey in August, 41% of DevOps teams said they used six to 10 tools in their development toolchain, causing them to miss security issues.
“The accelerated cloud transformation journey for our customers has created an urgent need for a unified solution to manage security from development to runtime in multicloud and multiple pipeline environments,” Bice said via email.
To this end, Defender CSPM leverages AI algorithms to perform contextual risk analysis of the software development environment. Impactful recommendations and insights are piped into source code management platforms such as GitHub and Azure DevOps to drive improvement efforts; Alternatively, users can create workflows linked to security recommendations to trigger automated remediation.
Defender CSPM also provides “attack queries” that security teams can use to explore risk and threat data, as well as a dashboard showing all rules applied to the dev environment and tools that allow security administrators to define new rules.
For Defender for DevOps, it shows the security status of pre-production app code and resource configuration. Security teams can use the service to enable templates and container images designed to reduce the chance of cloud misconfiguration reaching production environments.
“Benefits [insights] In Defender for Cloud, security administrators can help developers prioritize critical code fixes with actionable solutions and assign developer ownership by triggering custom workflows,” explained Bias.
With the rollout of Defender CSPM and Defender for Cloud, it’s clear that Microsoft is pushing for a bigger slice of the huge and growing DevSecOps segment. Grand View Research estimates that the market for DevSecOps—which extends tools that automate security practices at every stage of software development—was worth $2.79 billion in 2020.
Startups including Spectral, which aims to detect potential security issues in codebases and logs, and Sycode, which offers tools to secure DevOps pipelines, could be perceived as competitors. But Microsoft’s scale — and the fact that both Defender CSPM and Defender for the Cloud are free for Defender for the Cloud customers during the preview period — gives it an advantage.
“Microsoft is committed to enabling security for all,” added Bias, “[with] A comprehensive cloud security benchmark across multiple clouds.