Sensitive data & Data Security Dashboard

Table of Contents

Data-aware security posture in Defender for Cloud

Microsoft have brought a new data-aware security posture feature for Defender for Cloud. It helps you to reduce risk to data, and respond to data breaches.

Using data-aware security posture you can:

  • Automatically discover sensitive data resources across multiple clouds.
  • Evaluate data sensitivity, data exposure, and how data flows across the organization.
  • Proactively and continuously uncover risks that might lead to data breaches.
  • Detect suspicious activities that might indicate ongoing threats to sensitive data resources.

Automatic discovery

Data-aware security posture automatically and continuously discovers managed and shadow data resources across clouds, including different types of objects stores and databases.

  • Discover sensitive data using the sensitive data discovery extension that’s included in the Defender Cloud Security Posture Management (CSPM) and Defender for Storage plans.
  • In addition, you can discover hosted databases and data flows in Cloud Security Explorer and Attack Paths. This functionality is available in the Defender CSPM plan, and isn’t dependent on the sensitive data discovery extension.

Data sensitivity settings

Data sensitivity settings define what’s considered sensitive data in your organization. 

Data sensitivity values in Defender for Cloud are based on:

  • Predefined sensitive information types: Defender for Cloud uses the built-in sensitive information types in Microsoft Purview. This ensures consistent classification across services and workloads. Some of these types are enabled by default in Defender for Cloud. You can modify these defaults.
  • Custom information types/labels: You can optionally import custom sensitive information types and labels that you’ve defined in the Microsoft Purview compliance portal.
  • Sensitive data thresholds: In Defender for Cloud you can set the threshold for sensitive data labels. The threshold determines minimum confidence level for a label to be marked as sensitive in Defender for Cloud. Thresholds make it easier to explore sensitive data.

Attack paths

You can discover risk of data breaches by attack paths of internet-exposed VMs that have access to sensitive data stores. Hackers can exploit exposed VMs to move laterally across the enterprise to access these stores.

Insights to Attack path reference list.

Cloud security explorer

Cloud Security Explorer helps you identify security risks in your cloud environment by running graph-based queries on Cloud Security Graph.

Leverage Cloud Security Explorer query templates, or build your own queries, to find insights about misconfigured data resources that are publicly accessible and contain sensitive data, across multicloud environments. 

Insights to Cloud Security graph components list.

Data security in Defender for Storage

Defender for Storage monitors Azure storage accounts with advanced threat detection capabilities. It detects potential data breaches by identifying harmful attempts to access or exploit data, and by identifying suspicious configuration changes that could lead to a breach.

When early suspicious signs are detected, Defender for Storage generates security alerts, allowing security teams to quickly respond and mitigate.

By applying sensitivity information types and Microsoft Purview sensitivity labels on storage resources, you can easily prioritize the alerts and recommendations that focus on sensitive data.

Data Security Dashboard

Key features

The data security dashboard provides a centralized, complete and current view of the state of your cloud data estate. The data security dashboard helps you to:

  • Discover your complete multi-cloud data estate across managed and hosted data resources.
  • Understand your Defender for Cloud protection coverage and gaps across data resources.
  • Gain insight which protected data resources contain sensitive data and the types of sensitive information it contains.
  • Use built-in data query templates to speed up cloud security explorer results
  • Focus on sensitive data resources that require attention as a result of active threats or potential risks to your sensitive data
  • View changing trends of resources with sensitive data that require attention to analyze improvement of data security posture over time.

How to enable it?

To enable Data security dashboard you need to enable:

  • Defender for CSPM plan fully enabled, including sensitive data discovery
  • Workload protection for database and storage to explore active risks

NOTE.  Dashboard works only  in commercial clouds. And it is in public preview.

More support and prerequisites here.

Data security overview section

The data security overview section provides a general overview of your cloud data estate, per cloud, including all data resources, divided into storage assets, managed databases, and hosted databases (IaaS).

Top issues

The Top issues section provides a highlighted view of top active and potential risks to sensitive data.

  • Sensitive data resources with high severity alerts – summarizes the active threats to sensitive data resources and which data types are at risk.

  • Sensitive data resources in attack paths – summarizes the potential threats to sensitive data resources by presenting attack paths leading to sensitive data resources and which data types are at potential risk.

  • Data queries in security explorer – presents the top data-related queries in security explorer that helps focus on multicloud risks to sensitive data.

Closer look

The Closer look section provides a more detailed view into the sensitive data within the organization.

  • Sensitive data discovery – summarizes the results of the sensitive resources discovered, allowing customers to explore a specific sensitive information type and label.

  • Internet-exposed data resources – summarizes the discovery of sensitive data resources that are internet-exposed for storage and managed databases.

You can select the Manage data sensitivity settings to get to the Data sensitivity page. The Data sensitivity page allows you to manage the data sensitivity settings of cloud resources at the tenant level, based on selective info types and labels originating from the Purview compliance portal, and customize sensitivity settings such as creating your own customized info types and labels, and setting sensitivity label thresholds.

Data resources security status

Sensitive resources status over time – displays how data security evolves over time with a graph that shows the number of sensitive resources affected by alerts, attack paths, and recommendations within a defined period (last 30, 14, or 7 days).

Conclusion

It is nice that Microsoft is bringing sentisive data-awareness also to Microsoft Defender for Cloud because otherwise customer’s  would need to use Microsoft Purview. It’s ok to use Purview but at least I like if all results are available from the same (Azure) portal.

If I would be the information security manager in any company I would definitely want to know where and what sensitive data in our company data sources reside. And is there possibility that data are exposed.

Securing them would be another headache but I could always buy the work somewhere else.

I changed the company lately. There are a LOT of data security and compliance competence in SULAVA

Picture of Jussi Metso
Jussi Metso
Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future.

Discover more from Jussi Metso

Subscribe to get the latest posts sent to your email.

DATA SECURITY DEFENDER FOR CLOUD

Related Posts

Discover more from Jussi Metso

Subscribe now to keep reading and get access to the full archive.

Continue reading