October 3, 2023October 3, 2023 Sensitive data & Data Security Dashboard Table of Contents Data-aware security posture in Defender for Cloud Microsoft have brought a new data-aware security posture feature for Defender for Cloud. It helps you to reduce risk to data, and respond to data breaches.Using data-aware security posture you can:Automatically discover sensitive data resources across multiple clouds.Evaluate data sensitivity, data exposure, and how data flows across the organization.Proactively and continuously uncover risks that might lead to data breaches.Detect suspicious activities that might indicate ongoing threats to sensitive data resources. Automatic discovery Data-aware security posture automatically and continuously discovers managed and shadow data resources across clouds, including different types of objects stores and databases.Discover sensitive data using the sensitive data discovery extension that’s included in the Defender Cloud Security Posture Management (CSPM) and Defender for Storage plans.In addition, you can discover hosted databases and data flows in Cloud Security Explorer and Attack Paths. This functionality is available in the Defender CSPM plan, and isn’t dependent on the sensitive data discovery extension. Data sensitivity settings Data sensitivity settings define what’s considered sensitive data in your organization. Data sensitivity values in Defender for Cloud are based on:Predefined sensitive information types: Defender for Cloud uses the built-in sensitive information types in Microsoft Purview. This ensures consistent classification across services and workloads. Some of these types are enabled by default in Defender for Cloud. You can modify these defaults.Custom information types/labels: You can optionally import custom sensitive information types and labels that you’ve defined in the Microsoft Purview compliance portal.Sensitive data thresholds: In Defender for Cloud you can set the threshold for sensitive data labels. The threshold determines minimum confidence level for a label to be marked as sensitive in Defender for Cloud. Thresholds make it easier to explore sensitive data. Attack paths You can discover risk of data breaches by attack paths of internet-exposed VMs that have access to sensitive data stores. Hackers can exploit exposed VMs to move laterally across the enterprise to access these stores.Insights to Attack path reference list. Cloud security explorer Cloud Security Explorer helps you identify security risks in your cloud environment by running graph-based queries on Cloud Security Graph.Leverage Cloud Security Explorer query templates, or build your own queries, to find insights about misconfigured data resources that are publicly accessible and contain sensitive data, across multicloud environments. Insights to Cloud Security graph components list. Data security in Defender for Storage Defender for Storage monitors Azure storage accounts with advanced threat detection capabilities. It detects potential data breaches by identifying harmful attempts to access or exploit data, and by identifying suspicious configuration changes that could lead to a breach.When early suspicious signs are detected, Defender for Storage generates security alerts, allowing security teams to quickly respond and mitigate.By applying sensitivity information types and Microsoft Purview sensitivity labels on storage resources, you can easily prioritize the alerts and recommendations that focus on sensitive data. Data Security Dashboard Key features The data security dashboard provides a centralized, complete and current view of the state of your cloud data estate. The data security dashboard helps you to:Discover your complete multi-cloud data estate across managed and hosted data resources.Understand your Defender for Cloud protection coverage and gaps across data resources.Gain insight which protected data resources contain sensitive data and the types of sensitive information it contains.Use built-in data query templates to speed up cloud security explorer resultsFocus on sensitive data resources that require attention as a result of active threats or potential risks to your sensitive dataView changing trends of resources with sensitive data that require attention to analyze improvement of data security posture over time. How to enable it? To enable Data security dashboard you need to enable:Defender for CSPM plan fully enabled, including sensitive data discoveryWorkload protection for database and storage to explore active risksNOTE. Dashboard works only in commercial clouds. And it is in public preview.More support and prerequisites here. Data security overview section The data security overview section provides a general overview of your cloud data estate, per cloud, including all data resources, divided into storage assets, managed databases, and hosted databases (IaaS). Top issues The Top issues section provides a highlighted view of top active and potential risks to sensitive data.Sensitive data resources with high severity alerts – summarizes the active threats to sensitive data resources and which data types are at risk.Sensitive data resources in attack paths – summarizes the potential threats to sensitive data resources by presenting attack paths leading to sensitive data resources and which data types are at potential risk.Data queries in security explorer – presents the top data-related queries in security explorer that helps focus on multicloud risks to sensitive data. Closer look The Closer look section provides a more detailed view into the sensitive data within the organization.Sensitive data discovery – summarizes the results of the sensitive resources discovered, allowing customers to explore a specific sensitive information type and label.Internet-exposed data resources – summarizes the discovery of sensitive data resources that are internet-exposed for storage and managed databases. You can select the Manage data sensitivity settings to get to the Data sensitivity page. The Data sensitivity page allows you to manage the data sensitivity settings of cloud resources at the tenant level, based on selective info types and labels originating from the Purview compliance portal, and customize sensitivity settings such as creating your own customized info types and labels, and setting sensitivity label thresholds.