Defender for Cloud – Part 11: Data and AI Security

Table of Contents

Note before the start. This is the final part of this DefenderForCloud series. It had originally almost double amount of parts but time and real-life struggles have decreased these and also my posts are usually very long so it takes a lot of time to write these. And I want to write also other topics than DefenderForCloud. But I have touched the different topics in these posts so I think there are no or just a few topics which are not yet mentioned.  Time of this series is coming to the end because summer is coming (and I need a break) and there are significant changes coming to DefenderForCloud.  And it’s no use to continue this forever.

What means Data and AI security in Defender for Cloud

In short it means Data Security Posture Management (DSPM) and AI workload security.

Microsoft says “

Data security posture management in Microsoft Defender for Cloud helps you reduce data risk and respond to data breaches. With data security posture management, you can:

  • Automatically discover sensitive data resources across multiple clouds.
  • Evaluate data sensitivity, data exposure, and how data flows across the organization.
  • Proactively and continuously uncover risks that might lead to data breaches.
  • Detect suspicious activities that might indicate ongoing threats to sensitive data resources.”

And for AI Security “

Defender for Cloud discovers AI workloads and identifies details of your organization’s AI BOM. This visibility allows you to identify and address vulnerabilities and protect generative AI applications from potential threats.

Defender for Cloud automatically and continuously discovers deployed AI workloads across the following services:

  • Azure OpenAI Service
  • Azure AI foundry
  • Azure Machine Learning
  • Amazon Bedrock
  • Google Vertex AI “

These two functions are compiled together for one dashboard. In short what you will see in the dashboard are the data and AI related resources in Azure or linked resources to Azure via data connectors.

Overview

The Data and AI security dashboard allows you to:

  • A unified view of all organizational data and AI resources in a single interface.
  • Gain insights into data storage locations and the types of resources that hold it.
  • Assess the protection coverage of data and AI resources.
  • View attack paths, recommendations, and data threat analysis in one location.
  • Mitigate critical threats and improve security posture in data and AI environments.
  • Discover useful data and AI insights by highlighting queries in the security explorer.
  • Identify and summarize sensitive data resources within your cloud data resource and AI assets
Data and AI Security Dashboard in two images (dashboard didn't fit to one image). Click to enlarge.

Pre-requisites

To use the dashboard fully you need to enable these per subscription:

  • Defender CSPM plan
  • Defender for storages plan
  • Defender for databases plan
  • AI workloads plan

and in DCSPM plan settings:

Also some subscription level resource providers are needed to use the Security Explorer:

  • Microsoft.Security/assessments/read
  • Microsoft.Security/assessments/subassessments/read
  • Microsoft.Security/alerts/read

NOTE: The comprehensive list of supported environments, platformes and resources for sensitive data discovery.

Data Security

Defender for Cloud provides visibility and contextual insights into your organizational security posture. With DCSPM  you can proactively identify and prioritize critical data risks, distinguishing them from less risky issues.

Data Security features for example sensitivity settings need these roles:

  • Compliance data administrator
  • Compliance administrator

so common roles like Security Administrator, Security Operator, Security Reader are not enough.

Top section of the data and AI dashboard. Click to enlarge.

In the top section you will see:

Scope shows the amouint of subscriptions which are included in the Dashboard (Azure, AWS, GCP).

All data shows the storages, databases and other sources for the Dashboard.

Coverage status shows the plans status; are they full or partially enabled.

Attention shows the amount of resources which has critical or high severities, alerts or recommendations.

The middle section of the data and AI dashboard. Click to enlarge.

In the middle section you see data related insights

  1. The amount of high severity alerts and the MITRE ATT&CK tactics for them
  2. The amount of critical and high severity recommendations and risk factors for them
  3. The amount of Critical and high severitys attack paths and risk factors for them
  4. The amount of sensitive data discovery info types and sensitivy labels if there are any.
  5. The data threat protection alerts on managed databases and storages by severity
  6. The data queries seen by Cloud Security Explorer
  7. The amount of Internet-faced data sources also seen by Cloud Security Explorer

AI Security

Defender for Cloud provides  insights from your organization’s AI security posture. You can reduce risks within your AI workloads using security recommendations and attack path analysis. But of course you need Defender CSPM plan to get those.

 

 

The bottom section of the data and AI dashboard. Click to enlarge.

In the bottom section you see

  1. The total amount of AI related resources and if possible divided to pre-recognized services
  2. AI threat detection divided to scanned prompts and detected alerts also by severity
  3. AI queries and Interned-faced resources seen by Cloud Security Explorer

The MDC Series (so far) ends here. Maybe sequel in the future. Thanks for reading.

The parts of the MDC blog series

 
Picture of Jussi Metso
Jussi Metso

Author is a a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future.

Discover more from Jussi Metso

Subscribe to get the latest posts sent to your email.

DEFENDER FOR CLOUD

Related Posts