But what actually needs to change? And what should you be doing about it? Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

Five IDC insights into the evolving cloud security landscape

1. One platform is quietly becoming a top investment

IDC research found that cloud-native application protection platforms (CNAPPs) are now one of the top three security investments for 2025. Why? Because they’re solving problems that legacy tools can’t, protecting cloud-native applications throughout their lifecycle—further reinforcing the importance of ecosystems, consolidation, and more.

2. The role of the CISO is evolving to align security with business priorities

In 37% of organizations, CISOs now have ownership over cloud security management. IDC calls them “3D CISOs.” They don’t just manage risk—they drive business outcomes and digital innovation. These leaders are reshaping how security is embedded across the organization, from DevOps pipelines to boardroom conversations. IDC’s whitepaper details the expanded and evolving role of CISOs and their impact on improving the overall security posture of organizations.   

3. Tool sprawl increases costs and introduces vulnerabilities

Organizations are grappling with tool sprawl, using an average of 10 cloud security tools and often adding more each year. This complexity—driven by fragmented platforms, regulatory requirements, and integration challenges—creates blind spots and slows response times. But stopping the sprawl isn’t easy. It requires a deliberate approach, anchored in a unified security platform that simplifies operations and strengthens protection. IDC research underscores this, highlighting how greater visibility and tool consolidation drive measurable gains in efficiency and cost management.

4. Generative AI is already changing the game

Forget the hype. Generative AI is delivering real value for cloud security—from automated threat detection to faster incident response, and more. IDC’s data shows how security teams are using generative AI, including how it can enhance the capabilities of security analysts and allow them to focus on more complex tasks.

5. The future is integrated and autonomous

Security leaders are moving toward unified security operations (SecOps) platforms that combine cloud-native protection, threat intelligence, and AI-powered automation. Some are exploring the new frontier of agentic AI—autonomous systems that can detect, isolate, and remediate known cyberthreats without human intervention. The IDC whitepaper explores what this future looks like—and how close we really are.

Why mitigating security risk matters now more than ever

Cloud security is a critical business imperative. As IDC puts it, “Security risk is business risk.” The decisions you make today will shape your organization’s resilience, agility, and ability to innovate tomorrow. Whether you’re a CISO or a cloud architect, this research offers a roadmap for navigating what’s next. It’s not just about buying new tools. It’s about building a smarter, more unified approach to cloud security.

Ready to see what’s inside?

71% of organizations surveyed believe that over the next two years, it would be beneficial for their organization to invest in a unified SecOps platform that includes technologies such as extended detection and response (XDR), endpoint detection and response (EDR), security information and event management (SIEM), CNAPP and cloud security, generative AI, and threat intelligence. But that’s easier said than done. And in this post, we’ve only scratched the surface. The full IDC study covers:

• The evolving role of CNAPP in cloud security.
• How CISOs are aligning security with business goals.
• The impact of generative AI and agentic AI on security operations center (SOC) operations.
• Strategies for reducing tool sprawl and improving visibility.
• Guidance for integrating CNAPP with XDR, SIEM, and managed services.

Innovate faster with Microsoft

Microsoft’s integrated CNAPP, powered by industry-leading generative AI and threat intelligence, unifies security across the entire application lifecycle. With comprehensive visibility, real-time cloud detection and response, and proactive risk prioritization, it protects your modern cloud and AI applications from code to runtime.

Microsoft empowers your security teams to identify, prioritize, and mitigate risks early, adhere to compliance and regulatory requirements, prevent cloud breaches, and stay ahead of emerging cloud and AI cyberthreats. Innovate securely, quickly, and confidently, across hybrid and multicloud environments.

Learn more

Read IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond.

Learn about our new e-book: The 5 generative AI security threats you need to know.

Sign up to read the quick-start e-book to Executing cloud-native application protection platform (CNAPP) strategy.

Learn more about Microsoft Defender for Cloud.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

The post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.

Microsoft Defender for Cloud, the integrated CNAPP from Microsoft, delivers comprehensive security and compliance from code to runtime, enhanced by generative AI and threat intelligence to help you secure your hybrid and multicloud environments. With Defender for Cloud, organizations can support secure development, minimize risks with contextual posture management, and protect workloads and applications from modern threats in a unified security operations (SecOps) experience.  

Defender for Cloud not only transcends traditional security silos and extends its end-to-end security across multicloud and hybrid infrastructure, it delivers advanced security posture management and threat remediation capabilities as well. In order to prove the solution’s business benefits, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. The study aims to provide business leaders and decision-makers with a solid framework with which they can evaluate the benefits and potential financial impact of Defender for Cloud on their organizations.

Through the course of the study, participating interviewees reported experiencing a wide variety of benefits related to Defender for Cloud, including reduced operational risk, a compressed, more secure development lifecycle, and reduced time to investigate and remediate threats faster.

All told, the study found that the benefits of Defender for Cloud add up to a significant net present value (NPV) of $4.25 million over three years. But that’s not the whole story. Here are some other key takeaways mentioned by Forrester’s interviewees.

1. Shorter threat investigation and remediation times

“[Defender for Cloud] just takes out the weird stuff happening on our network that ends up on the cybersecurity desk. We’ve already probably cut back about 60% of the workload, and a lot of that revolves around false positives, so I can get better data. The systems assess the data properly…I’m not even going to give it to the analyst. I’m going to auto-close.”

—Chief technology officer, Life Sciences

Defender for Cloud was found to register 50% fewer false positives than legacy security solutions. Simultaneously, the solution reduced the investigation and remediation times of legitimate threats by 30%. Due to these dramatic improvements, study participants avoided 36,000 investigation and remediation hours on average. By reallocating the corresponding $796,000 of SecOps labor to proactive threat hunting and other high-value activities, companies were able to further improve their security performance.

2. Improved security operations center (SOC) productivity

“[With Defender for Cloud], if the tools are configured properly, the [global] efficiencies in your SOC can probably be up to 30% for a fine-tuned environment.”

—Technical manager, Business-to-business Software

By broadening the number and types of workloads protected by Defender for Cloud, participating businesses saw an average 30% improvement in SecOps productivity. This boost was a combination of consolidating duplicative multicloud security policies, replacing patching processes and other similar time-consuming procedures with automation, and embracing the efficiency gains of a better-integrated Microsoft ecosystem. In financial terms, these productivity gains translate to a $5.6 million savings over three years.

3. Lower total cost of ownership

“[Without Defender for Cloud], it would be so much more complex. It would cost us double to maintain [our multicloud security stack].”

—Cyberdefense leader, Materials

Interviewees reported that Defender for Cloud reduced their licensing costs by 10% when compared to legacy security solutions. This savings is the result of eliminating the licensing and management costs associated with five legacy security solutions over three years—made possible because of the breadth of workloads protected by Defender for Cloud. Interviewees also reported 1,700-hour reduction in security stack administrative work thanks to their ability to consolidate workloads across their multicloud infrastructures. These adjustments together yielded more than $1 million in cost savings.

4. More comprehensive cyberthreat coverage and prioritization

“Microsoft is capturing 10% of real incidents [not caught by other solutions deployed], reducing our attack surface by 10%.“

—Chief information security officer (CISO), Technology

Defender for Cloud caught 10% more legitimate cyberthreats than the prior security environments study participants had been using, on average. Each of these threats required a response and would have been missed. Interviewees defined the incidents they had previously lacked the capacity to address a mix of increasingly complex and overlapping cyberthreats that included but were not limited to runtime container risk, overprovisioning container privileges, malware, phishing and social engineering efforts, and shadow IT. Not only did Defender for Cloud identify these incidents, it provided greater context surrounding them, improving threat prioritization and avoiding $292,000 in costs related to data breaches.

5. Lower compliance costs

“[Defender for Cloud] is capable of saving up to 5% of [my organization’s] engineering overhead around [audit and compliance] meetings and collaboration.”  

—CISO, Technology

With Defender for Cloud, participating organizations decreased their compliance-related costs. Auditing fees were avoided and compliance-related meeting schedules were streamlined, reducing reliance on outside auditing services. Over three years, the average savings related to these process improvements was $857,000, a 15% reduction in audit compliance overhead.

The advantages of Microsoft Defender for Cloud

Overall, the Forrester study found that Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating in the TEI study. Through representative interviews and financial analysis, Forrester determined that a composite organization experiencing the aggregate benefits of the study’s participants received $8.52 million in financial benefits over three years. In balancing these benefits against $4.27 million in costs over the same period, Forrester determined that Defender for Cloud represents a net present value (NPV) of $4.25 million.

Interviewees participating in the study went beyond the financial benefits in their praise of Defender for Cloud. After adopting the solution, participants saw reduced risk and improvements to both their security and compliance postures at scale. Even as regulatory and compliance landscapes shifted beneath their feet, these organizations were better able to use the added context of Microsoft cloud security benchmarks to stay on solid ground—remaining compliant when others might not have.

Additionally, interviewees noted that Defender for Cloud helped them more securely collaborate with their technology partners and to establish more secure, more efficient software development pipelines. These benefits, interviewees emphasized, would have further benefits down the road as well, including reduced development times, improved time-to-value, and ultimately greater potential for business growth.

Learn more

To learn more about the business value of Microsoft Defender for Cloud, explore the Total Economic Impact™ Of Microsoft Defender for Cloud study for further analysis and findings, as well as the perspectives of Defender for Cloud users interviewed in the study. Also, register for the webinar featuring Forrester on top cloud security trends, key considerations, and quantifying the business value of CNAPP.

Learn more about Microsoft Cloud Security Solutions.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.

Securing multicloud environments is a deeply nuanced task, and many organizations struggle to fully safeguard the many different ways cyberthreat actors can compromise their environment. In our latest report, “2024 State of Multicloud Security Risk,” we analyzed usage patterns across Microsoft Defender for Cloud, Microsoft Security Exposure Management, Microsoft Entra Permissions Management, and Microsoft Purview to identify the top multicloud security risks across Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and beyond. This is the first time Microsoft has released a report sharing key insights across aspects of cloud security, including identity and data. 

This multidimensional analysis is key because it provides deeper visibility into all of the angles cyberattackers can use to breach cloud environments. For example, we found that more than 50% of cloud identities had access to all permissions and resources in 2023. Can you imagine what would happen if even one of these “super identities” were compromised? Looking beyond identity and access, we also discovered significant vulnerabilities in development and runtime environments and within organizations’ data security postures. These threats and more are the driving forces behind Microsoft’s work to advance cybersecurity protections by sharing the latest security intelligence and through programs like the recently expanded Secure Future Initiative, which works to guide Microsoft advancements according to secure by design, secure by default, and secure operations principles.

Read on for our topline insights from the report.

2024 State of Multicloud Security

The new report shares trends and insights to drive an integrated multicloud security strategy.

Read the report

1. Multicloud security demands a proactive, prioritized approach  

Any practitioner who has worked in cloud security can tell you just how challenging it is to analyze, prioritize, and address the hundreds of security alerts they receive every day. Security teams are also responsible for managing all exposed assets and other potential risk vectors. The average multicloud estate has 351 exploitable attack paths that lead to high-value assets, and we discovered more than 6.3 million exposed critical assets among all organizations.  

Cloud security posture management (CSPM) is one solution, but rather than taking a siloed approach, we recommend driving deeper, more contextualized CSPM as part of a cloud-native application protection platform (CNAPP).  

CNAPPs are unified platforms that simplify securing cloud-native applications and infrastructure throughout their lifecycle. Because CNAPPs can unify CSPM with things like multipipeline DevOps security, cloud workload protections, cloud infrastructure entitlement management (CIEM), and cloud service network security (CSNS), they can correlate alerts and eliminate visibility gaps between otherwise disparate tools. This allows security teams to proactively identify, prioritize, and mitigate potential cyberattack paths before they can be exploited. 

2. CNAPP embeds secure best practices throughout the entire application lifecycle

Properly securing cloud-native applications and infrastructure from initial code development to provisioning and runtime is a significant challenge area for many organizations. We found that 65% of code repositories contained source code vulnerabilities in 2023, which remained in the code for 58 days on average. Given that one quarter of high-risk vulnerabilities are exploited within 24 hours of being published, this creates a significant window for threat actors to take advantage and compromise your environment.²

In addition to delivering proactive protection during runtime, CNAPP can act as a shared platform for security teams to work with developers to unify, strengthen, and manage multipipeline DevOps security. And because CNAPP unites multiple cloud security capabilities under a single umbrella, security teams can also enforce full-lifecycle protections from a centralized dashboard. This shifts security left and heads off development risks before they become a problem in runtime.  

3. Organizations need a unified security approach to secure cross-cloud workloads

Multicloud security goes deeper than attack path analysis and strong DevSecOps. Organizations also need to examine how the growing use and variety of cloud workloads impact their exposure to cyberthreats. When cloud workloads span across multiple cloud environments, that creates a more complex threat landscape with additional complexities and dependencies that require proper configuration and monitoring to secure.  

Microsoft’s CNAPP solution, Microsoft Defender for Cloud, has an extended detection and response (XDR) integration that provides richer context to investigations and allows security teams to get the complete picture of an attack across cloud-native resources, devices, and identities. Roughly 6.5% of Defender for Cloud alerts were connected to other domains—such as endpoints, identities, networks, and apps and services—indicating cyberattacks that stretched across multiple cloud products and platforms.  

Rather than using individual point solutions to manage cross-cloud workload threats, organizations need an easy way to centralize and contextualize findings across their various security approaches. A CNAPP delivers that unified visibility. 

4. Securing growing workload identities requires a more nuanced approach

Also central to multicloud security is the idea of identity and access management. In the cloud, security teams must monitor and secure workload identities in addition to user identities. These workload identities are assigned to software workloads, such as apps, microservices, and containers. The growing usage of workload identities creates several challenges. 

For starters, workload identities make up 83% of all cloud identities within Microsoft Entra Permissions Management. When examining the data, we found that 40% of these workload identities are inactive—meaning they have not logged in or used any permissions in at least 90 days. These inactive identities are not monitored the same way as active identities, making them an attractive target for cyberattackers to compromise and use to move laterally. Workload identities can also be manually embedded in code, making it harder to clean them without triggering unintended consequences.  

What’s concerning, though, is the fact that the average organization has three human super identities for every seven workload super identities. These workload super identities have access to all permissions and resources within the multicloud environment, making them an enormous risk vector that must be addressed. And because workload identities are growing significantly faster than human identities, we expect the gap between human and workload super identities to widen rapidly.  

Security teams can address this risk by establishing visibility into all existing super identities and enforcing least privilege access principles over any unused or unnecessary permissions—regardless of the cloud they access. 

5. CIEM drives visibility and control over unused permissions

Speaking of permissions, our report found that more than 51,000 permissions were granted to users and workloads (up from 40,000 in 2022). With more permissions come more access points for cyberattackers.  

A CIEM can be used to drive visibility across the multicloud estate, eliminating the need for standing access for super identities, inactive identities, and unused permissions. Just 2% of human and workload identity permissions were used in 2023, meaning the remaining 98% of unused permissions open organizations up to unnecessary risk.  

By using a CIEM to identify entitlements, organizations can revoke unnecessary permissions and only allow just-enough permissions, just in time. This approach will significantly mitigate potential risks and enhance the overall security posture.  

6. A multilayered data security approach eliminates complexity and limits blind spots

Finally, organizations need a comprehensive data security approach that can help them uncover risks to sensitive data and understand how their users interact with data. It’s also important to protect and prevent unauthorized data use throughout the lifecycle using protection controls like encryption and authentication. 

A siloed solution won’t work, as organizations with 16 or more point solutions experience 2.8 times as many data security incidents as those with fewer tools. Instead, organizations should deploy integrated solutions through a multilayered approach that allows them to combine user and data insights to drive more proactive data security. At Microsoft, we accomplish this through Microsoft Purview—a comprehensive data security, compliance, and governance solution that discovers hidden risks to data wherever it lives or travels, protects and prevents data loss, and investigates and responds to data security incidents. It can also be used to help improve risk and compliance postures and meet regulatory requirements. 

Uncover strategies for mitigating your biggest multicloud risks 

Ultimately, multicloud security has multiple considerations that security teams must account for. It is not a check-the-box endeavor. Rather, security teams must continuously enforce best practices from the earliest stages of development to runtime, identity and access management, and data security. Not only must these best practices be enforced throughout the full cloud lifecycle, but they must also be standardized across all cloud platforms.

In a recent episode of our podcast, Uncovering Hidden Risks, we sat down with Christian Koberg-Pineda, a Principal Security DevOps Engineer at S.A.C.I. Falabella, to dive into his journey toward uncovering the challenges and strategies for safeguarding cloud-native applications across various cloud platforms. In it, he talks about the complexity of securing multiple clouds, including navigating differing configurations, technical implementations, and identity federation.

“One of the most relevant characteristics of cloud computing is that you can scale things on demand. As cloud security expert, you must think in scale too. You need to implement a security tool that is also capable of scaling together with your infrastructure or your services.”

– Christian Koberg-Pineda, Principal Security DevOps Engineer at S.A.C.I. Falabella

For more information on creating a secure multicloud environment, download the full “2024 State of Multicloud Security Risk” report and check out the below resources.  

• Uncovering Hidden Risks Podcast Episode 18: Navigating Multicloud Security Risks, A Customer Story.
• 2024 State of Multicloud Security Risk Report Infographic.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹SANS 2023 Multicloud Survey: Navigating the Complexities of Multiple Cloud,  SANS Institute. 

²1 in 4 high-risk CVEs are exploited within 24 hours of going public, SC Media.

The post 6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy appeared first on Microsoft Security Blog.

CNAPP combines several cybersecurity capabilities—cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and cloud workload protection (CWP), among others—into one platform. This platform protects your organization through every operation, from concept development to runtime use. And it’s tailored to applications native to a multicloud environment. As a result, you can both ensure management access and strengthen app-related defenses against potential vulnerabilities in multicloud setups.

Choosing CNAPP as your solution can help chief information security officers (CISOs) build impact.¹ When weighing the value of CNAPP, consider these numbers:

• 40% of organizations used a CNAPP in 2023 and an additional 45% expect to use one by the end of 2024.²
• 87% of organizations embrace multicloud.³
• 82% of breaches involved data stored in the cloud.⁴
• $4.45 million is the average cost of a data breach.⁵
• 54% of organizations do not include security in the development phase.⁶

Read on for five of the biggest insights found in the guide and download “From plan to deployment: implementing a cloud-native application protection platform (CNAPP) strategy” to dive deeper into this important subject. Use it as a valuable resource to guide your CNAPP planning.

Implementing a CNAPP strategy

Learn how a cloud-native application protection platform can strengthen your organization’s security strategy.

Get the guide

Insight #1: AI can tighten security and deliver insights

AI and machine learning play key roles in threat mitigation and security operations for cloud security. In fact, they could even be considered the backbone of these strategies because they give you the ability to analyze and respond to threats in real-time. Seconds matter in cybersecurity and could be the difference between minimal and major damage from a cyberattack.

AI and machine learning can also provide an assist by increasing predictive analysis and automating security tasks, helping your employees prioritize strategic security tasks. Manually managing today’s complex cloud infrastructures simply isn’t possible. The key is to include human oversight with human-in-the-loop monitoring of the technologies.

Insight #2: CNAPP can address challenges like alert overload and more

CNAPP holds day-to-day ease for security teams and strategic value for decision-makers. And there’s an urgent need for an end-to-end platform for cloud security—even better if powered by AI and machine learning. CNAPP helps you address some of the biggest challenges in cloud security, including:

• Building security into software during development: Security as code, which involves building security into software during development, will keep gaining momentum. CNAPP benefits the development process in several ways, including ensuring security is part of application development and forging collaboration between the developers and security teams.  
• Improving multicloud security posture: With CNAPP solutions, you can get an aggregation and analysis of data from multiple cloud platforms and services in a unified dashboard. These centralized insights can help security teams prioritize tasks more easily. Expanding multicloud visibility and enhancing multiplatform protection are two advantages of recent Microsoft Security innovations.
• Decreasing costs and tackling advanced cyberthreats: Security operations center (SOC) analysts and security admins could be easily overwhelmed by the modern digital threat landscape and frustrated by the number of signals. The predictive analytics of CNAPP solutions can make it easier for them to identify and mitigate potential risks while automating security responses to threats.

Insight #3: Effective cybersecurity takes a good partner  

Keeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud. This comprehensive security solution has robust security features to safeguard a wide array of resources, including servers, containers, databases, applications, and, crucially, data storage solutions like Microsoft Azure Storage, across various cloud platforms. Implementing Microsoft Defender for Cloud can protect against current threats and position your organization to confidently address emerging security threats in the cloud.

Cybersecurity is a dual effort between cloud service providers and users. Microsoft Defender for Cloud models this collaborative approach with a more integrated and proactive strategy than is common with traditional security. Among other attributes, it aligns with DevOps, features rapid deployment capabilities, and offers two levels of CSPM functionality—foundational and premium from an offering called Microsoft Defender Cloud Security Posture Management. Deploying CSPM services should be a part of your CNAPP strategy.

It also integrates with other cybersecurity solutions. But given the way Microsoft embraces innovation, it’s probably no surprise that we’ll continue to evolve this solution to keep pace with fluid technological advancement. So, as usual, watch this space for exciting announcements to come.

Insight #4: Operationalizing CNAPP is a multipronged approach

With any solution, the benefits can’t be realized if your users aren’t adopting it. Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security. You want your users to manage it and use the platform’s capabilities. This includes its functionalities across Microsoft Azure, Amazon Web Services, and Google Cloud Platform.

Other factors of operationalizing CNAPP include:

• Monitoring continuously, evaluating risk, and assessing status.
• Managing identity entitlement.
• Training employees to use security tools.
• Setting processes in place that can mitigate and remediate unhealthy resources.
• Fostering a culture of security awareness.

Insight #5: CNAPP is a critical part of a modern SOC

The SOC is critical and you strive for it to be efficient and effective. The insights from a CNAPP like Microsoft Defender for Cloud can dramatically transform SOC operations due to its total visibility, real-time monitoring, compliance and risk management tools, multiple integrations, and advanced analytics.

You can take a more proactive, strategic approach to cloud security with capabilities like:

• Detailed insights into threats and vulnerabilities, including their possible severity and impact.
• Automated compliance assessments based on industry standards.
• Post-incident analysis support through incident information.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR. You gain access to Defender for Cloud alerts and incidents within the Microsoft Defender portal for richer investigation context.

These highlights are just the beginning of what you can accomplish with CNAPP.

Explore the future of CNAPP and cloud security

Building a secure-first organization is critical to counter the continual stream of cyberthreats and the increasingly sophisticated nature of them. The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud. Get details on CNAPP use case scenarios and Defender for Cloud’s integrations with other Microsoft products—and strategies for adopting and operationalizing it—in our guide “From plan to deployment: implementing a cloud-native application protection platform (CNAPP) strategy.” Or, watch our podcast for an expert discussion on how CNAPP helps you address modern challenges. Learn more about how Defender for Cloud can help you protect your multicloud resources, workloads, and apps.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Want to build impact as a CISO? Choose CNAPP as your solution, CSO. May 26, 2024. 

²The future of cloud security: Top trends to watch in 2024, InfoWorld. March 14, 2024. 

³2023 State of the Cloud Report, Flexera.

⁴Microsoft Enterprise DevOps Report. 

⁵Cost of a Data Breach Report, IBM. 2023. 

⁶Microsoft Cloud Security Priorities and Practices Research. 

The post 5 ways a CNAPP can strengthen your multicloud security environment appeared first on Microsoft Security Blog.

Multicloud and multiplatform deployments increase the potential for security risks and data breaches. Today, many customers are working to secure a complex patchwork of technologies across different devices, applications, platforms, and clouds. Some are also dealing with separate security infrastructures for each cloud they’re operating in, which introduces incredible complexity, creates seams for attackers to exploit, and increases the likelihood of mistakes.

I am excited to share several innovations that improve multicloud visibility and help customers proactively reduce risk and respond to threats in real time. Read on to see how we continue to expand our end-to-end security solution to help organizations defend against threats across all endpoints and clouds.

Microsoft Defender for Cloud

Protect multicloud and hybrid environments with comprehensive security across the full lifecycle, from development to runtime.

Learn more

Extend multicloud visibility to proactively prevent breaches

Today, we’re thrilled to announce new advanced multicloud posture management capabilities for Google Cloud Platform (GCP) in Microsoft Defender for Cloud to help customers proactively prevent data breaches across multicloud and hybrid environments. 

Microsoft is recognized as a Representative Vendor in the 2023 Gartner Market Guide for Cloud Native Application Protection Platforms.³ Microsoft Defender for Cloud became the first cloud provider to offer multicloud workload protection for cloud infrastructure, applications, and data across the full lifecycle for all three public clouds.⁴ Since then, we’ve rapidly expanded our CNAPP capabilities to provide advanced posture management with Microsoft Defender Cloud Security Posture Management (Defender CSPM), DevSecOps security with integrations into GitHub Advanced Security, and continued investments in our cloud workload protection (CWP) solutions across servers, containers, APIs, storage, and databases.

Figure 1. Attack path showing a GCP virtual machine exposed to the internet with permissions to a data store.

On August 15, 2023, Defender CSPM will extend its advanced agentless scanning, data-aware security posture, cloud security graph, and attack path analysis capabilities to GCP, providing a single contextual view of cloud risks across Amazon Web Services (AWS), Azure, GCP, and hybrid environments. Defender CSPM provides advanced posture management capabilities and is recognized by KuppingerCole as an Overall Leader, Market Champion, Product Leader, and Innovation Leader in its 2023 CSPM Leadership Compass, noting “Organizations looking for a CSPM which provides multicloud capabilities including data-aware security posture should consider Microsoft Defender for Cloud.”⁵ Defender CSPM provides advanced posture management capabilities with full visibility across cloud and hybrid resources from agentless scanning, integrated contextual insights from code, identities, data, internet exposure, compliance, attack path analysis, and more, to prioritize your most critical risks. Customers will be able to leverage agentless scanning to gain full visibility of their GCP, AWS, Azure, and on-premises compute resources in the cloud security graph and attack path analysis to prioritize and mitigate risk against potential threats.  

Within the new Defender CSPM capabilities for GCP, we’re also extending our sensitive data discovery capabilities to GCP Cloud Storage. With this advancement, customers will be able to discover all their GCP Cloud Storage buckets, identify more than 100 sensitive information types, and assess their data security posture through cloud security graph queries and attack path analysis. Now customers can identify potentially sensitive data exposure risks across Azure, AWS, and GCP storage resources and harden their multicloud data security posture.

We chose Microsoft Defender for Cloud as our CNAPP because of the robust, intelligent end-to-end cloud security it provides with proactive CSPM and in protecting our cloud workloads. We’ve already been impressed with the value of Microsoft’s cloud workload protection, so it was an easy choice to also use Defender CSPM. Its agentless scanning allows us to quickly gain insights about our VMs, storage accounts, and containers, and attack path analysis with its contextual insights helps us prioritize and remediate risks. Defender for Cloud is critical in further helping our security teams save time to focus on preventing security incidents and give us peace of mind by knowing we have security across the application lifecycle.

—Cloud Security Manager, Mercedes-Benz Group AG

Get multicloud policy monitoring as a free offering

Microsoft’s cloud security benchmark (MCSB) extends security control guidance and compliance checks to GCP, completing multicloud monitoring across Azure, AWS, and GCP as a free offering. MCSB provides a cloud-centric control framework mapped to major regulatory industry benchmarks (CIS, PCI, NIST, and more) and cloud-specific implementation tools turned on by default to maintain your cloud security compliance across clouds.⁶ Today, along with existing Azure and AWS guidance, organizations can now leverage the MCSB security guidance for GCP environments and access GCP checks (as a preview feature) in the context of MCSB controls in the regulatory compliance dashboard in Microsoft Defender for Cloud. In addition to the policy compliance checking available through MCSB, Microsoft customers also benefit from the free expanded cloud logging support we announced last month.

Prevent malware upload and distribution in near real time

Defender for Cloud is also advancing cloud data security at runtime. We’re excited to share the upcoming general availability of Malware Scanning in Microsoft Defender for Storage.⁷ Starting September 1, 2023, security teams can enable an additional layer of protection to detect and prevent storage accounts from acting as a point of malware entry and distribution.

Organizations rely on cloud storage to store and access data and files, which often contain sensitive and critical data. However, due to its critical and connected role in an organization’s cloud environment, cloud storage can be an effective attack vector for malicious actors to upload and distribute malware. Malware protection methods in the past have focused mostly on compute resources. Protection for storage in this old model would require complex networking workarounds that negatively impact overall performance.

We built Malware Scanning in Defender for Storage to cut through the networking complexities and optimize malware detection for Microsoft Azure Blob Storage in near real time when content is uploaded. Content is automatically scanned for metamorphic and polymorphic malware, with results automatically recorded on the blob metadata.

Read more about Defender for Cloud’s new multicloud security capabilities.

Manage vulnerability risk across cloud deployments

As organizations adopt new technologies across cloud computing, Internet of Things (IoT) devices, and remote work, their attack surface is expanding, making vulnerability management increasingly challenging. Security teams must rethink how to secure a growing and diverse portfolio of devices outside of traditional organizational boundaries, adding complexity to the vulnerability management process. This process requires a combination of policy and scope definition that cannot be purchased off the shelf. Instead, it must be established and matured within an organization, based on its specific risk appetite and maturity level.

In recent years, Microsoft has established itself as a leading solution for vulnerability risk management (VRM) by leveraging its threat intelligence and security expertise. Microsoft Defender Vulnerability Management has become a leading solution for a vast range of customer organizations, providing them end-to-end capabilities across the VRM lifecycle. It is designed to help organizations identify, assess, prioritize, and remediate vulnerabilities in their IT environments, making it an ideal tool for managing an expanded attack surface and reducing overall risk posture, We are thrilled to announce Defender Vulnerability Management is now offered as a standalone solution, which means that customers can purchase it separately and take advantage of the full set of core and premium capabilities across their portfolio of managed and unmanaged devices. Microsoft 365 E5 and Defender for Endpoint Plan 2 customers have the core capabilities included and can continue to get the full vulnerability management solution with the Defender Vulnerability Add-on.  

Figure 2. Core and premium capabilities of Microsoft Defender Vulnerability Management and how customers would acquire them.

Committed to protecting the entire organization’s estate, we are excited to announce the general availability of vulnerability assessments for containers in Defender CSPM and the preview of vulnerability assessments for containers in Microsoft Defender for Containers using Defender Vulnerability Management. With the rise of containerization and microservices, it’s more important than ever to secure the software supply chain and ensure that container images are free from vulnerabilities. Defender Vulnerability Management’s new container vulnerability assessment capabilities enable organizations to scan container images for vulnerabilities and prioritize remediation efforts, based on the severity of the vulnerabilities.

Read more about the new standalone offer and the expanded capabilities of Defender Vulnerability Management.

Get additional protection and expanded endpoint coverage

You can’t protect and manage what you can’t see. This means that a Zero Trust model can’t just be limited to the endpoints enrolled in Microsoft Intune—it must extend to devices integrated with Microsoft Security solutions. If you can’t distribute compliance or security policies to all your devices, you can’t implement a Zero Trust model. 

Now you can expand coverage and provide additional protection from a single unified pane of glass with Microsoft Intune, which can manage the security settings of any device with Microsoft Defender for Endpoint, including Windows, macOS, and Linux endpoints.⁸ These policies and settings allow security admins to remain in the Defender portal to manage Defender for Endpoint and the Intune endpoint security policies for Defender security settings configurations. Now security admins can deploy policies from Intune to manage the Defender security settings on devices onboarded to Defender for Endpoint, without enrolling those devices with Intune.

Secure Score integration with Microsoft Intune means that recommendations for device health and security settings for your organization’s endpoints from Intune are now included in Microsoft Secure Score. Secure Score is the measurement of an organization’s security posture. This score is used to assess risk, drive configuration actions, plan improvements, and report to management. More points in Secure Score equates to more actions taken to improve an organization’s security posture.

And finally, we recently announced a new solution that adds another layer of protection for Samsung Galaxy devices with hardware-backed device attestation.⁹ Device attestation is a crucial mechanism to verify device trust and health to help detect if a device has been compromised. Building on our strategic partnership with Samsung, this attestation helps to prevent malicious endpoints from accessing organization resources using valid client information taken from another device and limiting tampering with client requests. Samsung’s hardware-backed cryptography and Intune app protection policies verify the client endpoint and secure the communication between Intune client and service. It enables a trusted, on-device hardware-backed health check, giving organizations that allow Samsung Galaxy mobile devices to access their corporate network the confidence that personally owned Galaxy devices have the same strong level of extra protection as company-owned devices.

Continuing to deliver for our customers

With our latest product and feature announcements, customers working to secure their multicloud and multiplatform deployments can have a clearer view of their environment, reduce risk, and gain improvements in the safety of their data and systems. At Microsoft, we are committed to providing our customers with the tools and resources they need to protect everything.

Join us at Black Hat 2023

Microsoft Security has a central presence at this year’s Black Hat USA, taking place August 5 to 10, 2023, at Mandalay Bay in Las Vegas, Nevada. If you haven’t already made plans to attend, check out our previous blog post for information about our Black Hat sessions, product demos, meetings at our booth (number 1740), and a customer happy hour.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2023 State of the Cloud Report, Flexera. 2023. 

²Cloud-based cyber attacks increased by 48 percent in 2022, Continuity Central. January 19, 2023.

³Gartner®, Market Guide for Cloud-Native Application Protection Platforms, Neil MacDonald, et al. March 14, 2023.

⁴The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP), Vlad Korsunsky. March 22, 2023.

⁵Leadership Compass: Cloud Security Posture Management, KuppingerCole. July 27, 2023.

⁶Announcing Microsoft cloud security benchmark (Public Preview), Jim Cheng. October 13, 2022.

⁷Malware Scanning for cloud storage GA pre-announcement | prevent malicious content distribution, Inbal Argov. July 26, 2023.

⁸Manage security settings for Windows, macOS, and Linux natively in Defender for Endpoint, Dan Levy. July 11, 2023.

⁹Hardware-backed device attestation powers mobile workers, Michael Wallent. July 27, 2023.

The post New Microsoft Security innovations expand multicloud visibility and enhance multiplatform protection appeared first on Microsoft Security Blog.

Figure 1. This graphic shows how software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS) work together in a comprehensive security strategy.

Microsoft Security—extending our multicloud reach

At Microsoft, we have long embraced our commitment to protecting our customers’ multicloud environments. The journey began in July 2021, when we acquired CloudKnox Security to help customers manage permissions across clouds and strengthen their Zero Trust strategy.² That cloud infrastructure entitlement management (CIEM) solution has evolved to become Microsoft Entra Permissions Management, and is part of our comprehensive identity product family: Microsoft Entra. In February 2022, Microsoft Defender for Cloud expanded to include GCP and AWS, becoming the first cloud provider to offer integrated cloud-native application protection (CNAPP) for the three main public clouds—from development to runtime.³ This past March, we introduced Microsoft Defender Cloud Security Posture Management for multicloud environments, including new data-aware security posture management capabilities to help customers identify risks across their data estate, and an improved multicloud security benchmark to better unify security and compliance across services. And finally, earlier this year we announced enhancements to Microsoft Purview to continue building on the promise of securing both structured and unstructured data wherever it lives.

Figure 2. Timeline of Microsoft Security’s journey to multicloud, starting in 2021 with the acquisition of CloudKnox Security, to the launch of Microsoft Entra and the extension of Microsoft Defender for Cloud to GCP and AWS in 2022, continuing with enhancements to Microsoft Purview in 2023, with more capabilities to come.

Securing your data wherever it travels

The amount of data being created and transferred is growing exponentially. This is taking place at a time when employees don’t just gather around the water cooler; they’re communicating across digital channels on personal and corporate devices. Modern workforces are distributed, and the digital fabric of any given organization is made up of multiple threads, adding layers of complexity. Additionally, the shift to multicloud makes the surface area of your data even larger. Without unified visibility across your multicloud data security posture, the shift adds to the complexity of identifying risks such as misconfigured object storage and databases.⁴ You can hear more about this in the most recent Uncovering Hidden Risks podcast, which discusses the risks of running a multicloud strategy as customers accelerate their digital transformation. Organizations looking to proactively protect and manage multicloud environments often face challenges around data risk, data protection, and data compliance.

Data Risk—Data doesn’t move itself; people move and interact with data, and that’s where the majority of data security risks stem from. In fact, data security incidents are commonly caused by insider actions, accounting for nearly 35 percent of all unauthorized incidents.⁴ Even the strongest cybersecurity programs can be undermined by insiders who either intentionally or unintentionally compromise an enterprise. To assist you in identifying data risks across various environments, we are pleased to share that you can now bring your own risk detections into Microsoft Purview Insider Risk Management. For example, you can import events from customer relationship management (CRM) systems, such as Salesforce, or developer tools like GitHub. These user activities can then be used as custom indicators in insider risk policies, combined with other built-in indicators, offering organizations a comprehensive view and understanding of potential data security risks posed by an insider. You can learn more about it from our blog “Manage insider risks in multicloud environments.”

Data Protection—The loss of sensitive data remains the top security concern for IT and security professionals. This often leads to the deployment of multiple solutions to manage data loss across different environments, which could lead to both blind spots and data leakage. It is crucial to have integrated solutions that can protect sensitive data across your digital landscape. In addition to supporting Microsoft 365 apps, services, Microsoft Edge, and Windows endpoints, Microsoft Purview Data Loss Prevention (Purview DLP) supports macOS endpoints, as well as virtualized environments such as Citrix, Windows Virtual Desktop, Amazon Workspaces, and Hyper-V platforms, as well as Google Chrome and Firefox browsers. We are continuing to expand our capabilities to allow you to cover all egress risks. Today we are excited to announce that organizations can now leverage Purview DLP to prevent their users from pasting sensitive content in websites on supported browsers. For example, let’s say a user copies customer information from an internal CRM system or SQL database, and pastes it into personal email, social media sites, or generative AI prompts on a supported browser like Microsoft Edge, Google Chrome, or Firefox. Based on the pre-set policy, Purview DLP will audit, warn, or block the action to prevent leaking sensitive information. Learn more in our blog here.

Data Compliance—The compounding impact of a complex regulatory environment and the growing adoption of cloud services makes it increasingly difficult for organizations to identify compliance risks. We are excited to share that you can now run multicloud assessments in Microsoft Purview Compliance Manager. This feature lets you assess your compliance posture across your organization’s multicloud estate, including Azure, AWS, GCP, and services like Zoom and Salesforce. For example, for a regulation such as Payment Card Industry Data Security Standard, you can aggregate and automate your compliance posture across all in-scope services. You can learn more about it in our latest blog.

Be sure to explore our videos on Multicloud Assessments from Microsoft Mechanics, and delve into the latest overview of Microsoft Defender for Cloud by Microsoft Solution Architect, John Savill. This is the first of a series of exciting multicloud innovations, with more in store over the next few months. Stay tuned!

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2023 State of the Cloud Report, Flexera. 2023.

²Microsoft acquires CloudKnox Security to offer unified privileged access and cloud entitlement management, Microsoft Security Team. July 21, 2021.

³Microsoft Announces new Security Capabilities for the Multicloud World, Microsoft Stories Asia. February 24, 2022.

⁴Insider threat peaks to highest level in Q3 2022, Maria Henriquez. November 10, 2022.

The post Expanding horizons—Microsoft Security’s continued commitment to multicloud appeared first on Microsoft Security Blog.

The answer is an end-to-end solution that offers comprehensive cloud security from development to runtime—a Cloud-Native Application Protection Platform (CNAPP).

Let’s dive into what’s driving CNAPP adoption and walk through how Microsoft Defender for Cloud—one of the only platforms with comprehensive coverage and integrated insights all in one solution—can help organizations embed security from code to cloud.

What is CNAPP, and why does it matter?

CNAPPs are the leading edge of cloud security. A CNAPP unifies security and compliance capabilities to prevent, detect, and respond to modern cloud security threats from development to runtime.

A CNAPP delivers a unified experience for organizations that synthesizes insights and drives effective collaboration among developers, DevOps teams, security teams, and security operations center (SOC) analysts to reduce excessive risks for cloud-native applications and to embed security across the continuous integration and continuous delivery (CI/CD) lifecycle.

Why do organizations need a CNAPP for modern cloud security?

A CNAPP directly addresses critical challenges faced by cloud security teams as they aim to strengthen their security posture, detect and respond to threats, and prevent critical data breaches:

• The need for “shifting security left” into the DevOps pipeline: Development and security teams need to be empowered to collaborate to embed security into the code itself so that cloud-native applications can start secure and stay secure.
• Lack of visibility and prioritization in managing multicloud security posture: The dynamic nature of cloud-native applications creates flexibility but also blind spots for posture management. Multicloud and hybrid scenarios add to the complexity, making a centralized, prioritized view with contextual security insights crucial to reducing recommendation fatigue and helping security teams focus on what matters.
• Advanced threat actors and increasing cost of breach: The evolving threat landscape worsens the threat response challenge, resulting in SOC analysts and security admin teams that are overwhelmed by mounting threat signals.
• Mismanaged and misconfigured cloud infrastructure entitlement: Security admins also worry about overprivileged access to infrastructure, which can leave room for exploitation and infiltration.

Key CNAPP capabilities

Security teams need an end-to-end platform for cloud security. This means security integration into DevOps, visibility across their multicloud environments, a prioritized view of their most critical vulnerabilities and misconfigurations, built-in governance and automated remediation tools, and the means to detect and respond to modern threats across their cloud workloads.

To achieve this, an effective CNAPP should combine capabilities across cloud security posture management, DevOps security management, cloud workload protection, cloud infrastructure entitlement management, and network security.

Microsoft is recognized as a Representative Vendor in the Gartner® 2023 Market Guide for Cloud-Native Application Protection Platforms (CNAPPs).

Microsoft’s unified CNAPP includes:

• Cloud security posture management (CSPM): CSPM solutions provide visibility across multicloud and hybrid environments from development to runtime, provide alerts and recommendations to security teams on critical vulnerabilities and misconfigurations that could lead to issues, and have built-in workflows to strengthen security posture and help drive remediation (and at scale). Microsoft Defender Cloud Security Posture Management in Defender for Cloud helps cut through the noise to focus on remediating your most critical risk with integrated insights across the SOC, DevOps, External Attack Surface Management (EASM), identity and access management, and compliance. It has a single connected view in the cloud security graph with attack path analysis to help security teams identify exploitable resource paths and the built-in tools to mitigate risk across cloud environments.
• Cloud workload protection (CWP): CWP solutions are comprehensive services that provide real-time detection and response to modern threats across your cloud workloads including virtual machines, containers and Kubernetes, databases, storage accounts, network layers, app Services, and more. Cloud Workload Protection in Defender for Cloud analyzes workloads using advanced analytics and threat intelligence to help reduce the attack surface and respond to emerging threats quickly. The integrated experience with Microsoft 365 Defender and Microsoft Sentinel enables a comprehensive detection and response solution for a modern security operations center.
• DevOps security: Microsoft Defender for DevOps in Defender for Cloud empowers security teams to unify, strengthen, and manage multipipeline DevOps security, shift security left, and enable code-to-cloud protections in a central console. This solution helps security teams rightfully focus on critical evolving threats by enabling the security of Infrastructure as Code (IaC) templates and container images to minimize cloud misconfigurations reaching production environments, and correlate contextual cloud security intelligence from runtime to dev platforms to prioritize remediation in code.
• Cloud infrastructure entitlement management (CIEM): Permissions give identities the ability to perform an action on a resource. Across major clouds, more than 40,000 permissions can be granted, of which over 50 percent are high risk, meaning they can cause service disruption, service degradation, or data leakage when used improperly.¹ To help support a viable multicloud strategy and avoid accidental or malicious permission misuse, streamlined permissions management is essential. Microsoft Entra Permissions Management helps you understand the real footprint of your cloud infrastructure entitlements, prevent permissions creep, and enforce the principle of least privilege across your multicloud environment. Defender for Cloud integrates with Permissions Management, enabling security teams to get unified visibility and recommendations in a central cloud security dashboard.
• Network security: Network security protects your cloud network infrastructure and applications from distributed denial-of-service, web application, and network attacks. Azure Network Security offers the full benefits of cloud-native services for securing your cloud and hybrid network infrastructure and applications. Based on Zero Trust network security, Azure Network Security is designed to provide organizations with granular segmentation controls, intelligent threat protection by Microsoft Threat Intelligence, traffic encryption in transit and at rest, and private access linking to infrastructure as a service (IaaS), platform as a service (PaaS), and on-premises resources. Defender for Cloud continuously analyzes the security state of  Azure resources for network security best practices. Security teams can get adaptive recommendations for network hardening in a central place and use the end-to-end view to improve security posture across network infrastructure and applications.

Microsoft’s CNAPP: Comprehensive cloud-native protection with unparalleled integrated insights

Microsoft’s comprehensive CNAPP seamlessly combines security and compliance capabilities into a single platform to provide end-to-end cloud security for full-stack workloads across Amazon Web Services, Google Cloud Platform, and Azure Cloud Services. Security admins no longer need to manually synthesize data and tools across products, and instead can proactively address security threats across their multicloud and hybrid environments in a single platform.

Defender for Cloud is empowering security teams with a more comprehensive and differentiated approach:

• Integrated CNAPP capabilities and more in a single portal on a single platform: All managed in Microsoft Defender for Cloud, organizations get centralized visibility and integrated insights across Azure Network Security, Permissions Management, Microsoft 365 Defender for detection and response, and Microsoft Sentinel for security information and event management and security orchestration, automation, and response capabilities.
• Additional capabilities to accelerate cloud-native protection: Further, Defender for Cloud’s integration with Microsoft Defender External Attack Surface Management enables true identification of internet-exposed resources, augmenting signals from configurations and cloud APIs.
• Protection across your multicloud data estate: Security teams can enable comprehensive data protection in cloud storage and SQL database resources across PaaS, IaaS, and open-source databases, and detect potential threats to data such as brute-force attacks, SQL injection, and suspicious data extraction.
• Full lifecycle protection: Microsoft helps security teams minimize vulnerabilities from making it to production with code scanning and IaC scanning, and reduce time to remediate with integrated workflows into developer environments. Microsoft Defender for DevOps integrations with Azure DevOps and GitHub unify multipipeline DevOps security and ensure secure development.
• Unparalleled view of the evolving threat landscape: Defender for Cloud leverages leverages the comprehensive threat intelligence coming from synthesizing 65 trillion signals a day to identify emerging threat vectors and help security teams respond quickly.  
• Cloud scale and integrated CNAPP: Defender for Cloud is designed with scale and insights gained from running Microsoft Azure, one of the leading public cloud platforms in the industry. Microsoft is the only public cloud provider to enable a CNAPP solution natively in the cloud portal, helping security teams simplify security management in Azure and extend it to other clouds.

Even with these capabilities, Microsoft is only getting started. And our continued investments for ushering the next wave of cloud-native security is featured in Omdia’s February report on Defender for Cloud, “Microsoft is developing a full cloud-native security platform.“

More innovations to come

To learn more about critical upcoming CNAPP innovations in Microsoft Defender for Cloud, register to join me at Microsoft Secure, our free, virtual Microsoft Security event on March 28, 2023, as I’ll share news in Breakout Session 11, “Protect multicloud environments with cloud-native security innovations.” And immediately following this session, attend our CNAPP interactive product session (CATE11) to get your questions answered.

You can also explore Microsoft Defender for Cloud and sign up for a free trial today.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹2021 State of Cloud Permissions Risks Report, Microsoft. 2021.

Gartner® , Market Guide for Cloud-Native Application Protection Platforms, March 14, 2023. Neil MacDonald, et al.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

The post The next wave of multicloud security with Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP) appeared first on Microsoft Security Blog.